Votre question

Publicités nommées CiD

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Février 2008 18:06:34

Bonjour, je voulais de l'aide à propos des publicités In tem pes tives :fou:  qui apparaîssent, elle sont nommées CiD, je ne sais comment faire pour m'en débarasser.

Merci :wahoo: 

Autres pages sur : publicites nommees cid

26 Février 2008 18:22:02

Salut,

Sûrement Lop.

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
27 Février 2008 09:36:48

Bonjour, oui, peut-être Lop qui est présent notamment dans le sponsor msn+ je l'avais désinstallé, mais maintenant je n'ai plus accès à msn de plus j'ai ces publicités :fou: 

Voici le rapport hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:54, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\One Rect.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Acid Two] C:\DOCUME~1\St\APPLIC~1\16more\live debug base.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_ac...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10725 bytes
Contenus similaires
27 Février 2008 13:08:23

En effet, c'est lui :) 

Télécharge Lop S&D.exe ( d’ Eric 71 & Angeldark ) sur ton bureau. ~>Tuto<~

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    27 Février 2008 17:08:37


    -----------------------------[ Lop S&D 4.0.0 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : St ] [ "C:\Lop SD" ]
    [ 27/02/2008 | 17:05:22,46 ] [ PC : PC835617709412 ]
    [ MAJ : 26-02-2008 | 19:30 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [27/03/2006|08:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [24/02/2008|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [24/02/2008|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [11/05/2006|01:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [03/11/2007|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [03/11/2007|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [13/10/2007|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [17/11/2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [11/05/2006|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [27/03/2006|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [09/01/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [05/12/2007|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [11/05/2006|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [27/03/2006|07:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [11/05/2006|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [19/05/2007|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2F9.tmp
    [19/05/2007|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FB.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FC.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FD.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FE.tmp
    [20/05/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FF.tmp
    [26/05/2007|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx8C.tmp
    [24/02/2008|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
    [28/12/2007|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
    [28/12/2007|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [21/10/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [11/05/2006|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [11/05/2006|01:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [04/09/2007|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
    [07/06/2007|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
    [11/05/2006|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [01/01/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [03/02/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [07/06/2007|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [17/11/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
    [17/11/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
    [03/02/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [07/06/2007|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [10/09/2007|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WebacamSurveyor
    [12/02/2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webcammax
    [14/05/2007|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [12/05/2007|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [26/01/2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [27/03/2006|08:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [10/10/2007|13:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [27/02/2008|14:46] C:\DOCUME~1\St\APPLIC~1\.
    [27/02/2008|14:46] C:\DOCUME~1\St\APPLIC~1\..
    [24/02/2008|17:10] C:\DOCUME~1\St\APPLIC~1\16more
    [06/02/2008|14:26] C:\DOCUME~1\St\APPLIC~1\Adobe
    [11/02/2008|21:44] C:\DOCUME~1\St\APPLIC~1\Arcsoft
    [18/02/2008|17:30] C:\DOCUME~1\St\APPLIC~1\CamfrogWEB
    [26/02/2008|18:42] C:\DOCUME~1\St\APPLIC~1\Canon
    [27/03/2006|08:48] C:\DOCUME~1\St\APPLIC~1\desktop.ini
    [04/02/2008|20:58] C:\DOCUME~1\St\APPLIC~1\Google
    [19/02/2008|17:13] C:\DOCUME~1\St\APPLIC~1\Help
    [03/02/2008|22:03] C:\DOCUME~1\St\APPLIC~1\Identities
    [04/02/2008|20:37] C:\DOCUME~1\St\APPLIC~1\InterTrust
    [25/02/2008|12:43] C:\DOCUME~1\St\APPLIC~1\LimeWire
    [03/02/2008|14:49] C:\DOCUME~1\St\APPLIC~1\Macromedia
    [04/02/2008|22:02] C:\DOCUME~1\St\APPLIC~1\Microsoft
    [24/02/2008|17:46] C:\DOCUME~1\St\APPLIC~1\Mozilla
    [04/02/2008|20:39] C:\DOCUME~1\St\APPLIC~1\ScanSoft
    [03/02/2008|22:03] C:\DOCUME~1\St\APPLIC~1\Symantec
    [06/02/2008|21:16] C:\DOCUME~1\St\APPLIC~1\Template
    [11/02/2008|22:06] C:\DOCUME~1\St\APPLIC~1\Webcammax
    [27/02/2008|14:46] C:\DOCUME~1\St\APPLIC~1\wklnhst.dat


    [31/01/2008|17:54] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\.
    [31/01/2008|17:54] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\..
    [02/02/2008|17:44] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Adobe
    [26/01/2008|23:02] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\CamfrogWEB
    [27/03/2006|08:48] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\desktop.ini
    [26/01/2008|20:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Google
    [26/01/2008|20:50] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Grisoft
    [09/09/2007|05:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Identities
    [01/02/2008|21:51] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\LimeWire
    [26/01/2008|20:52] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Macromedia
    [26/01/2008|21:03] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Microsoft
    [26/01/2008|20:51] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Mozilla
    [27/01/2008|11:14] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\SecondLife
    [30/01/2008|01:04] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Sun
    [09/09/2007|05:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Symantec
    [26/01/2008|20:50] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Teleca



    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [27/02/2008 17:00][--ah-----] C:\WINDOWS\tasks\B63EBA1B913124F7.job
    [16/02/2008 14:19][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job
    [12/02/2008 19:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [04/01/2008 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - Sultan.job
    [27/02/2008 16:55][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [11/05/2006 02:05][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
    [27/02/2008 16:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 22:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [25/02/2008|09:00] C:\Program Files\.
    [25/02/2008|09:00] C:\Program Files\..
    [24/02/2008|17:09] C:\Program Files\16more
    [17/11/2007|17:30] C:\Program Files\ABBYY FineReader 6.0
    [11/05/2006|01:53] C:\Program Files\Adobe
    [03/12/2007|19:13] C:\Program Files\Alwil Software
    [03/11/2007|02:52] C:\Program Files\Apple Software Update
    [17/11/2007|17:59] C:\Program Files\ArcSoft
    [13/10/2007|23:27] C:\Program Files\AVS4YOU
    [17/11/2007|18:01] C:\Program Files\Canon
    [04/02/2008|18:49] C:\Program Files\Capturino 1.4
    [05/12/2007|17:59] C:\Program Files\CCleaner
    [12/02/2008|18:09] C:\Program Files\CFWebAdvancedU
    [24/02/2008|17:09] C:\Program Files\Circle Developement
    [11/05/2006|09:35] C:\Program Files\ComPlus Applications
    [03/02/2008|22:06] C:\Program Files\CONEXANT
    [28/10/2007|15:20] C:\Program Files\Dactylo
    [01/01/2008|01:54] C:\Program Files\Dialogoo
    [08/09/2007|21:33] C:\Program Files\DIFX
    [07/06/2007|16:11] C:\Program Files\Disc2Phone
    [17/11/2007|17:30] C:\Program Files\FaxTools
    [03/02/2008|22:06] C:\Program Files\Fichiers communs
    [15/09/2007|07:21] C:\Program Files\Foreignword
    [16/11/2007|17:41] C:\Program Files\freebird
    [06/02/2008|13:57] C:\Program Files\Google
    [05/12/2007|17:56] C:\Program Files\Grisoft
    [11/05/2006|02:18] C:\Program Files\Hewlett-Packard
    [31/08/2007|00:11] C:\Program Files\Hofmann
    [11/05/2006|02:01] C:\Program Files\Hp
    [11/05/2006|02:18] C:\Program Files\HPQ
    [15/09/2007|07:25] C:\Program Files\IdiomaX
    [24/02/2008|17:22] C:\Program Files\InstallShield Installation Information
    [11/05/2006|01:45] C:\Program Files\Intel
    [13/02/2008|21:11] C:\Program Files\Internet Explorer
    [19/10/2007|12:07] C:\Program Files\Islam
    [03/12/2007|23:41] C:\Program Files\Jasc Software Inc
    [11/05/2006|09:35] C:\Program Files\Java
    [29/09/2007|21:02] C:\Program Files\Labtec
    [15/09/2007|06:26] C:\Program Files\Liatro
    [16/02/2008|14:18] C:\Program Files\LimeWire
    [28/12/2007|16:18] C:\Program Files\Logitech
    [24/02/2008|16:56] C:\Program Files\Macrogaming
    [19/09/2007|15:54] C:\Program Files\Memodata
    [03/02/2008|22:09] C:\Program Files\Messenger
    [24/02/2008|17:09] C:\Program Files\Messenger Plus! Live
    [14/05/2007|10:57] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [11/05/2006|09:35] C:\Program Files\microsoft frontpage
    [11/05/2006|01:55] C:\Program Files\Microsoft Office
    [03/02/2008|22:10] C:\Program Files\Microsoft Works
    [03/02/2008|22:10] C:\Program Files\Movie Maker
    [27/02/2008|16:53] C:\Program Files\Mozilla Firefox
    [28/10/2007|15:07] C:\Program Files\mp3DirectCut
    [09/09/2007|21:01] C:\Program Files\MSBuild
    [11/05/2006|09:35] C:\Program Files\MSN
    [11/05/2006|09:35] C:\Program Files\MSN Gaming Zone
    [09/12/2007|22:01] C:\Program Files\MSN Messenger
    [06/01/2008|16:39] C:\Program Files\MSN Pictures Displayer
    [14/05/2007|10:55] C:\Program Files\MSXML 4.0
    [11/09/2007|17:49] C:\Program Files\MSXML 6.0
    [09/12/2007|09:59] C:\Program Files\Navilog1
    [03/02/2008|22:10] C:\Program Files\NetMeeting
    [03/02/2008|22:10] C:\Program Files\NetWaiting
    [03/02/2008|22:10] C:\Program Files\Norton Internet Security
    [29/01/2008|17:46] C:\Program Files\NRJ
    [03/02/2008|22:10] C:\Program Files\Online Services
    [06/02/2008|21:35] C:\Program Files\Outlook Express
    [02/02/2008|09:12] C:\Program Files\PhotoFiltre
    [02/06/2007|16:32] C:\Program Files\Popims
    [03/11/2007|02:53] C:\Program Files\QuickTime
    [09/09/2007|20:57] C:\Program Files\Reference Assemblies
    [05/08/2007|10:30] C:\Program Files\RockNRoll
    [17/11/2007|18:00] C:\Program Files\ScanSoft
    [28/08/2007|01:02] C:\Program Files\Seagrand
    [23/01/2008|19:14] C:\Program Files\SecondLife
    [13/10/2007|23:31] C:\Program Files\Serif
    [03/02/2008|22:10] C:\Program Files\Services en ligne
    [08/10/2007|16:56] C:\Program Files\SM
    [11/05/2006|09:35] C:\Program Files\Sonic
    [07/06/2007|16:08] C:\Program Files\Sony Ericsson
    [03/02/2008|22:11] C:\Program Files\Symantec
    [11/05/2006|01:56] C:\Program Files\Synaptics
    [12/02/2008|16:18] C:\Program Files\Trend Micro
    [11/05/2006|09:35] C:\Program Files\Uninstall Information
    [15/11/2007|18:17] C:\Program Files\Visicom Media
    [11/09/2007|20:26] C:\Program Files\Webcam Surveyor
    [12/02/2008|15:44] C:\Program Files\WebcamMax
    [08/09/2007|21:30] C:\Program Files\WIDCOMM
    [31/10/2007|02:13] C:\Program Files\Windows Journal Viewer
    [19/01/2008|11:31] C:\Program Files\Windows Live
    [12/05/2007|20:01] C:\Program Files\Windows Live Favorites
    [12/05/2007|20:01] C:\Program Files\Windows Live Toolbar
    [29/01/2008|17:55] C:\Program Files\Windows Media Components
    [28/10/2007|13:36] C:\Program Files\Windows Media Connect 2
    [03/02/2008|22:11] C:\Program Files\Windows Media Player
    [03/02/2008|22:11] C:\Program Files\Windows NT
    [11/05/2006|09:35] C:\Program Files\WindowsUpdate
    [11/05/2006|09:35] C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [03/02/2008|22:06] C:\Program Files\Fichiers communs\.
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\..
    [13/06/2007|14:38] C:\Program Files\Fichiers communs\Adobe
    [13/10/2007|23:27] C:\Program Files\Fichiers communs\AVSMedia
    [09/09/2007|13:45] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\HP
    [27/10/2007|14:39] C:\Program Files\Fichiers communs\IdiomaX Shared
    [11/05/2006|01:52] C:\Program Files\Fichiers communs\InstallShield
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\Java
    [08/12/2007|18:14] C:\Program Files\Fichiers communs\Labtec
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\LightScribe
    [13/02/2008|16:03] C:\Program Files\Fichiers communs\LogiShrd
    [13/02/2008|15:50] C:\Program Files\Fichiers communs\Logitech
    [11/05/2006|01:55] C:\Program Files\Fichiers communs\Microsoft Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\MSSoap
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\ODBC
    [04/02/2008|20:39] C:\Program Files\Fichiers communs\ScanSoft Shared
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\Services
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\Sonic Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\SpeechEngines
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\SureThing Shared
    [03/02/2008|21:24] C:\Program Files\Fichiers communs\Symantec Shared
    [06/02/2008|21:35] C:\Program Files\Fichiers communs\System
    [10/11/2007|14:12] C:\Program Files\Fichiers communs\Teleca Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\TiVo Shared
    [02/12/2007|14:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\DOCUME~1\St\LOCALS~1\Temp\bis49.exe

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does\One Rect.exe
    C:\Program Files\Circle Developement
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\WINDOWS\Tasks\B63EBA1B913124F7.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MATH DOES FIRST MODE"="C:\\Documents and Settings\\All Users\\Application Data\\live 64 math does\\One Rect.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    -> 72 ( 70 ## added by CiD )

    /!\ 1 Not 127.0.0.1 !!

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-27 17:05:48
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\pack.epk
    ! EGDACCESS !


    /!\ [Fich:501][Doss:16] C:\DOCUME~1\St\LOCALS~1\Temp
    /!\ [Fich:51][Doss:0] C:\DOCUME~1\St\Cookies
    /!\ [Fich:16][Doss:4] C:\DOCUME~1\St\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 17:05:56,78 ]----------------------
    27 Février 2008 18:59:34

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    (Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    *********

    Télécharge OTMoveIt > Tuto <

    Sauvegarde-le sur le Bureau

    Séléctionne l'encadré ci-dessous
    C:\Program Files\16more
    C:\DOCUME~1\St\APPLIC~1\16more

    Lance maintenant OTMoveIt .
    Assure toi que la case unregister dll’s and ocx’s soit cochée.
    Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
    Et clique sur Movelt !

    Si le programme te demande de redemarrer, accepte.

    Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

    NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
    27 Février 2008 21:10:55

    J'ai selectionné l'option 2, je mets celui de OTMoveIt au plus vite :D  :


    -----------------------------[ Lop S&D 4.0.0 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : St ] [ "C:\Lop SD" ]
    [ 27/02/2008 | 21:07:39,53 ] [ PC : PC835617709412 ]
    [ MAJ : 26-02-2008 | 19:30 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does\One Rect.exe
    Supprimé! - C:\Program Files\Circle Developement\Uninstall.exe
    Supprimé! - C:\WINDOWS\Tasks\B63EBA1B913124F7.job
    Supprimé! - C:\DOCUME~1\St\LOCALS~1\Temp\bis49.exe
    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does
    Supprimé! - C:\Program Files\Circle Developement
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [27/03/2006|08:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [27/02/2008|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [27/02/2008|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [11/05/2006|01:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [03/11/2007|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [03/11/2007|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [13/10/2007|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [17/11/2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [11/05/2006|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [27/03/2006|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [09/01/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [05/12/2007|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [11/05/2006|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [27/03/2006|07:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [11/05/2006|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [19/05/2007|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2F9.tmp
    [19/05/2007|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FB.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FC.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FD.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FE.tmp
    [20/05/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FF.tmp
    [26/05/2007|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx8C.tmp
    [28/12/2007|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
    [28/12/2007|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [21/10/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [11/05/2006|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [11/05/2006|01:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [04/09/2007|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
    [07/06/2007|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
    [11/05/2006|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [01/01/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [03/02/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [07/06/2007|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [17/11/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
    [17/11/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
    [03/02/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [07/06/2007|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [10/09/2007|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WebacamSurveyor
    [12/02/2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webcammax
    [14/05/2007|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [12/05/2007|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [26/01/2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [27/03/2006|08:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [10/10/2007|13:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [27/02/2008|21:03] C:\DOCUME~1\St\APPLIC~1\.
    [27/02/2008|21:03] C:\DOCUME~1\St\APPLIC~1\..
    [24/02/2008|17:10] C:\DOCUME~1\St\APPLIC~1\16more
    [06/02/2008|14:26] C:\DOCUME~1\St\APPLIC~1\Adobe
    [11/02/2008|21:44] C:\DOCUME~1\St\APPLIC~1\Arcsoft
    [18/02/2008|17:30] C:\DOCUME~1\St\APPLIC~1\CamfrogWEB
    [27/02/2008|18:48] C:\DOCUME~1\St\APPLIC~1\Canon
    [27/03/2006|08:48] C:\DOCUME~1\St\APPLIC~1\desktop.ini
    [04/02/2008|20:58] C:\DOCUME~1\St\APPLIC~1\Google
    [19/02/2008|17:13] C:\DOCUME~1\St\APPLIC~1\Help
    [03/02/2008|22:03] C:\DOCUME~1\St\APPLIC~1\Identities
    [04/02/2008|20:37] C:\DOCUME~1\St\APPLIC~1\InterTrust
    [25/02/2008|12:43] C:\DOCUME~1\St\APPLIC~1\LimeWire
    [03/02/2008|14:49] C:\DOCUME~1\St\APPLIC~1\Macromedia
    [04/02/2008|22:02] C:\DOCUME~1\St\APPLIC~1\Microsoft
    [24/02/2008|17:46] C:\DOCUME~1\St\APPLIC~1\Mozilla
    [04/02/2008|20:39] C:\DOCUME~1\St\APPLIC~1\ScanSoft
    [03/02/2008|22:03] C:\DOCUME~1\St\APPLIC~1\Symantec
    [06/02/2008|21:16] C:\DOCUME~1\St\APPLIC~1\Template
    [11/02/2008|22:06] C:\DOCUME~1\St\APPLIC~1\Webcammax
    [27/02/2008|21:03] C:\DOCUME~1\St\APPLIC~1\wklnhst.dat


    [31/01/2008|17:54] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\.
    [31/01/2008|17:54] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\..
    [02/02/2008|17:44] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Adobe
    [26/01/2008|23:02] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\CamfrogWEB
    [27/03/2006|08:48] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\desktop.ini
    [26/01/2008|20:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Google
    [26/01/2008|20:50] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Grisoft
    [09/09/2007|05:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Identities
    [01/02/2008|21:51] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\LimeWire
    [26/01/2008|20:52] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Macromedia
    [26/01/2008|21:03] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Microsoft
    [26/01/2008|20:51] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Mozilla
    [27/01/2008|11:14] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\SecondLife
    [30/01/2008|01:04] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Sun
    [09/09/2007|05:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Symantec
    [26/01/2008|20:50] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Teleca



    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [16/02/2008 14:19][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job
    [12/02/2008 19:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [04/01/2008 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - Sultan.job
    [27/02/2008 20:55][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [11/05/2006 02:05][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
    [27/02/2008 16:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 22:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [27/02/2008|21:07] C:\Program Files\.
    [27/02/2008|21:07] C:\Program Files\..
    [24/02/2008|17:09] C:\Program Files\16more
    [17/11/2007|17:30] C:\Program Files\ABBYY FineReader 6.0
    [11/05/2006|01:53] C:\Program Files\Adobe
    [03/12/2007|19:13] C:\Program Files\Alwil Software
    [03/11/2007|02:52] C:\Program Files\Apple Software Update
    [17/11/2007|17:59] C:\Program Files\ArcSoft
    [13/10/2007|23:27] C:\Program Files\AVS4YOU
    [17/11/2007|18:01] C:\Program Files\Canon
    [04/02/2008|18:49] C:\Program Files\Capturino 1.4
    [05/12/2007|17:59] C:\Program Files\CCleaner
    [12/02/2008|18:09] C:\Program Files\CFWebAdvancedU
    [11/05/2006|09:35] C:\Program Files\ComPlus Applications
    [03/02/2008|22:06] C:\Program Files\CONEXANT
    [28/10/2007|15:20] C:\Program Files\Dactylo
    [01/01/2008|01:54] C:\Program Files\Dialogoo
    [08/09/2007|21:33] C:\Program Files\DIFX
    [07/06/2007|16:11] C:\Program Files\Disc2Phone
    [17/11/2007|17:30] C:\Program Files\FaxTools
    [03/02/2008|22:06] C:\Program Files\Fichiers communs
    [15/09/2007|07:21] C:\Program Files\Foreignword
    [16/11/2007|17:41] C:\Program Files\freebird
    [06/02/2008|13:57] C:\Program Files\Google
    [05/12/2007|17:56] C:\Program Files\Grisoft
    [11/05/2006|02:18] C:\Program Files\Hewlett-Packard
    [31/08/2007|00:11] C:\Program Files\Hofmann
    [11/05/2006|02:01] C:\Program Files\Hp
    [11/05/2006|02:18] C:\Program Files\HPQ
    [15/09/2007|07:25] C:\Program Files\IdiomaX
    [24/02/2008|17:22] C:\Program Files\InstallShield Installation Information
    [11/05/2006|01:45] C:\Program Files\Intel
    [13/02/2008|21:11] C:\Program Files\Internet Explorer
    [19/10/2007|12:07] C:\Program Files\Islam
    [03/12/2007|23:41] C:\Program Files\Jasc Software Inc
    [11/05/2006|09:35] C:\Program Files\Java
    [29/09/2007|21:02] C:\Program Files\Labtec
    [15/09/2007|06:26] C:\Program Files\Liatro
    [16/02/2008|14:18] C:\Program Files\LimeWire
    [28/12/2007|16:18] C:\Program Files\Logitech
    [24/02/2008|16:56] C:\Program Files\Macrogaming
    [19/09/2007|15:54] C:\Program Files\Memodata
    [03/02/2008|22:09] C:\Program Files\Messenger
    [24/02/2008|17:09] C:\Program Files\Messenger Plus! Live
    [14/05/2007|10:57] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [11/05/2006|09:35] C:\Program Files\microsoft frontpage
    [11/05/2006|01:55] C:\Program Files\Microsoft Office
    [03/02/2008|22:10] C:\Program Files\Microsoft Works
    [03/02/2008|22:10] C:\Program Files\Movie Maker
    [27/02/2008|21:06] C:\Program Files\Mozilla Firefox
    [28/10/2007|15:07] C:\Program Files\mp3DirectCut
    [09/09/2007|21:01] C:\Program Files\MSBuild
    [11/05/2006|09:35] C:\Program Files\MSN
    [11/05/2006|09:35] C:\Program Files\MSN Gaming Zone
    [09/12/2007|22:01] C:\Program Files\MSN Messenger
    [06/01/2008|16:39] C:\Program Files\MSN Pictures Displayer
    [14/05/2007|10:55] C:\Program Files\MSXML 4.0
    [11/09/2007|17:49] C:\Program Files\MSXML 6.0
    [09/12/2007|09:59] C:\Program Files\Navilog1
    [03/02/2008|22:10] C:\Program Files\NetMeeting
    [03/02/2008|22:10] C:\Program Files\NetWaiting
    [03/02/2008|22:10] C:\Program Files\Norton Internet Security
    [29/01/2008|17:46] C:\Program Files\NRJ
    [03/02/2008|22:10] C:\Program Files\Online Services
    [06/02/2008|21:35] C:\Program Files\Outlook Express
    [02/02/2008|09:12] C:\Program Files\PhotoFiltre
    [02/06/2007|16:32] C:\Program Files\Popims
    [03/11/2007|02:53] C:\Program Files\QuickTime
    [09/09/2007|20:57] C:\Program Files\Reference Assemblies
    [05/08/2007|10:30] C:\Program Files\RockNRoll
    [17/11/2007|18:00] C:\Program Files\ScanSoft
    [28/08/2007|01:02] C:\Program Files\Seagrand
    [23/01/2008|19:14] C:\Program Files\SecondLife
    [13/10/2007|23:31] C:\Program Files\Serif
    [03/02/2008|22:10] C:\Program Files\Services en ligne
    [08/10/2007|16:56] C:\Program Files\SM
    [11/05/2006|09:35] C:\Program Files\Sonic
    [07/06/2007|16:08] C:\Program Files\Sony Ericsson
    [03/02/2008|22:11] C:\Program Files\Symantec
    [11/05/2006|01:56] C:\Program Files\Synaptics
    [12/02/2008|16:18] C:\Program Files\Trend Micro
    [11/05/2006|09:35] C:\Program Files\Uninstall Information
    [15/11/2007|18:17] C:\Program Files\Visicom Media
    [11/09/2007|20:26] C:\Program Files\Webcam Surveyor
    [12/02/2008|15:44] C:\Program Files\WebcamMax
    [08/09/2007|21:30] C:\Program Files\WIDCOMM
    [31/10/2007|02:13] C:\Program Files\Windows Journal Viewer
    [19/01/2008|11:31] C:\Program Files\Windows Live
    [12/05/2007|20:01] C:\Program Files\Windows Live Favorites
    [12/05/2007|20:01] C:\Program Files\Windows Live Toolbar
    [29/01/2008|17:55] C:\Program Files\Windows Media Components
    [28/10/2007|13:36] C:\Program Files\Windows Media Connect 2
    [03/02/2008|22:11] C:\Program Files\Windows Media Player
    [03/02/2008|22:11] C:\Program Files\Windows NT
    [11/05/2006|09:35] C:\Program Files\WindowsUpdate
    [11/05/2006|09:35] C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [03/02/2008|22:06] C:\Program Files\Fichiers communs\.
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\..
    [13/06/2007|14:38] C:\Program Files\Fichiers communs\Adobe
    [13/10/2007|23:27] C:\Program Files\Fichiers communs\AVSMedia
    [09/09/2007|13:45] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\HP
    [27/10/2007|14:39] C:\Program Files\Fichiers communs\IdiomaX Shared
    [11/05/2006|01:52] C:\Program Files\Fichiers communs\InstallShield
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\Java
    [08/12/2007|18:14] C:\Program Files\Fichiers communs\Labtec
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\LightScribe
    [13/02/2008|16:03] C:\Program Files\Fichiers communs\LogiShrd
    [13/02/2008|15:50] C:\Program Files\Fichiers communs\Logitech
    [11/05/2006|01:55] C:\Program Files\Fichiers communs\Microsoft Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\MSSoap
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\ODBC
    [04/02/2008|20:39] C:\Program Files\Fichiers communs\ScanSoft Shared
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\Services
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\Sonic Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\SpeechEngines
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\SureThing Shared
    [03/02/2008|21:24] C:\Program Files\Fichiers communs\Symantec Shared
    [06/02/2008|21:35] C:\Program Files\Fichiers communs\System
    [10/11/2007|14:12] C:\Program Files\Fichiers communs\Teleca Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\TiVo Shared
    [02/12/2007|14:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-27 21:08:04
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\pack.epk
    ! EGDACCESS !


    /!\ [Fich:500][Doss:17] C:\DOCUME~1\St\LOCALS~1\Temp
    /!\ [Fich:72][Doss:0] C:\DOCUME~1\St\Cookies
    /!\ [Fich:8][Doss:4] C:\DOCUME~1\St\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 21:08:10,64 ]----------------------
    27 Février 2008 21:14:41

    Apparement rien ne se passe sur OTMOveIt. Sur le cadre de droit j'ai l'inscription suivante:

    File/Folder C:\Program Files\16more not found.
    File/Folder C:\DOCUME~1\St\APPLIC~1\16more not found.

    OTMoveIt2 v1.0.20 log created on 02272008_211304
    27 Février 2008 22:00:29

    Refais un lop option 1, poste le rapport ;) 
    27 Février 2008 23:31:24

    Le rapport de Lop avec l'option 1:


    -----------------------------[ Lop S&D 4.0.0 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : St ] [ "C:\Lop SD" ]
    [ 27/02/2008 | 23:30:21,87 ] [ PC : PC835617709412 ]
    [ MAJ : 26-02-2008 | 19:30 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [27/03/2006|08:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [03/02/2008|22:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [27/02/2008|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [27/02/2008|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [11/05/2006|01:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [03/11/2007|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [03/11/2007|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [13/10/2007|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [17/11/2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [11/05/2006|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [27/03/2006|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [09/01/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [05/12/2007|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [11/05/2006|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [27/03/2006|07:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [11/05/2006|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [19/05/2007|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2F9.tmp
    [19/05/2007|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FB.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FC.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FD.tmp
    [19/05/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FE.tmp
    [20/05/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx2FF.tmp
    [26/05/2007|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx8C.tmp
    [28/12/2007|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
    [28/12/2007|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [21/10/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [11/05/2006|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [11/05/2006|01:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [04/09/2007|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
    [07/06/2007|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
    [11/05/2006|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [01/01/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [03/02/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [07/06/2007|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [17/11/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
    [17/11/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
    [03/02/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [07/06/2007|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [10/09/2007|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WebacamSurveyor
    [12/02/2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webcammax
    [14/05/2007|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [12/05/2007|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [26/01/2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [27/03/2006|08:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [03/02/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [11/05/2006|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [10/10/2007|13:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [11/05/2006|01:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [27/02/2008|21:12] C:\DOCUME~1\St\APPLIC~1\.
    [27/02/2008|21:12] C:\DOCUME~1\St\APPLIC~1\..
    [06/02/2008|14:26] C:\DOCUME~1\St\APPLIC~1\Adobe
    [11/02/2008|21:44] C:\DOCUME~1\St\APPLIC~1\Arcsoft
    [18/02/2008|17:30] C:\DOCUME~1\St\APPLIC~1\CamfrogWEB
    [27/02/2008|18:48] C:\DOCUME~1\St\APPLIC~1\Canon
    [27/03/2006|08:48] C:\DOCUME~1\St\APPLIC~1\desktop.ini
    [04/02/2008|20:58] C:\DOCUME~1\St\APPLIC~1\Google
    [19/02/2008|17:13] C:\DOCUME~1\St\APPLIC~1\Help
    [03/02/2008|22:03] C:\DOCUME~1\St\APPLIC~1\Identities
    [04/02/2008|20:37] C:\DOCUME~1\St\APPLIC~1\InterTrust
    [25/02/2008|12:43] C:\DOCUME~1\St\APPLIC~1\LimeWire
    [03/02/2008|14:49] C:\DOCUME~1\St\APPLIC~1\Macromedia
    [04/02/2008|22:02] C:\DOCUME~1\St\APPLIC~1\Microsoft
    [24/02/2008|17:46] C:\DOCUME~1\St\APPLIC~1\Mozilla
    [04/02/2008|20:39] C:\DOCUME~1\St\APPLIC~1\ScanSoft
    [03/02/2008|22:03] C:\DOCUME~1\St\APPLIC~1\Symantec
    [06/02/2008|21:16] C:\DOCUME~1\St\APPLIC~1\Template
    [11/02/2008|22:06] C:\DOCUME~1\St\APPLIC~1\Webcammax
    [27/02/2008|21:09] C:\DOCUME~1\St\APPLIC~1\wklnhst.dat


    [31/01/2008|17:54] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\.
    [31/01/2008|17:54] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\..
    [02/02/2008|17:44] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Adobe
    [26/01/2008|23:02] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\CamfrogWEB
    [27/03/2006|08:48] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\desktop.ini
    [26/01/2008|20:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Google
    [26/01/2008|20:50] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Grisoft
    [09/09/2007|05:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Identities
    [01/02/2008|21:51] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\LimeWire
    [26/01/2008|20:52] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Macromedia
    [26/01/2008|21:03] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Microsoft
    [26/01/2008|20:51] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Mozilla
    [27/01/2008|11:14] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\SecondLife
    [30/01/2008|01:04] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Sun
    [09/09/2007|05:59] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Symantec
    [26/01/2008|20:50] C:\DOCUME~1\SULTAN~1.PC8\APPLIC~1\Teleca



    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [16/02/2008 14:19][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job
    [12/02/2008 19:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [04/01/2008 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - Sultan.job
    [27/02/2008 20:55][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [11/05/2006 02:05][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
    [27/02/2008 23:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 22:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [27/02/2008|21:12] C:\Program Files\.
    [27/02/2008|21:12] C:\Program Files\..
    [17/11/2007|17:30] C:\Program Files\ABBYY FineReader 6.0
    [11/05/2006|01:53] C:\Program Files\Adobe
    [03/12/2007|19:13] C:\Program Files\Alwil Software
    [03/11/2007|02:52] C:\Program Files\Apple Software Update
    [17/11/2007|17:59] C:\Program Files\ArcSoft
    [13/10/2007|23:27] C:\Program Files\AVS4YOU
    [17/11/2007|18:01] C:\Program Files\Canon
    [04/02/2008|18:49] C:\Program Files\Capturino 1.4
    [05/12/2007|17:59] C:\Program Files\CCleaner
    [12/02/2008|18:09] C:\Program Files\CFWebAdvancedU
    [11/05/2006|09:35] C:\Program Files\ComPlus Applications
    [03/02/2008|22:06] C:\Program Files\CONEXANT
    [28/10/2007|15:20] C:\Program Files\Dactylo
    [01/01/2008|01:54] C:\Program Files\Dialogoo
    [08/09/2007|21:33] C:\Program Files\DIFX
    [07/06/2007|16:11] C:\Program Files\Disc2Phone
    [17/11/2007|17:30] C:\Program Files\FaxTools
    [03/02/2008|22:06] C:\Program Files\Fichiers communs
    [15/09/2007|07:21] C:\Program Files\Foreignword
    [16/11/2007|17:41] C:\Program Files\freebird
    [06/02/2008|13:57] C:\Program Files\Google
    [05/12/2007|17:56] C:\Program Files\Grisoft
    [11/05/2006|02:18] C:\Program Files\Hewlett-Packard
    [31/08/2007|00:11] C:\Program Files\Hofmann
    [11/05/2006|02:01] C:\Program Files\Hp
    [11/05/2006|02:18] C:\Program Files\HPQ
    [15/09/2007|07:25] C:\Program Files\IdiomaX
    [24/02/2008|17:22] C:\Program Files\InstallShield Installation Information
    [11/05/2006|01:45] C:\Program Files\Intel
    [13/02/2008|21:11] C:\Program Files\Internet Explorer
    [19/10/2007|12:07] C:\Program Files\Islam
    [03/12/2007|23:41] C:\Program Files\Jasc Software Inc
    [11/05/2006|09:35] C:\Program Files\Java
    [29/09/2007|21:02] C:\Program Files\Labtec
    [15/09/2007|06:26] C:\Program Files\Liatro
    [16/02/2008|14:18] C:\Program Files\LimeWire
    [28/12/2007|16:18] C:\Program Files\Logitech
    [24/02/2008|16:56] C:\Program Files\Macrogaming
    [19/09/2007|15:54] C:\Program Files\Memodata
    [03/02/2008|22:09] C:\Program Files\Messenger
    [24/02/2008|17:09] C:\Program Files\Messenger Plus! Live
    [14/05/2007|10:57] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [11/05/2006|09:35] C:\Program Files\microsoft frontpage
    [11/05/2006|01:55] C:\Program Files\Microsoft Office
    [03/02/2008|22:10] C:\Program Files\Microsoft Works
    [03/02/2008|22:10] C:\Program Files\Movie Maker
    [27/02/2008|23:28] C:\Program Files\Mozilla Firefox
    [28/10/2007|15:07] C:\Program Files\mp3DirectCut
    [09/09/2007|21:01] C:\Program Files\MSBuild
    [11/05/2006|09:35] C:\Program Files\MSN
    [11/05/2006|09:35] C:\Program Files\MSN Gaming Zone
    [09/12/2007|22:01] C:\Program Files\MSN Messenger
    [06/01/2008|16:39] C:\Program Files\MSN Pictures Displayer
    [14/05/2007|10:55] C:\Program Files\MSXML 4.0
    [11/09/2007|17:49] C:\Program Files\MSXML 6.0
    [09/12/2007|09:59] C:\Program Files\Navilog1
    [03/02/2008|22:10] C:\Program Files\NetMeeting
    [03/02/2008|22:10] C:\Program Files\NetWaiting
    [03/02/2008|22:10] C:\Program Files\Norton Internet Security
    [29/01/2008|17:46] C:\Program Files\NRJ
    [03/02/2008|22:10] C:\Program Files\Online Services
    [06/02/2008|21:35] C:\Program Files\Outlook Express
    [02/02/2008|09:12] C:\Program Files\PhotoFiltre
    [02/06/2007|16:32] C:\Program Files\Popims
    [03/11/2007|02:53] C:\Program Files\QuickTime
    [09/09/2007|20:57] C:\Program Files\Reference Assemblies
    [05/08/2007|10:30] C:\Program Files\RockNRoll
    [17/11/2007|18:00] C:\Program Files\ScanSoft
    [28/08/2007|01:02] C:\Program Files\Seagrand
    [23/01/2008|19:14] C:\Program Files\SecondLife
    [13/10/2007|23:31] C:\Program Files\Serif
    [03/02/2008|22:10] C:\Program Files\Services en ligne
    [08/10/2007|16:56] C:\Program Files\SM
    [11/05/2006|09:35] C:\Program Files\Sonic
    [07/06/2007|16:08] C:\Program Files\Sony Ericsson
    [03/02/2008|22:11] C:\Program Files\Symantec
    [11/05/2006|01:56] C:\Program Files\Synaptics
    [12/02/2008|16:18] C:\Program Files\Trend Micro
    [11/05/2006|09:35] C:\Program Files\Uninstall Information
    [15/11/2007|18:17] C:\Program Files\Visicom Media
    [11/09/2007|20:26] C:\Program Files\Webcam Surveyor
    [12/02/2008|15:44] C:\Program Files\WebcamMax
    [08/09/2007|21:30] C:\Program Files\WIDCOMM
    [31/10/2007|02:13] C:\Program Files\Windows Journal Viewer
    [19/01/2008|11:31] C:\Program Files\Windows Live
    [12/05/2007|20:01] C:\Program Files\Windows Live Favorites
    [12/05/2007|20:01] C:\Program Files\Windows Live Toolbar
    [29/01/2008|17:55] C:\Program Files\Windows Media Components
    [28/10/2007|13:36] C:\Program Files\Windows Media Connect 2
    [03/02/2008|22:11] C:\Program Files\Windows Media Player
    [03/02/2008|22:11] C:\Program Files\Windows NT
    [11/05/2006|09:35] C:\Program Files\WindowsUpdate
    [11/05/2006|09:35] C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [03/02/2008|22:06] C:\Program Files\Fichiers communs\.
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\..
    [13/06/2007|14:38] C:\Program Files\Fichiers communs\Adobe
    [13/10/2007|23:27] C:\Program Files\Fichiers communs\AVSMedia
    [09/09/2007|13:45] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\HP
    [27/10/2007|14:39] C:\Program Files\Fichiers communs\IdiomaX Shared
    [11/05/2006|01:52] C:\Program Files\Fichiers communs\InstallShield
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\Java
    [08/12/2007|18:14] C:\Program Files\Fichiers communs\Labtec
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\LightScribe
    [13/02/2008|16:03] C:\Program Files\Fichiers communs\LogiShrd
    [13/02/2008|15:50] C:\Program Files\Fichiers communs\Logitech
    [11/05/2006|01:55] C:\Program Files\Fichiers communs\Microsoft Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\MSSoap
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\ODBC
    [04/02/2008|20:39] C:\Program Files\Fichiers communs\ScanSoft Shared
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\Services
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\Sonic Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\SpeechEngines
    [03/02/2008|22:06] C:\Program Files\Fichiers communs\SureThing Shared
    [03/02/2008|21:24] C:\Program Files\Fichiers communs\Symantec Shared
    [06/02/2008|21:35] C:\Program Files\Fichiers communs\System
    [10/11/2007|14:12] C:\Program Files\Fichiers communs\Teleca Shared
    [11/05/2006|09:35] C:\Program Files\Fichiers communs\TiVo Shared
    [02/12/2007|14:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-27 23:30:48
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\pack.epk
    ! EGDACCESS !


    /!\ [Fich:499][Doss:16] C:\DOCUME~1\St\LOCALS~1\Temp
    /!\ [Fich:72][Doss:0] C:\DOCUME~1\St\Cookies
    /!\ [Fich:8][Doss:4] C:\DOCUME~1\St\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 23:30:56,03 ]----------------------
    27 Février 2008 23:40:24

    Bien, toujours ces pubs ?
    Pour savoir ..
    28 Février 2008 11:10:50

    bjr, depuis ce matin non, aucune pub.
    28 Février 2008 11:37:17

    Bien,

    On va quand même vérifier pour être sûr que tu n'aies pas d'infection Egdaccess.
    Mieux vaut prévenir que guérir ;) 

    Télécharge Navilog (de Il-Mafioso)

    Enregistre-le sur ton Bureau.
    Installe-le en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2,3 et 4 sans notre accord !
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

    Le rapport se trouve ici :C:\fixnavi.txt
    28 Février 2008 12:03:31

    Le voici :

    Search Navipromo version 3.4.8 commencé le 28/02/2008 à 11:45:25,15

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***




    *** Recherche dossiers dans C:\WINDOWS ***



    *** Recherche dossiers dans C:\Program Files ***



    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




    *** Recherche dossiers dans "C:\Documents and Settings\St\applic~1" ***



    *** Recherche dossiers dans "C:\Documents and Settings\St\locals~1\applic~1" ***



    *** Recherche dossiers dans "C:\Documents and Settings\St\MENUDM~1\PROGRA~1" ***


    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans "C:\Documents and Settings\St\locals~1\applic~1" *



    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !


    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :


    * Dans "C:\Documents and Settings\St\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 28/02/2008 à 11:53:32,70 ***
    28 Février 2008 12:19:14

    Bien, pas d'infection Egdaccess.

    Supprime C:\WINDOWS\pack.epk

    ****

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
    28 Février 2008 12:30:46

    Oulaaa! Mes navigateurs (que se soit internet explorer ou firefox) refusent de me lancer la page pour télécharger Clean.
    28 Février 2008 12:55:10

    Oui, désolé, le site est à nouveau indisponible.

    Reposte un HijackThis
    28 Février 2008 13:00:31

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:59:55, on 28/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Works\WkDStore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Microsoft Works\wkswp.exe
    C:\Program Files\Microsoft Works\wkgdcach.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\Microsoft Works\WksWP.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Acid Two] C:\DOCUME~1\St\APPLIC~1\16more\live debug base.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_ac...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 11243 bytes
    28 Février 2008 13:27:24

    Re,

    Tu tiens à Symantec ?
    28 Février 2008 13:34:33

    Oui, pourquoi?
    28 Février 2008 13:50:41

    Pour savoir..

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Acid Two] C:\DOCUME~1\St\APPLIC~1\16more\live debug base.exe

    Puis Fix Checked !


    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
    Autorise les active x.
    Clique sur Démarrer Online Scanner.
    Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
    Colle son rapport ici.
    28 Février 2008 15:06:07

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, February 28, 2008 3:03:36 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 28/02/2008
    Kaspersky Anti-Virus database records: 585361
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - Critical Areas:
    C:\WINDOWS
    C:\DOCUME~1\St\LOCALS~1\Temp\

    Scan Statistics:
    Total number of scanned objects: 16134
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:15:17

    Infected Object Name / Virus Name / Last Action
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\LVCOMSX.LOG Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\DOCUME~1\St\LOCALS~1\Temp\WKS184.tmp Object is locked skipped
    C:\DOCUME~1\St\LOCALS~1\Temp\WKS325.tmp Object is locked skipped
    C:\DOCUME~1\St\LOCALS~1\Temp\~DFD1C3.tmp Object is locked skipped
    C:\DOCUME~1\St\LOCALS~1\Temp\~Qil0495.tmp Object is locked skipped
    C:\DOCUME~1\St\LOCALS~1\Temp\~Qil1128.tmp Object is locked skipped
    C:\DOCUME~1\St\LOCALS~1\Temp\~Qil2609.tmp Object is locked skipped

    Scan process completed.
    28 Février 2008 15:06:50

    Re,

    Il fallait analyser tout ton poste de travail
    28 Février 2008 22:08:32

    Oh, excuse-moi, je l'ai refais cette après midi voilà le résultat dont je suis obligé de couper parce qu'il y en a trop.
    ( fais-moi signe quand tu l'auras lu, je le supprimerai)

    28 Février 2008 22:16:10

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, February 28, 2008 6:59:11 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 28/02/2008
    Kaspersky Anti-Virus database records: 585361
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - Folders:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 93510
    Number of viruses found: 6
    Number of infected objects: 12
    Number of suspicious objects: 0
    Duration of the scan process: 01:21:28


    28 Février 2008 22:19:42

    C'est impossible...c'est très long! Il n'y a pas moyen de te l'envoyer autrement? Sinon je ne peux pas le poster, j'ai voulu couper par morceau, mais tout n'est pas entré, je suis fortement désolée.
    28 Février 2008 22:30:32

    Copie seulement la suite du rapport :) Ou les lignes infectées !
    29 Février 2008 09:30:32

    Bonjour, je les ai sélectionné :

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46BA3F48.exe Infected: not-a-virus:D ownloader.Win32.WinFixer.x

    C:\Documents and Settings\St\Bureau\Navilog1.exe/file09 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\St\Bureau\Navilog1.exe Inno: infected - 1 skipped

    C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Program Files\Visicom Media\GifMovieGear 4\vmntoolbar\vmntoolbarsetup.exe/data0146 Infected: not-a-virus:AdWare.Win32.BHO.w skipped

    C:\Program Files\Visicom Media\GifMovieGear 4\vmntoolbar\vmntoolbarsetup.exe NSIS: infected - 1 skipped

    C:\System Volume Information\_restore{B0D22BE2-A227-4068-A48A-E6B79217B4BA}\RP26\A0008394.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\upload_moi_PC835617709412.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/Program Files/OneStepSearch/onestep.dll Infected: not-a-virus:AdWare.Win32.OneStep.a skipped

    C:\upload_moi_PC835617709412.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/Program Files/OneStepSearch/onestep.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

    C:\upload_moi_PC835617709412.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/Program Files/OneStepSearch/osopt.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

    C:\upload_moi_PC835617709412.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

    C:\upload_moi_PC835617709412.tar.gz GZIP: infected - 4 skipped
    29 Février 2008 11:34:57

    Re,

    Vide la quarantaine de Norton.
    Supprime C:\Program Files\Visicom Media. (désinstalle le avant dans ajout/suppr de programmes).

    Télécharge ToolsCleaner2( de A.Rothstein)

    Installe le sur ton Bureau
    Clique sur [Recherche] pour lancer le scan
    Clique sur [Supprimer] pour nettoyer les outils utilisés
    Clique sur [Quitter],
    Poste ce rapport ~>C:\TCleaner.txt<~

    Garde ccleaner, avg et antivir si nous les avons installé..
    Rapporte ton infection sur Malware Complaints >Tuto<
    Ton(tes) infection(s) : Lop

    Puis regarde ces dossiers :

    Sécurité/Prévention
    Conséquences de la multi-protection,

    Bonne journée
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS