Se connecter / S'enregistrer
Votre question

Probléme iexplore.exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Juin 2008 18:36:23

j'ai un problème quand je tape ctrl+alt+supr et que je vais dans processus il y a deux IEXPLORE.EXE qui me prennent beaucoup trop de mémoire vive. Lorsque je les supprime, ils reviennent 2 secondes plus tard. Aidez moi svp !! Merci d'avance

Autres pages sur : probleme iexplore exe

7 Juin 2008 19:03:56

Bonjour,

Peut-être LOP.

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    7 Juin 2008 23:22:42

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:21:24, on 07/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\WINDOWS\Explorer.EXE
    C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Bags Start.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [software new] C:\DOCUME~1\Ptit\APPLIC~1\RULEEX~1\GplFile64.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ptit\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
    O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
    O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 6387 bytes
    Contenus similaires
    7 Juin 2008 23:23:39

    Merci pour cette reponse rapide !
    8 Juin 2008 18:12:46

    Re,

    Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    8 Juin 2008 18:18:42

    we moi g fait avec lopxp et sa a marché
    8 Juin 2008 18:33:14

    C'est cool ^^
    8 Juin 2008 20:04:39

    -----------------------[ Lop S&D 4.2.1-3 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Ptit ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 08/06/2008 | 19:51:04,25 ] [ PC : MARIE ]
    [ MAJ : 07-06-2008 | 22:15 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [21/02/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [21/02/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [21/02/2008|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [07/06/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [21/05/2008|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [21/05/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [03/06/2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
    [21/02/2008|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [24/02/2008|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [24/02/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [01/06/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [02/06/2008|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [21/02/2008|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [01/06/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [21/02/2008|13:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [25/05/2008|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [21/02/2008|13:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [29/05/2008|12:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [21/02/2008|13:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [31/05/2008|17:08] C:\DOCUME~1\Ptit\APPLIC~1\Adobe
    [21/02/2008|15:36] C:\DOCUME~1\Ptit\APPLIC~1\ATI
    [21/02/2008|13:45] C:\DOCUME~1\Ptit\APPLIC~1\desktop.ini
    [07/06/2008|23:07] C:\DOCUME~1\Ptit\APPLIC~1\Dev-Cpp
    [21/02/2008|16:55] C:\DOCUME~1\Ptit\APPLIC~1\EoRezo
    [26/02/2008|20:00] C:\DOCUME~1\Ptit\APPLIC~1\Google
    [21/02/2008|15:40] C:\DOCUME~1\Ptit\APPLIC~1\Help
    [21/02/2008|13:54] C:\DOCUME~1\Ptit\APPLIC~1\Identities
    [21/02/2008|16:52] C:\DOCUME~1\Ptit\APPLIC~1\ItsLabel
    [21/02/2008|16:52] C:\DOCUME~1\Ptit\APPLIC~1\Macromedia
    [18/05/2008|13:50] C:\DOCUME~1\Ptit\APPLIC~1\Microsoft
    [21/02/2008|16:55] C:\DOCUME~1\Ptit\APPLIC~1\Mozilla
    [22/02/2008|21:16] C:\DOCUME~1\Ptit\APPLIC~1\Notepad++
    [21/02/2008|19:39] C:\DOCUME~1\Ptit\APPLIC~1\OpenOffice.org2
    [03/06/2008|12:32] C:\DOCUME~1\Ptit\APPLIC~1\rule extra meal
    [21/02/2008|14:38] C:\DOCUME~1\Ptit\APPLIC~1\Sun
    [21/02/2008|19:52] C:\DOCUME~1\Ptit\APPLIC~1\Talkback
    [26/02/2008|20:01] C:\DOCUME~1\Ptit\APPLIC~1\WinRAR

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [08/06/2008 19:00][--ah-----] C:\WINDOWS\tasks\AE7F613A918911C2.job
    [08/06/2008 16:00][--a------] C:\WINDOWS\tasks\HPpromotions journeysoftware.job
    [08/06/2008 19:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    AE7F613A918911C2.job <--> c:\docume~1\ptit\applic~1\ruleex~1\Gramfunksend.exe

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [21/02/2008|19:16] C:\Program Files\Adobe
    [22/03/2008|12:13] C:\Program Files\Alcohol Soft
    [21/02/2008|14:36] C:\Program Files\Alwil Software
    [21/02/2008|14:28] C:\Program Files\Analog Devices
    [21/02/2008|15:35] C:\Program Files\ATI Technologies
    [21/02/2008|19:00] C:\Program Files\Circle Developement
    [21/02/2008|13:04] C:\Program Files\ComPlus Applications
    [27/03/2008|18:42] C:\Program Files\EA GAMES
    [07/06/2008|17:53] C:\Program Files\EasyPHP 2.0b1
    [01/06/2008|19:54] C:\Program Files\Fichiers communs
    [28/05/2008|20:06] C:\Program Files\FileSubmit
    [07/06/2008|17:55] C:\Program Files\Gamenext
    [01/06/2008|19:55] C:\Program Files\GamesBar
    [07/06/2008|18:13] C:\Program Files\Google
    [21/05/2008|18:29] C:\Program Files\Hewlett-Packard
    [21/05/2008|18:29] C:\Program Files\HP
    [24/02/2008|22:00] C:\Program Files\InstallShield Installation Information
    [08/06/2008|15:14] C:\Program Files\Internet Explorer
    [09/05/2008|19:10] C:\Program Files\Java
    [21/02/2008|16:22] C:\Program Files\Messenger
    [03/04/2008|20:11] C:\Program Files\Messenger Plus! Live
    [25/05/2008|23:31] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [21/02/2008|13:08] C:\Program Files\microsoft frontpage
    [22/02/2008|20:31] C:\Program Files\Microsoft Office
    [24/02/2008|21:55] C:\Program Files\Microsoft Visual Studio .NET
    [22/02/2008|20:31] C:\Program Files\Microsoft.NET
    [21/02/2008|13:05] C:\Program Files\Movie Maker
    [08/06/2008|19:47] C:\Program Files\Mozilla Firefox
    [11/03/2008|22:11] C:\Program Files\MSN
    [21/02/2008|13:03] C:\Program Files\MSN Gaming Zone
    [25/05/2008|23:26] C:\Program Files\MSXML 4.0
    [22/02/2008|20:49] C:\Program Files\NetBeans 6.0M10
    [21/02/2008|13:05] C:\Program Files\NetMeeting
    [21/02/2008|16:58] C:\Program Files\Notepad++
    [29/05/2008|12:03] C:\Program Files\OneStepSearch
    [21/02/2008|13:03] C:\Program Files\Online Services
    [21/02/2008|23:58] C:\Program Files\Outlook Express
    [21/02/2008|19:21] C:\Program Files\Panicware
    [03/06/2008|12:29] C:\Program Files\rule extra meal
    [21/02/2008|13:06] C:\Program Files\Services en ligne
    [21/02/2008|23:43] C:\Program Files\sqldeveloper
    [21/02/2008|23:40] C:\Program Files\Sun
    [07/06/2008|23:19] C:\Program Files\Trend Micro
    [21/02/2008|13:54] C:\Program Files\Uninstall Information
    [21/02/2008|18:59] C:\Program Files\Windows Live
    [21/02/2008|16:21] C:\Program Files\Windows Media Player
    [21/02/2008|13:03] C:\Program Files\Windows NT
    [21/02/2008|13:06] C:\Program Files\WindowsUpdate
    [26/02/2008|20:01] C:\Program Files\WinRAR
    [21/02/2008|13:08] C:\Program Files\xerox
    [01/06/2008|19:24] C:\Program Files\Zylom Games

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [21/02/2008|19:17] C:\Program Files\Fichiers communs\Adobe
    [22/02/2008|20:32] C:\Program Files\Fichiers communs\DESIGNER
    [21/05/2008|18:27] C:\Program Files\Fichiers communs\Hewlett-Packard
    [21/05/2008|18:35] C:\Program Files\Fichiers communs\HP
    [21/02/2008|15:34] C:\Program Files\Fichiers communs\InstallShield
    [21/02/2008|14:38] C:\Program Files\Fichiers communs\Java
    [02/06/2008|13:23] C:\Program Files\Fichiers communs\Microsoft Shared
    [21/02/2008|13:05] C:\Program Files\Fichiers communs\MSSoap
    [01/06/2008|19:54] C:\Program Files\Fichiers communs\Oberon Media
    [21/02/2008|13:46] C:\Program Files\Fichiers communs\ODBC
    [21/02/2008|13:05] C:\Program Files\Fichiers communs\Services
    [21/02/2008|13:46] C:\Program Files\Fichiers communs\SpeechEngines
    [21/02/2008|23:58] C:\Program Files\Fichiers communs\System
    [21/02/2008|18:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    ---------------------------[ Process ]--------------------------

    ... 38

    iexplore.exe ~ [3168]
    iexplore.exe ~ [3256]

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Bags Start.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\ajkqvrxo.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\flag bolt dart that.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\GplFile64.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\Gram funk send.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\gwtnihld.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\hqdmngaz.exe
    C:\Program Files\ruleex~1
    C:\Program Files\Circle Developement
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\WINDOWS\Prefetch\BAGS START.EXE-2BDBF5F2.pf
    C:\WINDOWS\Prefetch\GPLFILE64.EXE-1AD87FBD.pf
    C:\WINDOWS\Prefetch\GRAM FUNK SEND.EXE-067AC566.pf
    C:\WINDOWS\Prefetch\HQDMNGAZ.EXE-24264FD3.pf
    C:\DOCUME~1\Ptit\Cookies\ptit@www.adserver5[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@adin.bigpoint[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@bigpoint[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@fr.bigpoint[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@fr1.seafight.bigpoint[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@banner.casinoking[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@casinoking[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@cotedazurpalace[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@adopt.euroclick[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@pacificpoker[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@partygaming.122.2o7[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@partypoker[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@fr1.seafight.bigpoint[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@32vegas[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@banner.32vegas[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@vegasred[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@www.vegasred[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@2xmoinscher[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@www.2xmoinscher[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@888[2].txt
    C:\WINDOWS\Tasks\AE7F613A918911C2.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "software new"="C:\\DOCUME~1\\Ptit\\APPLIC~1\\RULEEX~1\\GplFile64.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "stupid creative poll axis"="C:\\Documents and Settings\\All Users\\Application Data\\Memo save stupid creative\\Bags Start.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    -> 72 ( 70 ## added by CiD )

    /!\ 1 Not 127.0.0.1 !!

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-08 19:52:17
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\Documents and Settings\Ptit\Recent\crack.lnk


    [F:135][D:10]-> C:\DOCUME~1\Ptit\LOCALS~1\Temp
    [F:321][D:0]-> C:\DOCUME~1\Ptit\Cookies
    [F:3693][D:9]-> C:\DOCUME~1\Ptit\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 19:53:38,21 ]----------------------
    8 Juin 2008 20:06:44

    -----------------------[ Lop S&D 4.2.1-3 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Ptit ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 08/06/2008 | 19:51:04,25 ] [ PC : MARIE ]
    [ MAJ : 07-06-2008 | 22:15 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [21/02/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [21/02/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [21/02/2008|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [07/06/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [21/05/2008|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [21/05/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [03/06/2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
    [21/02/2008|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [24/02/2008|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [24/02/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [01/06/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [02/06/2008|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [21/02/2008|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [01/06/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [21/02/2008|13:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [25/05/2008|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [21/02/2008|13:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [29/05/2008|12:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [21/02/2008|13:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [31/05/2008|17:08] C:\DOCUME~1\Ptit\APPLIC~1\Adobe
    [21/02/2008|15:36] C:\DOCUME~1\Ptit\APPLIC~1\ATI
    [21/02/2008|13:45] C:\DOCUME~1\Ptit\APPLIC~1\desktop.ini
    [07/06/2008|23:07] C:\DOCUME~1\Ptit\APPLIC~1\Dev-Cpp
    [21/02/2008|16:55] C:\DOCUME~1\Ptit\APPLIC~1\EoRezo
    [26/02/2008|20:00] C:\DOCUME~1\Ptit\APPLIC~1\Google
    [21/02/2008|15:40] C:\DOCUME~1\Ptit\APPLIC~1\Help
    [21/02/2008|13:54] C:\DOCUME~1\Ptit\APPLIC~1\Identities
    [21/02/2008|16:52] C:\DOCUME~1\Ptit\APPLIC~1\ItsLabel
    [21/02/2008|16:52] C:\DOCUME~1\Ptit\APPLIC~1\Macromedia
    [18/05/2008|13:50] C:\DOCUME~1\Ptit\APPLIC~1\Microsoft
    [21/02/2008|16:55] C:\DOCUME~1\Ptit\APPLIC~1\Mozilla
    [22/02/2008|21:16] C:\DOCUME~1\Ptit\APPLIC~1\Notepad++
    [21/02/2008|19:39] C:\DOCUME~1\Ptit\APPLIC~1\OpenOffice.org2
    [03/06/2008|12:32] C:\DOCUME~1\Ptit\APPLIC~1\rule extra meal
    [21/02/2008|14:38] C:\DOCUME~1\Ptit\APPLIC~1\Sun
    [21/02/2008|19:52] C:\DOCUME~1\Ptit\APPLIC~1\Talkback
    [26/02/2008|20:01] C:\DOCUME~1\Ptit\APPLIC~1\WinRAR

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [08/06/2008 19:00][--ah-----] C:\WINDOWS\tasks\AE7F613A918911C2.job
    [08/06/2008 16:00][--a------] C:\WINDOWS\tasks\HPpromotions journeysoftware.job
    [08/06/2008 19:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    AE7F613A918911C2.job <--> c:\docume~1\ptit\applic~1\ruleex~1\Gramfunksend.exe

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [21/02/2008|19:16] C:\Program Files\Adobe
    [22/03/2008|12:13] C:\Program Files\Alcohol Soft
    [21/02/2008|14:36] C:\Program Files\Alwil Software
    [21/02/2008|14:28] C:\Program Files\Analog Devices
    [21/02/2008|15:35] C:\Program Files\ATI Technologies
    [21/02/2008|19:00] C:\Program Files\Circle Developement
    [21/02/2008|13:04] C:\Program Files\ComPlus Applications
    [27/03/2008|18:42] C:\Program Files\EA GAMES
    [07/06/2008|17:53] C:\Program Files\EasyPHP 2.0b1
    [01/06/2008|19:54] C:\Program Files\Fichiers communs
    [28/05/2008|20:06] C:\Program Files\FileSubmit
    [07/06/2008|17:55] C:\Program Files\Gamenext
    [01/06/2008|19:55] C:\Program Files\GamesBar
    [07/06/2008|18:13] C:\Program Files\Google
    [21/05/2008|18:29] C:\Program Files\Hewlett-Packard
    [21/05/2008|18:29] C:\Program Files\HP
    [24/02/2008|22:00] C:\Program Files\InstallShield Installation Information
    [08/06/2008|15:14] C:\Program Files\Internet Explorer
    [09/05/2008|19:10] C:\Program Files\Java
    [21/02/2008|16:22] C:\Program Files\Messenger
    [03/04/2008|20:11] C:\Program Files\Messenger Plus! Live
    [25/05/2008|23:31] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [21/02/2008|13:08] C:\Program Files\microsoft frontpage
    [22/02/2008|20:31] C:\Program Files\Microsoft Office
    [24/02/2008|21:55] C:\Program Files\Microsoft Visual Studio .NET
    [22/02/2008|20:31] C:\Program Files\Microsoft.NET
    [21/02/2008|13:05] C:\Program Files\Movie Maker
    [08/06/2008|19:47] C:\Program Files\Mozilla Firefox
    [11/03/2008|22:11] C:\Program Files\MSN
    [21/02/2008|13:03] C:\Program Files\MSN Gaming Zone
    [25/05/2008|23:26] C:\Program Files\MSXML 4.0
    [22/02/2008|20:49] C:\Program Files\NetBeans 6.0M10
    [21/02/2008|13:05] C:\Program Files\NetMeeting
    [21/02/2008|16:58] C:\Program Files\Notepad++
    [29/05/2008|12:03] C:\Program Files\OneStepSearch
    [21/02/2008|13:03] C:\Program Files\Online Services
    [21/02/2008|23:58] C:\Program Files\Outlook Express
    [21/02/2008|19:21] C:\Program Files\Panicware
    [03/06/2008|12:29] C:\Program Files\rule extra meal
    [21/02/2008|13:06] C:\Program Files\Services en ligne
    [21/02/2008|23:43] C:\Program Files\sqldeveloper
    [21/02/2008|23:40] C:\Program Files\Sun
    [07/06/2008|23:19] C:\Program Files\Trend Micro
    [21/02/2008|13:54] C:\Program Files\Uninstall Information
    [21/02/2008|18:59] C:\Program Files\Windows Live
    [21/02/2008|16:21] C:\Program Files\Windows Media Player
    [21/02/2008|13:03] C:\Program Files\Windows NT
    [21/02/2008|13:06] C:\Program Files\WindowsUpdate
    [26/02/2008|20:01] C:\Program Files\WinRAR
    [21/02/2008|13:08] C:\Program Files\xerox
    [01/06/2008|19:24] C:\Program Files\Zylom Games

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [21/02/2008|19:17] C:\Program Files\Fichiers communs\Adobe
    [22/02/2008|20:32] C:\Program Files\Fichiers communs\DESIGNER
    [21/05/2008|18:27] C:\Program Files\Fichiers communs\Hewlett-Packard
    [21/05/2008|18:35] C:\Program Files\Fichiers communs\HP
    [21/02/2008|15:34] C:\Program Files\Fichiers communs\InstallShield
    [21/02/2008|14:38] C:\Program Files\Fichiers communs\Java
    [02/06/2008|13:23] C:\Program Files\Fichiers communs\Microsoft Shared
    [21/02/2008|13:05] C:\Program Files\Fichiers communs\MSSoap
    [01/06/2008|19:54] C:\Program Files\Fichiers communs\Oberon Media
    [21/02/2008|13:46] C:\Program Files\Fichiers communs\ODBC
    [21/02/2008|13:05] C:\Program Files\Fichiers communs\Services
    [21/02/2008|13:46] C:\Program Files\Fichiers communs\SpeechEngines
    [21/02/2008|23:58] C:\Program Files\Fichiers communs\System
    [21/02/2008|18:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    ---------------------------[ Process ]--------------------------

    ... 38

    iexplore.exe ~ [3168]
    iexplore.exe ~ [3256]

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Bags Start.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\ajkqvrxo.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\flag bolt dart that.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\GplFile64.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\Gram funk send.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\gwtnihld.exe
    C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\hqdmngaz.exe
    C:\Program Files\ruleex~1
    C:\Program Files\Circle Developement
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\WINDOWS\Prefetch\BAGS START.EXE-2BDBF5F2.pf
    C:\WINDOWS\Prefetch\GPLFILE64.EXE-1AD87FBD.pf
    C:\WINDOWS\Prefetch\GRAM FUNK SEND.EXE-067AC566.pf
    C:\WINDOWS\Prefetch\HQDMNGAZ.EXE-24264FD3.pf
    C:\DOCUME~1\Ptit\Cookies\ptit@www.adserver5[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@adin.bigpoint[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@bigpoint[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@fr.bigpoint[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@fr1.seafight.bigpoint[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@banner.casinoking[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@casinoking[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@cotedazurpalace[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@adopt.euroclick[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@pacificpoker[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@partygaming.122.2o7[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@partypoker[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@fr1.seafight.bigpoint[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@32vegas[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@banner.32vegas[2].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@vegasred[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@www.vegasred[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@2xmoinscher[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@www.2xmoinscher[1].txt
    C:\DOCUME~1\Ptit\Cookies\ptit@888[2].txt
    C:\WINDOWS\Tasks\AE7F613A918911C2.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "software new"="C:\\DOCUME~1\\Ptit\\APPLIC~1\\RULEEX~1\\GplFile64.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "stupid creative poll axis"="C:\\Documents and Settings\\All Users\\Application Data\\Memo save stupid creative\\Bags Start.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    -> 72 ( 70 ## added by CiD )

    /!\ 1 Not 127.0.0.1 !!

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-08 19:52:17
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------



    [F:135][D:10]-> C:\DOCUME~1\Ptit\LOCALS~1\Temp
    [F:321][D:0]-> C:\DOCUME~1\Ptit\Cookies
    [F:3693][D:9]-> C:\DOCUME~1\Ptit\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 19:53:38,21 ]----------------------
    8 Juin 2008 20:50:28

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    14 Juin 2008 23:17:06

    merci pour ton aide les deux iexplore.exe sont partis mais j'ai un autre probleme c'est le virus win32:trojan-gen comment je fais pour le supprimer celui la?
    15 Juin 2008 11:39:44

    Certes, mais tu ne m'as pas posté le rapport.
    15 Juin 2008 12:38:27

    -----------------------[ Lop S&D 4.2.1-3 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Ptit ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 08/06/2008 | 20:16:46,81 ] [ PC : MARIE ]
    [ MAJ : 07-06-2008 | 22:15 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Bags Start.exe
    Supprimé! - C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\ajkqvrxo.exe
    Supprimé! - C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\flag bolt dart that.exe
    Supprimé! - C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\GplFile64.exe
    Supprimé! - C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\Gram funk send.exe
    Supprimé! - C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\gwtnihld.exe
    Supprimé! - C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1\hqdmngaz.exe
    Supprimé! - C:\Program Files\Circle Developement\Uninstall.exe
    Supprimé! - C:\WINDOWS\Prefetch\BAGS START.EXE-2BDBF5F2.pf
    Supprimé! - C:\WINDOWS\Prefetch\GPLFILE64.EXE-1AD87FBD.pf
    Supprimé! - C:\WINDOWS\Prefetch\GRAM FUNK SEND.EXE-067AC566.pf
    Supprimé! - C:\WINDOWS\Prefetch\HQDMNGAZ.EXE-24264FD3.pf
    Supprimé! - C:\DOCUME~1\Ptit\Cookies\ptit@www.adserver5[1].txt
    Supprimé! - C:\DOCUME~1\Ptit\Cookies\ptit@cotedazurpalace[1].txt
    Supprimé! - C:\WINDOWS\Tasks\AE7F613A918911C2.job
    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
    Supprimé! - C:\DOCUME~1\Ptit\APPLIC~1\ruleex~1
    Supprimé! - C:\Program Files\ruleex~1
    Supprimé! - C:\Program Files\Circle Developement
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [21/02/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [21/02/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [21/02/2008|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [07/06/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [21/05/2008|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [21/05/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [21/02/2008|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [24/02/2008|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [24/02/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [01/06/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [02/06/2008|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [21/02/2008|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [01/06/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [21/02/2008|13:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [25/05/2008|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [21/02/2008|13:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [29/05/2008|12:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [21/02/2008|13:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [31/05/2008|17:08] C:\DOCUME~1\Ptit\APPLIC~1\Adobe
    [21/02/2008|15:36] C:\DOCUME~1\Ptit\APPLIC~1\ATI
    [21/02/2008|13:45] C:\DOCUME~1\Ptit\APPLIC~1\desktop.ini
    [07/06/2008|23:07] C:\DOCUME~1\Ptit\APPLIC~1\Dev-Cpp
    [21/02/2008|16:55] C:\DOCUME~1\Ptit\APPLIC~1\EoRezo
    [26/02/2008|20:00] C:\DOCUME~1\Ptit\APPLIC~1\Google
    [21/02/2008|15:40] C:\DOCUME~1\Ptit\APPLIC~1\Help
    [21/02/2008|13:54] C:\DOCUME~1\Ptit\APPLIC~1\Identities
    [21/02/2008|16:52] C:\DOCUME~1\Ptit\APPLIC~1\ItsLabel
    [21/02/2008|16:52] C:\DOCUME~1\Ptit\APPLIC~1\Macromedia
    [18/05/2008|13:50] C:\DOCUME~1\Ptit\APPLIC~1\Microsoft
    [21/02/2008|16:55] C:\DOCUME~1\Ptit\APPLIC~1\Mozilla
    [22/02/2008|21:16] C:\DOCUME~1\Ptit\APPLIC~1\Notepad++
    [21/02/2008|19:39] C:\DOCUME~1\Ptit\APPLIC~1\OpenOffice.org2
    [21/02/2008|14:38] C:\DOCUME~1\Ptit\APPLIC~1\Sun
    [21/02/2008|19:52] C:\DOCUME~1\Ptit\APPLIC~1\Talkback
    [26/02/2008|20:01] C:\DOCUME~1\Ptit\APPLIC~1\WinRAR

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [08/06/2008 20:00][--a------] C:\WINDOWS\tasks\HPpromotions journeysoftware.job
    [08/06/2008 19:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [21/02/2008|19:16] C:\Program Files\Adobe
    [22/03/2008|12:13] C:\Program Files\Alcohol Soft
    [21/02/2008|14:36] C:\Program Files\Alwil Software
    [21/02/2008|14:28] C:\Program Files\Analog Devices
    [21/02/2008|15:35] C:\Program Files\ATI Technologies
    [21/02/2008|13:04] C:\Program Files\ComPlus Applications
    [27/03/2008|18:42] C:\Program Files\EA GAMES
    [07/06/2008|17:53] C:\Program Files\EasyPHP 2.0b1
    [01/06/2008|19:54] C:\Program Files\Fichiers communs
    [28/05/2008|20:06] C:\Program Files\FileSubmit
    [07/06/2008|17:55] C:\Program Files\Gamenext
    [01/06/2008|19:55] C:\Program Files\GamesBar
    [07/06/2008|18:13] C:\Program Files\Google
    [21/05/2008|18:29] C:\Program Files\Hewlett-Packard
    [21/05/2008|18:29] C:\Program Files\HP
    [24/02/2008|22:00] C:\Program Files\InstallShield Installation Information
    [08/06/2008|15:14] C:\Program Files\Internet Explorer
    [09/05/2008|19:10] C:\Program Files\Java
    [21/02/2008|16:22] C:\Program Files\Messenger
    [03/04/2008|20:11] C:\Program Files\Messenger Plus! Live
    [25/05/2008|23:31] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [21/02/2008|13:08] C:\Program Files\microsoft frontpage
    [22/02/2008|20:31] C:\Program Files\Microsoft Office
    [24/02/2008|21:55] C:\Program Files\Microsoft Visual Studio .NET
    [22/02/2008|20:31] C:\Program Files\Microsoft.NET
    [21/02/2008|13:05] C:\Program Files\Movie Maker
    [08/06/2008|20:15] C:\Program Files\Mozilla Firefox
    [11/03/2008|22:11] C:\Program Files\MSN
    [21/02/2008|13:03] C:\Program Files\MSN Gaming Zone
    [25/05/2008|23:26] C:\Program Files\MSXML 4.0
    [22/02/2008|20:49] C:\Program Files\NetBeans 6.0M10
    [21/02/2008|13:05] C:\Program Files\NetMeeting
    [21/02/2008|16:58] C:\Program Files\Notepad++
    [29/05/2008|12:03] C:\Program Files\OneStepSearch
    [21/02/2008|13:03] C:\Program Files\Online Services
    [21/02/2008|23:58] C:\Program Files\Outlook Express
    [21/02/2008|19:21] C:\Program Files\Panicware
    [21/02/2008|13:06] C:\Program Files\Services en ligne
    [21/02/2008|23:43] C:\Program Files\sqldeveloper
    [21/02/2008|23:40] C:\Program Files\Sun
    [07/06/2008|23:19] C:\Program Files\Trend Micro
    [21/02/2008|13:54] C:\Program Files\Uninstall Information
    [21/02/2008|18:59] C:\Program Files\Windows Live
    [21/02/2008|16:21] C:\Program Files\Windows Media Player
    [21/02/2008|13:03] C:\Program Files\Windows NT
    [21/02/2008|13:06] C:\Program Files\WindowsUpdate
    [26/02/2008|20:01] C:\Program Files\WinRAR
    [21/02/2008|13:08] C:\Program Files\xerox
    [01/06/2008|19:24] C:\Program Files\Zylom Games

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [21/02/2008|19:17] C:\Program Files\Fichiers communs\Adobe
    [22/02/2008|20:32] C:\Program Files\Fichiers communs\DESIGNER
    [21/05/2008|18:27] C:\Program Files\Fichiers communs\Hewlett-Packard
    [21/05/2008|18:35] C:\Program Files\Fichiers communs\HP
    [21/02/2008|15:34] C:\Program Files\Fichiers communs\InstallShield
    [21/02/2008|14:38] C:\Program Files\Fichiers communs\Java
    [02/06/2008|13:23] C:\Program Files\Fichiers communs\Microsoft Shared
    [21/02/2008|13:05] C:\Program Files\Fichiers communs\MSSoap
    [01/06/2008|19:54] C:\Program Files\Fichiers communs\Oberon Media
    [21/02/2008|13:46] C:\Program Files\Fichiers communs\ODBC
    [21/02/2008|13:05] C:\Program Files\Fichiers communs\Services
    [21/02/2008|13:46] C:\Program Files\Fichiers communs\SpeechEngines
    [21/02/2008|23:58] C:\Program Files\Fichiers communs\System
    [21/02/2008|18:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    ---------------------------[ Process ]--------------------------

    ... 35

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-08 20:17:54
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    [F:135][D:10]-> C:\DOCUME~1\Ptit\LOCALS~1\Temp
    [F:49][D:0]-> C:\DOCUME~1\Ptit\Cookies
    [F:3698][D:9]-> C:\DOCUME~1\Ptit\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 20:18:48,71 ]----------------------

    pardon
    15 Juin 2008 12:42:00

    Bien, poste un nouveau rapport HijackThis.
    16 Juin 2008 13:16:21

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:15:45, on 16/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ptit\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
    O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
    O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 5905 bytes
    16 Juin 2008 13:56:22

    Re,

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Eorezo & co

    - Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK

    Tu recocheras après.

    Puis supprime les dossiers correspondants :
  • Dans Programfiles
  • Dans Programfiles\Fichiers communs
  • Dans %allusersprofile%\application data
    ( XP -> C:\Documents and Settings\All users\Application Data,
    Vista -> C:\Users\ton nom\appdata\roaming)
  • Etc ... (Tu peux rechercher les dossiers à supprimer par une recherche Windows [Démarrer\rechercher])

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.
    16 Juin 2008 14:21:21

    deja je n'ai pas trouvé Eorezo & co dans ajout/sup
    puis les dossiers que tu me dis de supprimer je n'ai pas trés bien compris dsl il faut que je supprime lesquels? pas tous ceux de programfiles
    16 Juin 2008 15:08:03

    Tu dois désinstaller via ajout/supp de programmes Eorezo , et compagnique ( je ne connais pas par coeur les noms des programmes d'eorezo ;)  ).
    Ensuite tu supprimes les dossiers correspondants par ex, eorezo dans les dossiers que je t'ai indiqué.
    16 Juin 2008 15:24:12

    il n'y est pas dans ajout/supp de programme :-)
    16 Juin 2008 16:11:35

    Ok, fais la suite :) 
    16 Juin 2008 21:03:20

    Avira AntiVir Personal
    Report file date: lundi 16 juin 2008 19:16

    Scanning for 1165085 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: Ptit
    Computer name: MARIE

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
    ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
    Engineversion : 8.1.0.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:44
    AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:44
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
    AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:42
    AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:44
    AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:44
    AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:43
    AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:32
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, I:, A:, E:, F:, H:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 16 juin 2008 19:16

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'onestep.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
    Scan process 'TNSLSNR.EXE' - '1' Module(s) have been scanned
    Scan process 'oracle.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'onestep.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'I:\'
    [INFO] No virus was found!
    Boot sector 'A:\'
    [INFO] In the drive 'A:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '29' files ).


    Starting the file scan:

    Begin scan in 'C:\' <LOGICIEL>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Lop SD\Backup-Lop\F\Uninstall.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\WPA_Kill.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\drivers\atapi.sys
    [WARNING] The file could not be opened!
    Begin scan in 'I:\' <JEUX>
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'H:\' <Sims2EP7>


    End of the scan: lundi 16 juin 2008 20:56
    Used time: 1:39:30 min

    The scan has been done completely.

    7127 Scanning directories
    355081 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    2 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    355079 Files not concerned
    1329 Archives were scanned
    2 Warnings
    2 Notes
    16 Juin 2008 21:17:42

    Bien, poste un nouveau rapport HJT.
    16 Juin 2008 22:28:00

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:27:45, on 16/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\WINDOWS\Explorer.EXE
    c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ptit\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
    O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
    O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 5973 bytes
    17 Juin 2008 10:31:58

    Re,

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    *********

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    17 Juin 2008 22:46:12

    Malwarebytes' Anti-Malware 1.17
    Version de la base de données: 863

    18:47:00 17/06/2008
    mbam-log-6-17-2008 (18-47-00).txt

    Type de recherche: Examen complet (C:\|I:\|)
    Eléments examinés: 104090
    Temps écoulé: 2 hour(s), 24 minute(s), 33 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 7

    Processus mémoire infecté(s):
    C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.
    C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneStep Search Service (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Delete on reboot.

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{2C1C9135-9152-4399-B9A3-1767B5378AF1}\RP63\A0017509.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Delete on reboot.
    C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    C:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    C:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    18 Juin 2008 11:12:45

    Poste un dernier rapport HIjackThis.
    Toujours des dysfonctionnements ?
    18 Juin 2008 12:19:09

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:19:02, on 18/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ptit\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
    O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
    O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 5400 bytes
    18 Juin 2008 12:27:35

    il n'y a plus rien merci beaucoup de m'avoir aidé
    18 Juin 2008 12:36:35

    Re,

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, Avg (ou MBAM) et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Lop.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    20 Juin 2008 16:00:07

    XmichouX tu est un génie sa fai 1 semaine que je cherche une solution efficace et ton ptit logiciel est super efficace merci beaucoup
    20 Juin 2008 16:26:34

    Ce n'est pas mon logiciel :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS