Votre question

PC infecté [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Avril 2008 19:37:35

Pourriez-vous m'aider à désinfecter mon PC ? comme je vous l'explique dans mon précédent message, j'ai des pages de pubs qui s'ouvrent de façon intempestives : comme faire pour m'en débarrasser ? Je vous ai envoyé un rapport mais je n'ai pas de réponse. Est-ce normal?

Autres pages sur : infecte resolu

27 Avril 2008 19:59:38

Bonjour,

Il arrive parfois que des posts passe au travers...

Repost le rapport. :) 



27 Avril 2008 21:08:16

Merci ! voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:51, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.msn.fr/spbasic.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "c:\documents and settings\nicou\application data\errorsafefrenchnewreleaseinstall[1].exe" -nag
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NOUNBALM] C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\firstpileaim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxentelechargement.orange.fr/orange2.0/games/c...
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://contacts.orange.fr/wfr_webab/VoxsyncX.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://jeuxenligne.orange.fr/online2/mahjong_escape_anc...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 8869 bytes
Contenus similaires
28 Avril 2008 22:37:58

et maintenant, je fais quoi ?
29 Avril 2008 20:21:59

:hello:  Bonjour,

1) Un peu de politesse serait la bienvenue, comme bonjour ou merci :) 

2) Télécharge Lop S&D.exe ( d’ Eric 71 & Angeldark ) sur ton bureau. ~>Tuto<~
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )
    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    :) 
    2 Mai 2008 20:31:39


    -----------------------[ Lop S&D 4.2.0-3 XP/Vista ]---------------------
    Tout d'abord bonsoir, tu as raison ma question était un peu abrupte, mais ne se voulait pas autoritaire ! merci donc de ton aide, voici le rapport :


    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Nicou ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 02/05/2008 | 20:26:56,26 ] [ PC : Nicole ]
    [ MAJ : 30-04-2008 | 18:35 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [07/08/2007|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
    [06/12/2007|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    [23/01/2007|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [05/05/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [05/05/2006|11:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [16/08/2004|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/05/2007|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
    [07/03/2008|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
    [15/04/2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
    [09/04/2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
    [09/04/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
    [26/05/2007|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [06/12/2007|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA
    [05/05/2006|00:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [05/05/2006|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [20/12/2007|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
    [19/04/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
    [19/04/2008|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [15/04/2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [04/11/2007|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    [09/07/2006|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [07/12/2006|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayTime
    [22/11/2006|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [02/05/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons
    [05/05/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [05/05/2006|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [15/04/2008|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [05/05/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [06/07/2006|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [16/02/2007|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [04/03/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [26/08/2007|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [16/08/2004|17:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [05/12/2007|20:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
    [05/12/2007|20:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
    [15/04/2007|13:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [29/11/2006|19:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [13/04/2007|23:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [22/01/2007|19:23] C:\DOCUME~1\Nicou\APPLIC~1\Adobe
    [24/01/2007|12:21] C:\DOCUME~1\Nicou\APPLIC~1\AdobeUM
    [09/04/2008|19:59] C:\DOCUME~1\Nicou\APPLIC~1\Big Fish Games
    [31/03/2007|14:33] C:\DOCUME~1\Nicou\APPLIC~1\CyberLink
    [16/08/2004|17:55] C:\DOCUME~1\Nicou\APPLIC~1\desktop.ini
    [10/11/2007|19:08] C:\DOCUME~1\Nicou\APPLIC~1\DivX
    [08/04/2007|19:26] C:\DOCUME~1\Nicou\APPLIC~1\EoRezo
    [07/03/2008|19:35] C:\DOCUME~1\Nicou\APPLIC~1\FloodLightGames
    [04/05/2006|16:09] C:\DOCUME~1\Nicou\APPLIC~1\FotoWire
    [09/09/2006|13:03] C:\DOCUME~1\Nicou\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log
    [26/06/2006|16:43] C:\DOCUME~1\Nicou\APPLIC~1\Google
    [19/05/2006|16:11] C:\DOCUME~1\Nicou\APPLIC~1\Help
    [06/12/2007|19:22] C:\DOCUME~1\Nicou\APPLIC~1\Hotbar
    [26/08/2007|19:37] C:\DOCUME~1\Nicou\APPLIC~1\Identities
    [19/04/2008|19:08] C:\DOCUME~1\Nicou\APPLIC~1\InstallShield
    [30/07/2007|15:03] C:\DOCUME~1\Nicou\APPLIC~1\iWin
    [15/04/2007|15:59] C:\DOCUME~1\Nicou\APPLIC~1\Lavasoft
    [10/05/2006|09:27] C:\DOCUME~1\Nicou\APPLIC~1\Leadertech
    [19/04/2008|19:20] C:\DOCUME~1\Nicou\APPLIC~1\Logitech
    [03/07/2006|22:00] C:\DOCUME~1\Nicou\APPLIC~1\Macromedia
    [30/01/2007|20:59] C:\DOCUME~1\Nicou\APPLIC~1\MessengerSkinner
    [15/09/2007|20:40] C:\DOCUME~1\Nicou\APPLIC~1\Microsoft
    [02/05/2008|20:26] C:\DOCUME~1\Nicou\APPLIC~1\ping blah view
    [09/07/2006|11:41] C:\DOCUME~1\Nicou\APPLIC~1\PlayFirst
    [19/10/2007|22:42] C:\DOCUME~1\Nicou\APPLIC~1\Pogo Games
    [05/06/2006|15:16] C:\DOCUME~1\Nicou\APPLIC~1\Real
    [17/12/2007|20:03] C:\DOCUME~1\Nicou\APPLIC~1\Samsung
    [06/12/2007|19:24] C:\DOCUME~1\Nicou\APPLIC~1\ShoppingReport
    [10/05/2006|09:27] C:\DOCUME~1\Nicou\APPLIC~1\Sonic
    [05/05/2006|00:26] C:\DOCUME~1\Nicou\APPLIC~1\Sun
    [05/05/2006|00:26] C:\DOCUME~1\Nicou\APPLIC~1\Symantec
    [04/05/2006|23:55] C:\DOCUME~1\Nicou\APPLIC~1\Template
    [20/12/2007|21:06] C:\DOCUME~1\Nicou\APPLIC~1\Voxmobili
    [06/12/2007|19:22] C:\DOCUME~1\Nicou\APPLIC~1\WeatherDPA
    [27/04/2008|20:24] C:\DOCUME~1\Nicou\APPLIC~1\Webroot
    [26/08/2007|12:13] C:\DOCUME~1\Nicou\APPLIC~1\Wildfire
    [05/05/2006|00:26] C:\DOCUME~1\Nicou\APPLIC~1\You've Got Pictures Screensaver
    [26/08/2007|19:37] C:\DOCUME~1\Nicou\APPLIC~1\Zylom

    [09/05/2007|19:22] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [28/04/2008 21:53][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [04/05/2006 15:54][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
    [05/04/2005 20:31][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
    [02/05/2008 20:18][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 14:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [05/11/2007|21:12] C:\Program Files\AC3Filter
    [16/02/2007|22:53] C:\Program Files\Adobe
    [07/11/2007|20:53] C:\Program Files\Alawar
    [05/05/2006|01:22] C:\Program Files\Alwil Software
    [25/12/2006|12:34] C:\Program Files\Ashampoo
    [30/09/2006|12:42] C:\Program Files\Atari
    [27/04/2008|19:42] C:\Program Files\BitDownload
    [20/04/2008|23:19] C:\Program Files\BitTorrent Fastest Tool
    [20/04/2008|23:14] C:\Program Files\Conduit
    [05/05/2006|00:26] C:\Program Files\CyberLink
    [04/05/2006|19:29] C:\Program Files\Digitale Huehnerjagd
    [03/04/2008|19:19] C:\Program Files\Discovery Multimedia
    [24/03/2008|13:52] C:\Program Files\DivX
    [07/08/2007|18:23] C:\Program Files\Elaborate Bytes
    [27/04/2008|21:11] C:\Program Files\eMule
    [08/04/2007|19:26] C:\Program Files\eoRezo
    [19/04/2008|19:08] C:\Program Files\Fichiers communs
    [10/06/2007|13:11] C:\Program Files\Free Audio Pack
    [19/10/2007|22:18] C:\Program Files\GameHouse
    [09/04/2008|19:59] C:\Program Files\GamesBar
    [22/08/2007|15:46] C:\Program Files\Google
    [09/09/2006|13:02] C:\Program Files\Hewlett-Packard
    [05/05/2006|00:18] C:\Program Files\HP
    [24/03/2008|13:15] C:\Program Files\iGraal
    [05/05/2006|11:49] C:\Program Files\Illustrate
    [28/01/2008|17:58] C:\Program Files\IncrediMail
    [19/04/2008|19:08] C:\Program Files\InstallShield Installation Information
    [09/04/2008|15:55] C:\Program Files\Internet Explorer
    [05/10/2006|18:57] C:\Program Files\Inventel
    [09/10/2007|20:24] C:\Program Files\Java
    [15/04/2007|15:59] C:\Program Files\Lavasoft
    [05/05/2006|00:26] C:\Program Files\Learn2.com
    [21/12/2006|10:55] C:\Program Files\Logiciel Photo Orange
    [19/04/2008|19:08] C:\Program Files\Logitech
    [05/05/2006|01:57] C:\Program Files\Messenger
    [03/03/2007|20:08] C:\Program Files\Micro Application
    [21/05/2007|21:24] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [05/05/2006|00:26] C:\Program Files\microsoft frontpage
    [17/02/2007|21:10] C:\Program Files\Microsoft Money 2005
    [05/05/2006|01:41] C:\Program Files\microsoft office
    [26/05/2007|19:36] C:\Program Files\Microsoft R‚f‚rence
    [05/05/2006|00:29] C:\Program Files\Microsoft Works
    [05/05/2006|00:26] C:\Program Files\Microsoft.NET
    [05/05/2006|00:29] C:\Program Files\Movie Maker
    [16/02/2007|22:02] C:\Program Files\MSN
    [05/05/2006|00:26] C:\Program Files\MSN Gaming Zone
    [16/11/2006|10:30] C:\Program Files\MSXML 4.0
    [05/05/2006|00:29] C:\Program Files\NetMeeting
    [23/05/2007|20:45] C:\Program Files\orange
    [13/06/2007|22:50] C:\Program Files\Outlook Express
    [20/12/2007|19:11] C:\Program Files\Outlook Express Quick Backup
    [02/12/2006|19:58] C:\Program Files\PhotoFiltre
    [02/05/2008|20:25] C:\Program Files\ping blah view
    [05/05/2006|00:29] C:\Program Files\QuickTime
    [05/05/2006|00:26] C:\Program Files\Real
    [05/05/2006|00:26] C:\Program Files\Realtek
    [20/04/2008|22:44] C:\Program Files\ReflexiveArcade
    [04/05/2006|16:13] C:\Program Files\SAGEM
    [17/12/2007|19:16] C:\Program Files\Samsung
    [04/04/2008|20:18] C:\Program Files\scrabbleproB1.0.7
    [05/10/2006|21:41] C:\Program Files\Securitoo
    [05/05/2006|00:30] C:\Program Files\Services en ligne
    [03/04/2008|19:31] C:\Program Files\Sierra On-Line
    [05/05/2006|00:26] C:\Program Files\Sonic
    [06/01/2008|20:16] C:\Program Files\StudioLine Photo Basic
    [05/05/2006|01:17] C:\Program Files\Symantec
    [14/07/2006|17:50] C:\Program Files\The Adventure Company
    [15/06/2006|19:44] C:\Program Files\TMFX Studios
    [20/04/2008|23:14] C:\Program Files\torrent_search
    [21/04/2008|20:35] C:\Program Files\Trend Micro
    [23/10/2007|20:23] C:\Program Files\Twilight
    [05/05/2006|00:26] C:\Program Files\Uninstall Information
    [05/05/2006|00:26] C:\Program Files\Viewpoint
    [19/10/2006|19:50] C:\Program Files\VirginMega
    [02/05/2008|20:25] C:\Program Files\Wanadoo
    [20/05/2007|12:40] C:\Program Files\Wanadoo Messager
    [27/04/2008|20:24] C:\Program Files\Webroot
    [04/03/2008|19:51] C:\Program Files\Windows Live
    [30/11/2007|10:08] C:\Program Files\Windows Live Toolbar
    [28/12/2006|21:24] C:\Program Files\Windows Media Connect 2
    [31/05/2007|15:15] C:\Program Files\Windows Media Player
    [05/05/2006|00:30] C:\Program Files\Windows NT
    [05/05/2006|00:26] C:\Program Files\WindowsUpdate
    [30/04/2007|16:55] C:\Program Files\WinLemm
    [03/01/2007|19:46] C:\Program Files\WinRAR
    [06/04/2008|14:17] C:\Program Files\Winsos
    [05/05/2006|00:26] C:\Program Files\xerox
    [18/10/2007|18:51] C:\Program Files\Zylom Games

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [15/05/2006|14:49] C:\Program Files\Fichiers communs\Adobe
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\AOL
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\aolshare
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\DESIGNER
    [04/05/2006|16:09] C:\Program Files\Fichiers communs\FotoWire
    [05/05/2006|00:17] C:\Program Files\Fichiers communs\Hewlett-Packard
    [05/05/2006|00:20] C:\Program Files\Fichiers communs\HP
    [04/05/2006|16:06] C:\Program Files\Fichiers communs\InstallShield
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\Java
    [19/04/2008|19:09] C:\Program Files\Fichiers communs\Logishrd
    [04/05/2006|16:08] C:\Program Files\Fichiers communs\Logitech
    [19/04/2008|19:11] C:\Program Files\Fichiers communs\Microsoft Shared
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\MSSoap
    [25/01/2007|04:52] C:\Program Files\Fichiers communs\NMSAccessU.exe
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\Nullsoft
    [15/04/2008|21:19] C:\Program Files\Fichiers communs\Oberon Media
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\ODBC
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\Real
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\Services
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\Sonic Shared
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\SpeechEngines
    [15/08/2007|16:01] C:\Program Files\Fichiers communs\SureThing Shared
    [05/05/2006|01:20] C:\Program Files\Fichiers communs\Symantec Shared
    [13/06/2007|22:50] C:\Program Files\Fichiers communs\System
    [04/03/2008|19:51] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\xing shared

    ---------------------------[ Process ]--------------------------

    ... 50

    iexplore.exe ~ [3760]
    iexplore.exe ~ [164]

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1
    C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\firstpileaim.exe
    C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\nugcaemu.exe
    C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\rjylyngf.exe
    C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\ThirdGplSize.exe

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons\Download hole.exe
    C:\Program Files\Bitdownload
    C:\Program Files\Bitdownload\session.store
    C:\Program Files\BitTorrent Fastest Tool
    C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe
    C:\Program Files\BitTorrent Fastest Tool\BitP.exe
    C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
    C:\WINDOWS\Prefetch\BITDOWNLOAD.EXE-2EAB6E97.pf
    C:\WINDOWS\Tasks\AA39E4FF918A99F3.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hopedoescreative]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\Nicou\\APPLIC~1\\PINGBL~1\\firstpileaim.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NOUNBALM"="C:\\DOCUME~1\\Nicou\\APPLIC~1\\PINGBL~1\\firstpileaim.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AXIS TONS THE MP3"="C:\\Documents and Settings\\All Users\\Application Data\\Readme Live Axis Tons\\Download hole.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-02 20:29:02
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\Documents and Settings\Nicou\Local Settings\Application Data\IM\Animation\firecracker.ima
    => C:\Documents and Settings\Nicou\Local Settings\Application Data\IM\Runtime\EmoticonCenter\cracker.gif


    /!\ [Fich:16][Doss:108] C:\DOCUME~1\Nicou\LOCALS~1\Temp
    /!\ [Fich:90][Doss:0] C:\DOCUME~1\Nicou\Cookies
    /!\ [Fich:122][Doss:9] C:\DOCUME~1\Nicou\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 20:29:39,17 ]----------------------
    2 Mai 2008 23:08:26

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    (Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    + nouveau rapport hijackthis.

    ;) 
    2 Mai 2008 23:21:38

    Voici le nouveau rapport :

    -----------------------[ Lop S&D 4.2.0-3 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Nicou ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 02/05/2008 | 23:17:11,56 ] [ PC : Nicole ]
    [ MAJ : 30-04-2008 | 18:35 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons\Download hole.exe
    Supprimé! - C:\Program Files\Bitdownload\session.store
    Supprimé! - C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe
    Supprimé! - C:\Program Files\BitTorrent Fastest Tool\BitP.exe
    Supprimé! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
    Supprimé! - C:\WINDOWS\Tasks\AA39E4FF918A99F3.job
    Supprimé! - C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\firstpileaim.exe
    Supprimé! - C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\nugcaemu.exe
    Supprimé! - C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\rjylyngf.exe
    Supprimé! - C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1\ThirdGplSize.exe
    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons
    Supprimé! - C:\Program Files\Bitdownload
    Supprimé! - C:\Program Files\BitTorrent Fastest Tool
    Supprimé! - C:\DOCUME~1\Nicou\APPLIC~1\PINGBL~1
    Supprimé! - C:\Program Files\PINGBL~1
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprimé! - C:\DOCUME~1\Nicou\APPLIC~1\ShoppingReport

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [07/08/2007|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
    [06/12/2007|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    [23/01/2007|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [05/05/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [05/05/2006|11:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [16/08/2004|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/05/2007|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
    [07/03/2008|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
    [15/04/2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
    [09/04/2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
    [09/04/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Genimo
    [26/05/2007|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [06/12/2007|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA
    [05/05/2006|00:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [05/05/2006|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [20/12/2007|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
    [19/04/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
    [19/04/2008|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [15/04/2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [04/11/2007|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    [09/07/2006|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [07/12/2006|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayTime
    [22/11/2006|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [05/05/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [05/05/2006|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [15/04/2008|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [05/05/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [06/07/2006|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [16/02/2007|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [04/03/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [26/08/2007|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [16/08/2004|17:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
    [05/05/2006|00:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [05/12/2007|20:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
    [05/12/2007|20:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
    [15/04/2007|13:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [29/11/2006|19:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [13/04/2007|23:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [22/01/2007|19:23] C:\DOCUME~1\Nicou\APPLIC~1\Adobe
    [24/01/2007|12:21] C:\DOCUME~1\Nicou\APPLIC~1\AdobeUM
    [09/04/2008|19:59] C:\DOCUME~1\Nicou\APPLIC~1\Big Fish Games
    [31/03/2007|14:33] C:\DOCUME~1\Nicou\APPLIC~1\CyberLink
    [16/08/2004|17:55] C:\DOCUME~1\Nicou\APPLIC~1\desktop.ini
    [10/11/2007|19:08] C:\DOCUME~1\Nicou\APPLIC~1\DivX
    [08/04/2007|19:26] C:\DOCUME~1\Nicou\APPLIC~1\EoRezo
    [07/03/2008|19:35] C:\DOCUME~1\Nicou\APPLIC~1\FloodLightGames
    [04/05/2006|16:09] C:\DOCUME~1\Nicou\APPLIC~1\FotoWire
    [09/09/2006|13:03] C:\DOCUME~1\Nicou\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log
    [26/06/2006|16:43] C:\DOCUME~1\Nicou\APPLIC~1\Google
    [19/05/2006|16:11] C:\DOCUME~1\Nicou\APPLIC~1\Help
    [06/12/2007|19:22] C:\DOCUME~1\Nicou\APPLIC~1\Hotbar
    [26/08/2007|19:37] C:\DOCUME~1\Nicou\APPLIC~1\Identities
    [19/04/2008|19:08] C:\DOCUME~1\Nicou\APPLIC~1\InstallShield
    [30/07/2007|15:03] C:\DOCUME~1\Nicou\APPLIC~1\iWin
    [15/04/2007|15:59] C:\DOCUME~1\Nicou\APPLIC~1\Lavasoft
    [10/05/2006|09:27] C:\DOCUME~1\Nicou\APPLIC~1\Leadertech
    [19/04/2008|19:20] C:\DOCUME~1\Nicou\APPLIC~1\Logitech
    [03/07/2006|22:00] C:\DOCUME~1\Nicou\APPLIC~1\Macromedia
    [30/01/2007|20:59] C:\DOCUME~1\Nicou\APPLIC~1\MessengerSkinner
    [15/09/2007|20:40] C:\DOCUME~1\Nicou\APPLIC~1\Microsoft
    [09/07/2006|11:41] C:\DOCUME~1\Nicou\APPLIC~1\PlayFirst
    [19/10/2007|22:42] C:\DOCUME~1\Nicou\APPLIC~1\Pogo Games
    [05/06/2006|15:16] C:\DOCUME~1\Nicou\APPLIC~1\Real
    [17/12/2007|20:03] C:\DOCUME~1\Nicou\APPLIC~1\Samsung
    [10/05/2006|09:27] C:\DOCUME~1\Nicou\APPLIC~1\Sonic
    [05/05/2006|00:26] C:\DOCUME~1\Nicou\APPLIC~1\Sun
    [05/05/2006|00:26] C:\DOCUME~1\Nicou\APPLIC~1\Symantec
    [04/05/2006|23:55] C:\DOCUME~1\Nicou\APPLIC~1\Template
    [20/12/2007|21:06] C:\DOCUME~1\Nicou\APPLIC~1\Voxmobili
    [06/12/2007|19:22] C:\DOCUME~1\Nicou\APPLIC~1\WeatherDPA
    [27/04/2008|20:24] C:\DOCUME~1\Nicou\APPLIC~1\Webroot
    [26/08/2007|12:13] C:\DOCUME~1\Nicou\APPLIC~1\Wildfire
    [05/05/2006|00:26] C:\DOCUME~1\Nicou\APPLIC~1\You've Got Pictures Screensaver
    [26/08/2007|19:37] C:\DOCUME~1\Nicou\APPLIC~1\Zylom

    [09/05/2007|19:22] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [02/05/2008 22:53][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [04/05/2006 15:54][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
    [05/04/2005 20:31][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
    [02/05/2008 20:18][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 14:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [05/11/2007|21:12] C:\Program Files\AC3Filter
    [16/02/2007|22:53] C:\Program Files\Adobe
    [07/11/2007|20:53] C:\Program Files\Alawar
    [05/05/2006|01:22] C:\Program Files\Alwil Software
    [25/12/2006|12:34] C:\Program Files\Ashampoo
    [30/09/2006|12:42] C:\Program Files\Atari
    [20/04/2008|23:14] C:\Program Files\Conduit
    [05/05/2006|00:26] C:\Program Files\CyberLink
    [04/05/2006|19:29] C:\Program Files\Digitale Huehnerjagd
    [03/04/2008|19:19] C:\Program Files\Discovery Multimedia
    [24/03/2008|13:52] C:\Program Files\DivX
    [07/08/2007|18:23] C:\Program Files\Elaborate Bytes
    [27/04/2008|21:11] C:\Program Files\eMule
    [08/04/2007|19:26] C:\Program Files\eoRezo
    [19/04/2008|19:08] C:\Program Files\Fichiers communs
    [10/06/2007|13:11] C:\Program Files\Free Audio Pack
    [19/10/2007|22:18] C:\Program Files\GameHouse
    [09/04/2008|19:59] C:\Program Files\GamesBar
    [22/08/2007|15:46] C:\Program Files\Google
    [09/09/2006|13:02] C:\Program Files\Hewlett-Packard
    [05/05/2006|00:18] C:\Program Files\HP
    [24/03/2008|13:15] C:\Program Files\iGraal
    [05/05/2006|11:49] C:\Program Files\Illustrate
    [28/01/2008|17:58] C:\Program Files\IncrediMail
    [19/04/2008|19:08] C:\Program Files\InstallShield Installation Information
    [09/04/2008|15:55] C:\Program Files\Internet Explorer
    [05/10/2006|18:57] C:\Program Files\Inventel
    [09/10/2007|20:24] C:\Program Files\Java
    [15/04/2007|15:59] C:\Program Files\Lavasoft
    [05/05/2006|00:26] C:\Program Files\Learn2.com
    [21/12/2006|10:55] C:\Program Files\Logiciel Photo Orange
    [19/04/2008|19:08] C:\Program Files\Logitech
    [05/05/2006|01:57] C:\Program Files\Messenger
    [03/03/2007|20:08] C:\Program Files\Micro Application
    [21/05/2007|21:24] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [05/05/2006|00:26] C:\Program Files\microsoft frontpage
    [17/02/2007|21:10] C:\Program Files\Microsoft Money 2005
    [05/05/2006|01:41] C:\Program Files\microsoft office
    [26/05/2007|19:36] C:\Program Files\Microsoft R‚f‚rence
    [05/05/2006|00:29] C:\Program Files\Microsoft Works
    [05/05/2006|00:26] C:\Program Files\Microsoft.NET
    [05/05/2006|00:29] C:\Program Files\Movie Maker
    [16/02/2007|22:02] C:\Program Files\MSN
    [05/05/2006|00:26] C:\Program Files\MSN Gaming Zone
    [16/11/2006|10:30] C:\Program Files\MSXML 4.0
    [05/05/2006|00:29] C:\Program Files\NetMeeting
    [23/05/2007|20:45] C:\Program Files\orange
    [13/06/2007|22:50] C:\Program Files\Outlook Express
    [20/12/2007|19:11] C:\Program Files\Outlook Express Quick Backup
    [02/12/2006|19:58] C:\Program Files\PhotoFiltre
    [05/05/2006|00:29] C:\Program Files\QuickTime
    [05/05/2006|00:26] C:\Program Files\Real
    [05/05/2006|00:26] C:\Program Files\Realtek
    [20/04/2008|22:44] C:\Program Files\ReflexiveArcade
    [04/05/2006|16:13] C:\Program Files\SAGEM
    [17/12/2007|19:16] C:\Program Files\Samsung
    [04/04/2008|20:18] C:\Program Files\scrabbleproB1.0.7
    [05/10/2006|21:41] C:\Program Files\Securitoo
    [05/05/2006|00:30] C:\Program Files\Services en ligne
    [03/04/2008|19:31] C:\Program Files\Sierra On-Line
    [05/05/2006|00:26] C:\Program Files\Sonic
    [06/01/2008|20:16] C:\Program Files\StudioLine Photo Basic
    [05/05/2006|01:17] C:\Program Files\Symantec
    [14/07/2006|17:50] C:\Program Files\The Adventure Company
    [15/06/2006|19:44] C:\Program Files\TMFX Studios
    [20/04/2008|23:14] C:\Program Files\torrent_search
    [21/04/2008|20:35] C:\Program Files\Trend Micro
    [23/10/2007|20:23] C:\Program Files\Twilight
    [05/05/2006|00:26] C:\Program Files\Uninstall Information
    [05/05/2006|00:26] C:\Program Files\Viewpoint
    [19/10/2006|19:50] C:\Program Files\VirginMega
    [02/05/2008|23:14] C:\Program Files\Wanadoo
    [20/05/2007|12:40] C:\Program Files\Wanadoo Messager
    [27/04/2008|20:24] C:\Program Files\Webroot
    [04/03/2008|19:51] C:\Program Files\Windows Live
    [30/11/2007|10:08] C:\Program Files\Windows Live Toolbar
    [28/12/2006|21:24] C:\Program Files\Windows Media Connect 2
    [31/05/2007|15:15] C:\Program Files\Windows Media Player
    [05/05/2006|00:30] C:\Program Files\Windows NT
    [05/05/2006|00:26] C:\Program Files\WindowsUpdate
    [30/04/2007|16:55] C:\Program Files\WinLemm
    [03/01/2007|19:46] C:\Program Files\WinRAR
    [06/04/2008|14:17] C:\Program Files\Winsos
    [05/05/2006|00:26] C:\Program Files\xerox
    [18/10/2007|18:51] C:\Program Files\Zylom Games

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [15/05/2006|14:49] C:\Program Files\Fichiers communs\Adobe
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\AOL
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\aolshare
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\DESIGNER
    [04/05/2006|16:09] C:\Program Files\Fichiers communs\FotoWire
    [05/05/2006|00:17] C:\Program Files\Fichiers communs\Hewlett-Packard
    [05/05/2006|00:20] C:\Program Files\Fichiers communs\HP
    [04/05/2006|16:06] C:\Program Files\Fichiers communs\InstallShield
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\Java
    [19/04/2008|19:09] C:\Program Files\Fichiers communs\Logishrd
    [04/05/2006|16:08] C:\Program Files\Fichiers communs\Logitech
    [19/04/2008|19:11] C:\Program Files\Fichiers communs\Microsoft Shared
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\MSSoap
    [25/01/2007|04:52] C:\Program Files\Fichiers communs\NMSAccessU.exe
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\Nullsoft
    [15/04/2008|21:19] C:\Program Files\Fichiers communs\Oberon Media
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\ODBC
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\Real
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\Services
    [05/05/2006|00:28] C:\Program Files\Fichiers communs\Sonic Shared
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\SpeechEngines
    [15/08/2007|16:01] C:\Program Files\Fichiers communs\SureThing Shared
    [05/05/2006|01:20] C:\Program Files\Fichiers communs\Symantec Shared
    [13/06/2007|22:50] C:\Program Files\Fichiers communs\System
    [04/03/2008|19:51] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [05/05/2006|00:26] C:\Program Files\Fichiers communs\xing shared

    ---------------------------[ Process ]--------------------------

    ... 50

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-02 23:18:15
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\Documents and Settings\Nicou\Local Settings\Application Data\IM\Animation\firecracker.ima
    => C:\Documents and Settings\Nicou\Local Settings\Application Data\IM\Runtime\EmoticonCenter\cracker.gif


    /!\ [Fich:17][Doss:108] C:\DOCUME~1\Nicou\LOCALS~1\Temp
    /!\ [Fich:90][Doss:0] C:\DOCUME~1\Nicou\Cookies
    /!\ [Fich:25][Doss:9] C:\DOCUME~1\Nicou\LOCALS~1\TEMPOR~1\content.IE5

    Rapport hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:20:18, on 02/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\NMSAccessU.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.msn.fr/spbasic.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "c:\documents and settings\nicou\application data\errorsafefrenchnewreleaseinstall[1].exe" -nag
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxentelechargement.orange.fr/orange2.0/games/c...
    O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://contacts.orange.fr/wfr_webab/VoxsyncX.cab
    O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://jeuxenligne.orange.fr/online2/mahjong_escape_anc...
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    --
    End of file - 8670 bytes

    --------------------[ Fin du rapport a 23:18:48,84 ]----------------------
    3 Mai 2008 12:43:36

    :hello:  Bonjour,

    Supprime les fichiers en gras suivants :

    C:\Documents and Settings\Nicou\Local Settings\Application Data\IM\Animation\firecracker.ima
    C:\Documents and Settings\Nicou\Local Settings\Application Data\IM\Runtime\EmoticonCenter\cracker.gif
    c:\documents and settings\nicou\application data\errorsafefrenchnewreleaseinstall[1].exe

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    Citation :
    Antivir : le plus efficace des gratuits

    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    ;) 
    10 Mai 2008 22:54:15

    Bonsoir, me revoilà après une semaine d'absence. J'ai fait tout ce que tu m'as dit, à part que je n'ai pas trouvé sur l'explorateur le dernier fichier à supprimer. J'ai téléchargé comme tu m'as indiqué, voici le rapport d'Antivir (qui est en anglais ce qui ne me facilite pas les choses !) :

    Avira AntiVir Personal
    Report file date: samedi 10 mai 2008 22:06

    Scanning for 1165085 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: Nicole

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
    ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
    Engineversion : 8.1.0.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:44
    AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:44
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
    AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:42
    AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:44
    AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:44
    AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:43
    AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:32
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 10 mai 2008 22:06

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'CCleaner.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
    Scan process 'HidService.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    31 processes with 31 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '28' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Nicou\Mes documents\parricau.nicole\hotbar.exe
    [DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.14
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP248\A0042115.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP248\A0042162.exe
    [DETECTION] Contains detection pattern of the dropper DR/MartShop.2
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP249\A0042304.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!


    End of the scan: samedi 10 mai 2008 22:47
    Used time: 40:37 min

    The scan has been done completely.

    7054 Scanning directories
    475035 Files were scanned
    4 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    4 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    475031 Files not concerned
    7949 Archives were scanned
    6 Warnings
    4 Notes

    Merci pour ton aide.
    11 Mai 2008 00:37:14

    :hello:  Bonsoir,

    Bien :super:

    Poste un nouveau rapport hijackthis.

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    11 Mai 2008 16:10:07

    Bonjour ! voici le nouveau rapport HijackThis ; Le PC a l'air d'aller mieux, je n'ai plus de fenêtres de pub qui s'ouvrent tout le temps : OUF !!!! grâce à ton aide, m'en voici débarrassée ! Merci encore.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:07:07, on 11/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\NMSAccessU.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winsos\WINSOS.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.msn.fr/spbasic.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "c:\documents and settings\nicou\application data\errorsafefrenchnewreleaseinstall[1].exe" -nag
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxentelechargement.orange.fr/orange2.0/games/c...
    O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://contacts.orange.fr/wfr_webab/VoxsyncX.cab
    O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://jeuxenligne.orange.fr/online2/mahjong_escape_anc...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 8181 bytes
    13 Mai 2008 14:04:07

    C’est OK, tu ne seras plus infecté(e) quand tu auras fait TOUTES les manip’ ci-dessous :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
    ********************************************************************************

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    Ton infection :

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://www.infos-du-net.com/forum/275481-11-dossier-pre...
    13 Mai 2008 18:58:26

    J'ai terminé tout ce que tu m'as dit de faire, sauf que pour le rapport TCleaner.txt je crois que j'ai quitté trop vite aussi quand j'ai recommencé, forcément il n'y avait plus rien dans le rapport. Est-ce important ?
    A part ça tout marche très bien, apparemment tout est rentré dans l'ordre, c'est vraiment super de pouvoir avoir une aide aussi efficace ! Mille merci !!!
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS