Fenêtres publicitaires cid [Résolu]

Salut,

Mais non surtout pas, il y a des outils pour ca.

Télécharge Lop S&D.exe sur ton Bureau.

http://eric.71.mespages.googlepages.com/LopSD.exe

* Double-clique dessus pour lancer l'installation.
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Pannau de configuration > Modifié Suprimé des programme > Msn Plus > Desinstallé > Desinstalé le Sponsor . Le tour est joué ! IL NE FAUT JAMAIS INSTALLER LE SPONSOR AVEC MSN + !

Salut,utilise navilog et fait un scan avec.

Essais Hijack This !

Hijackthis n'enleveras pas les pubs!

RAPPEL


Post 1.

LopS&D et un outil anti CiD.

voici le rapport après
--------------------\\ Lop S&D 4.2.3-0 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Pascale Cuny ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 17/08/2008 | 14:34:29 ] [ PC : CUNY-6CD7588788 (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[22/02/2008|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/09/2007|18:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[30/10/2007|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[30/10/2007|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/09/2007|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[26/09/2007|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[28/09/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/08/2008|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[24/03/2008|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[22/03/2008|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[22/07/2008|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Axis Bat Wave
[26/03/2008|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[05/08/2008|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/11/2007|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[19/01/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[26/09/2007|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[26/09/2007|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[05/08/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[11/07/2008|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[21/07/2008|11:25] C:\DOCUME~1\BENJAM~1\APPLIC~1\Adobe
[28/09/2007|18:47] C:\DOCUME~1\BENJAM~1\APPLIC~1\Bitdefender
[26/09/2007|19:04] C:\DOCUME~1\BENJAM~1\APPLIC~1\desktop.ini
[03/12/2007|20:41] C:\DOCUME~1\BENJAM~1\APPLIC~1\Google
[01/03/2008|16:45] C:\DOCUME~1\BENJAM~1\APPLIC~1\gtk-2.0
[17/05/2008|18:52] C:\DOCUME~1\BENJAM~1\APPLIC~1\Help
[28/09/2007|18:46] C:\DOCUME~1\BENJAM~1\APPLIC~1\Identities
[22/06/2008|10:47] C:\DOCUME~1\BENJAM~1\APPLIC~1\Leadertech
[04/01/2008|18:43] C:\DOCUME~1\BENJAM~1\APPLIC~1\LEGO Interactive
[28/09/2007|18:49] C:\DOCUME~1\BENJAM~1\APPLIC~1\Macromedia
[26/12/2007|13:32] C:\DOCUME~1\BENJAM~1\APPLIC~1\Microsoft
[21/11/2007|19:24] C:\DOCUME~1\BENJAM~1\APPLIC~1\Real
[26/09/2007|17:19] C:\DOCUME~1\BENJAM~1\APPLIC~1\Sun
[07/11/2007|15:58] C:\DOCUME~1\BENJAM~1\APPLIC~1\Template

[26/09/2007|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[26/09/2007|17:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/09/2007|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun


[24/11/2007|09:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[29/06/2008|16:42] C:\DOCUME~1\MAXCUN~1\APPLIC~1\Adobe
[27/09/2007|22:25] C:\DOCUME~1\MAXCUN~1\APPLIC~1\Bitdefender
[26/09/2007|19:04] C:\DOCUME~1\MAXCUN~1\APPLIC~1\desktop.ini
[29/06/2008|16:40] C:\DOCUME~1\MAXCUN~1\APPLIC~1\Google
[27/09/2007|22:25] C:\DOCUME~1\MAXCUN~1\APPLIC~1\Identities
[09/01/2008|12:46] C:\DOCUME~1\MAXCUN~1\APPLIC~1\Macromedia
[23/11/2007|13:44] C:\DOCUME~1\MAXCUN~1\APPLIC~1\Microsoft
[23/11/2007|13:44] C:\DOCUME~1\MAXCUN~1\APPLIC~1\Real
[26/09/2007|17:19] C:\DOCUME~1\MAXCUN~1\APPLIC~1\Sun

[26/01/2008|22:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[07/11/2007|11:12] C:\DOCUME~1\PASCAL~1\APPLIC~1\Adobe
[31/05/2008|15:23] C:\DOCUME~1\PASCAL~1\APPLIC~1\Ahead
[26/09/2007|18:03] C:\DOCUME~1\PASCAL~1\APPLIC~1\Bitdefender
[26/09/2007|19:04] C:\DOCUME~1\PASCAL~1\APPLIC~1\desktop.ini
[03/10/2007|18:40] C:\DOCUME~1\PASCAL~1\APPLIC~1\Google
[09/07/2008|15:59] C:\DOCUME~1\PASCAL~1\APPLIC~1\gtk-2.0
[01/03/2008|00:19] C:\DOCUME~1\PASCAL~1\APPLIC~1\Help
[24/10/2007|16:53] C:\DOCUME~1\PASCAL~1\APPLIC~1\Hewlett-Packard
[26/09/2007|17:27] C:\DOCUME~1\PASCAL~1\APPLIC~1\Identities
[30/04/2008|20:51] C:\DOCUME~1\PASCAL~1\APPLIC~1\Leadertech
[29/09/2007|07:31] C:\DOCUME~1\PASCAL~1\APPLIC~1\Macromedia
[07/06/2008|10:55] C:\DOCUME~1\PASCAL~1\APPLIC~1\mdb.bin
[05/07/2008|13:37] C:\DOCUME~1\PASCAL~1\APPLIC~1\Microsoft
[06/04/2008|14:47] C:\DOCUME~1\PASCAL~1\APPLIC~1\MSNInstaller
[02/01/2008|18:20] C:\DOCUME~1\PASCAL~1\APPLIC~1\Real
[26/09/2007|17:19] C:\DOCUME~1\PASCAL~1\APPLIC~1\Sun
[13/10/2007|11:19] C:\DOCUME~1\PASCAL~1\APPLIC~1\Template

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/08/2008 15:48][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[22/07/2008 22:06][--ah-----] C:\WINDOWS\tasks\A8C8F1A5918B67A9.job
[24/03/2008 11:53][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1206352324.job
[30/10/2007 10:50][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/09/2007 19:57][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[31/12/2007 13:44][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A8C8F1A5918B67A9.job )=( c:\docume~1\guilla~1\applic~1\thirdo~1\mailtitlepoke.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[01/07/2008|23:39] C:\Program Files\Adobe
[26/09/2007|18:47] C:\Program Files\Ahead
[05/07/2008|15:48] C:\Program Files\Alice
[20/07/2008|22:31] C:\Program Files\Antipub
[30/10/2007|10:50] C:\Program Files\Apple Software Update
[21/03/2008|21:00] C:\Program Files\Circle Developement
[26/09/2007|17:12] C:\Program Files\ComPlus Applications
[17/10/2007|11:13] C:\Program Files\directx
[08/06/2008|18:54] C:\Program Files\eMule
[22/03/2008|17:59] C:\Program Files\Fichiers communs
[09/08/2008|11:32] C:\Program Files\Fnacmusic
[20/11/2007|17:46] C:\Program Files\GIMP-2.0
[06/08/2008|20:04] C:\Program Files\Google
[17/07/2008|12:22] C:\Program Files\GT Interactive
[26/09/2007|19:58] C:\Program Files\Hewlett-Packard
[01/03/2008|00:53] C:\Program Files\Hp
[25/10/2007|18:10] C:\Program Files\IncrediMail
[17/07/2008|12:11] C:\Program Files\InstallShield Installation Information
[15/08/2008|08:46] C:\Program Files\Internet Explorer
[06/04/2008|14:37] C:\Program Files\Java
[08/08/2008|18:08] C:\Program Files\JoWooD
[22/03/2008|18:00] C:\Program Files\Lavasoft
[04/01/2008|11:36] C:\Program Files\LEGO Interactive
[03/01/2008|16:39] C:\Program Files\LEGO Media
[23/05/2008|19:03] C:\Program Files\LimeWire
[19/06/2008|18:17] C:\Program Files\Livre Album Fuji Photo
[26/03/2008|19:22] C:\Program Files\Ma Pension d'Animaux
[22/03/2008|19:21] C:\Program Files\Macrogaming
[14/01/2008|21:38] C:\Program Files\Magentic
[15/05/2008|13:12] C:\Program Files\Maxis
[15/08/2008|08:47] C:\Program Files\Messenger
[22/03/2008|21:05] C:\Program Files\Messenger Plus! Live
[19/03/2008|21:11] C:\Program Files\MessengerSkinner
[26/09/2007|17:19] C:\Program Files\microsoft frontpage
[06/04/2008|15:09] C:\Program Files\Microsoft Office
[26/09/2007|19:52] C:\Program Files\Microsoft Works
[01/04/2008|20:28] C:\Program Files\Mindscape
[26/09/2007|17:13] C:\Program Files\Movie Maker
[08/06/2008|18:59] C:\Program Files\Mozilla Firefox
[06/11/2007|11:43] C:\Program Files\MSECache
[26/09/2007|19:31] C:\Program Files\MSN
[26/09/2007|17:11] C:\Program Files\MSN Gaming Zone
[05/08/2008|16:29] C:\Program Files\MSN Messenger
[05/08/2008|17:50] C:\Program Files\Navilog1
[26/09/2007|17:13] C:\Program Files\NetMeeting
[28/09/2007|19:57] C:\Program Files\Norton Security Scan
[26/09/2007|17:11] C:\Program Files\Online Services
[28/09/2007|17:19] C:\Program Files\Outlook Express
[03/08/2008|09:17] C:\Program Files\PCPrivacyCleaner
[30/04/2008|20:24] C:\Program Files\Photo Story 3 for Windows
[07/06/2008|10:48] C:\Program Files\PHOTOCITE Collection
[06/11/2007|15:23] C:\Program Files\PhotoFiltre Studio
[02/04/2008|16:29] C:\Program Files\Picasa2
[30/10/2007|10:51] C:\Program Files\QuickTime
[30/10/2007|11:25] C:\Program Files\Real
[09/03/2008|17:04] C:\Program Files\Rockstar Games
[28/03/2008|19:26] C:\Program Files\Services en ligne
[20/11/2007|16:37] C:\Program Files\Skyline
[26/09/2007|17:45] C:\Program Files\Softwin
[05/08/2008|16:34] C:\Program Files\Spyware-Secure
[05/07/2008|08:24] C:\Program Files\TechCity Solutions
[22/07/2008|22:03] C:\Program Files\Third Owns
[23/07/2008|18:17] C:\Program Files\Trend Micro
[02/02/2008|17:18] C:\Program Files\Trust
[26/09/2007|17:27] C:\Program Files\Uninstall Information
[11/04/2008|16:26] C:\Program Files\Web Publish
[28/02/2008|21:49] C:\Program Files\Windows Journal Viewer
[05/08/2008|15:43] C:\Program Files\Windows Live
[05/08/2008|15:47] C:\Program Files\Windows Live Favorites
[05/08/2008|15:48] C:\Program Files\Windows Live Toolbar
[24/11/2007|09:33] C:\Program Files\Windows Media Connect 2
[24/11/2007|09:33] C:\Program Files\Windows Media Player
[26/09/2007|17:11] C:\Program Files\Windows NT
[26/09/2007|17:14] C:\Program Files\WindowsUpdate
[26/09/2007|17:19] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/02/2008|18:33] C:\Program Files\Fichiers communs\Adobe
[26/09/2007|18:44] C:\Program Files\Fichiers communs\Ahead
[26/09/2007|19:56] C:\Program Files\Fichiers communs\Hewlett-Packard
[22/03/2008|21:15] C:\Program Files\Fichiers communs\InstallShield
[26/09/2007|17:19] C:\Program Files\Fichiers communs\Java
[05/08/2008|15:43] C:\Program Files\Fichiers communs\Microsoft Shared
[26/09/2007|17:13] C:\Program Files\Fichiers communs\MSSoap
[09/02/2008|21:23] C:\Program Files\Fichiers communs\NSV
[26/09/2007|19:05] C:\Program Files\Fichiers communs\ODBC
[02/02/2008|17:18] C:\Program Files\Fichiers communs\PAC207
[30/10/2007|11:26] C:\Program Files\Fichiers communs\Real
[26/09/2007|17:13] C:\Program Files\Fichiers communs\Services
[26/09/2007|17:45] C:\Program Files\Fichiers communs\Softwin
[26/09/2007|19:04] C:\Program Files\Fichiers communs\SpeechEngines
[21/02/2008|21:47] C:\Program Files\Fichiers communs\System
[26/01/2008|18:08] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[22/03/2008|17:59] C:\Program Files\Fichiers communs\Wise Installation Wizard
[30/10/2007|11:26] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 57 Processus )

iexplore.exe ~ [PID:108] ~ [Threads:15]
iexplore.exe ~ [PID:1752] ~ [Threads:57]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Axis Bat Wave
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Axis Bat Wave\obj info.exe
C:\Program Files\thirdo~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@advertstream[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@www.adserver5[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@advertising[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@banner.casinoking[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@casinoking[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@banner.cotedazurpalace[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@cotedazurpalace[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@adopt.euroclick[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@pacificpoker[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@partygaming.122.2o7[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@partypoker[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@32vegas[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@banner.32vegas[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@www.lop[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@2xmoinscher[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@cc.2xmoinscher[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@www.2xmoinscher[2].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@888[1].txt
C:\DOCUME~1\PASCAL~1\Cookies\pascale_cuny@888[2].txt
C:\WINDOWS\Tasks\A8C8F1A5918B67A9.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bat Wave Base Dale"="C:\\Documents and Settings\\All Users\\Application Data\\Link Axis Bat Wave\\obj info.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 14:38:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Program Files\MessengerSkinner
C:\WINDOWS\System32\nvs2.inf
[b]==> EGDACCESS <==/b



[F:585][D:53]-> C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp
[F:1218][D:0]-> C:\DOCUME~1\PASCAL~1\Cookies
[F:19444][D:45]-> C:\DOCUME~1\PASCAL~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 14:42:58,26
téléchargement LOP S&D :

Re,

Alors, qu'est ce que je disais ?

Tu passes l'option 2.

Ensuite.

Pour toi et pour eliminer ca : nvs2.inf.

Telecharges malwares bytes anti malwares :

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: http://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

Fais un scan complet et postes le rapport.


Je vais manger je reviens.

@ tt a l'heure.

ouf, après un certain nombre d'heures voici le rapport final :
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1060
Windows 5.1.2600 Service Pack 2

19:40:28 17/08/2008
mbam-log-8-17-2008 (19-40-28).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 146971
Temps écoulé: 3 hour(s), 58 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Guillaume Cuny\Local Settings\Application Data\yacuums_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guillaume Cuny\Local Settings\Application Data\yacuums_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guillaume Cuny\Local Settings\Application Data\yacuums.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guillaume Cuny\Local Settings\Application Data\yacuums.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin Cuny\Local Settings\Temp\GLK6.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin Cuny\Local Settings\Temp\GLKC.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin Cuny\Local Settings\Temp\GLKE.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin Cuny\Local Settings\Temp\GLK4.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db-journal (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

Re,

As tu passe l'option 2 de LopS&D, as tu le rapport ?

Oui, MBAM a fait du bon boulot, c'est sur..

Mais il me faut Lop.

Je t'attends.

:))

Re,

Bon c'est pas grave, on s'en passera.

Fais ceci maintenant :

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Ouioui.

Voila :

Mode sans Echec:

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

je suis désolée , mais je suis obligée de faire ça tout à l'heure, merci pour l'aide précieuse.

je te tiens au courant

a +

voilà je viens de terminer la manoeuvre, faut-il faire autre chose maintenant svp ?

Il faut poster le rapport.

bonjour

Voici le rapport :
[b]SDFix: Version 1.217 /b
Run by Pascale Cuny on 18/08/2008 at 20:42

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b:

No Trojan Files Found






Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 20:51:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Pascale Cuny\\Local Settings\\Temporary Internet Files\\Content.IE5\\LNU1G45Z\\incredimail_install[1].exe"="C:\\Documents and Settings\\Pascale Cuny\\Local Settings\\Temporary Internet Files\\Content.IE5\\LNU1G45Z\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files /b:



[b]Files with Hidden Attributes /b:

Wed 2 Apr 2008 4,909,072 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 24 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 9 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 26 Sep 2007 8,348,280 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d73c5f11656cfb2872f8f4bb0b3a716\BIT5.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT3.tmp"
Wed 26 Sep 2007 4,715,912 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2e7a189200995a8815b37a5d2ef6c8c6\BIT23.tmp"
Fri 15 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT1.tmp"
Thu 27 Sep 2007 1,202,416 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7351a9d6fb0d30de886b0cdad6ea8ae1\BIT5F.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\BIT9.tmp"
Sun 3 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9a57e2a6d580705a96ff50eb33fc9c65\BIT1.tmp"
Thu 27 Sep 2007 804,256 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a3debb4e9e3b20d27b1821077eb58bad\BIT13.tmp"
Wed 26 Sep 2007 613,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\abca9e2bf0dd5e18df937d2b7f598387\BIT22.tmp"
Thu 27 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BITC.tmp"
Wed 26 Sep 2007 755,592 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8ac6274ac8ad7e4b0febe55aca1e516\BIT45.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\BITD.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\BIT15.tmp"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8ec741c57b58a534cd55e8f0ca69e79\BIT6.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02418795bf9ae0332d2724a0721b3b6a\download\BIT7.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02970179a133da43483e5e8495d03f51\download\BITB.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\126216e1ea5a965d65b4b02390ca8357\download\BITF.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12c9c7b74d009cd8f751411d54cc4b11\download\BIT18B.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\171d2120022f92869484c921d3263cc3\download\BITC.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1e10da77e5e1c72d2afe101dc568fb06\download\BIT1C.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\302e1056006644b6630bcb41e5969ade\download\BITA4.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3887d65d3ab5fa0d45001f504bed5b37\download\BITA.tmp"
Thu 27 Sep 2007 2,372,498 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4896e7eb404b9f0d2ec9221b3c0f425b\download\BIT6A.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4c5c888ff189ce65af20cc141b13bcd3\download\BIT70.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cabbc33d9fa3ea879d2330766ba6ff1\download\BIT90.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5cbce544ba5a58e170acdb52973e4471\download\BIT99.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\download\BITA1.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61cb8cabb47496dec6d7e4c842c3b827\download\BIT51.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6291f486ec5de5182ec3cff2071af184\download\BIT4E.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\773244b80a35d887f4682727f34cdcce\download\BIT11.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a40be1d5e41517009a903a286bf28bd\download\BIT9C.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7d67df8d2fa218514bbe5a22ae12a9b3\download\BIT80.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\90eded57e7780b832eed3339a922a322\download\BITA3.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\98e4ab2cb14986b0be91146bef7a2943\download\BIT82.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b81252ef70e0d4f53d4fb43336030927\download\BIT93.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b848f7bbcc1590afa157f879b74964b2\download\BIT7E.tmp"
Thu 27 Sep 2007 270,336 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba502b35f31a2bf19a595db79d7bef15\download\BIT6F.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cbee9c95b55c0a7f59376a89c9a3d3c1\download\BIT50.tmp"
Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d14d0217f816e7b705d500838dec3aae\download\BITA0.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e17d2630592b6b8b86888b3ce879a3ab\download\BIT91.tmp"
Thu 27 Sep 2007 990,818 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6709a5593e8edb948fefef2ae74a35e\download\BIT1E.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb96ceab77261e76cdbe943d8cf8e4cc\download\BITF1.tmp"
Wed 26 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb9fda4f2f8a691ab294ebfcbb58c737\download\BITE.tmp"
Thu 27 Sep 2007 523,720 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT6E.tmp"
Thu 27 Sep 2007 1,286,444 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\edf770ea565c428bca41a4befcabb97b\download\BIT6B.tmp"

[b]Finished!/b

Re,

Rien ici.

On va essayer celui la, il m'a supprimé Messenger Skinner hier.

================NAVILOG====================

Télécharge ceci http://pagesperso-orange.fr/il.mafioso/Navifix/download.htm

prend navilog1.exe

Choisir option 1 uniquement

Ensuite suit ce tutorial :http://www.commentcamarche.net/faq/sujet 2490 popups ouverture de fenetres internet publicitaires pop up#premiere methode utiliser navilog d il mafioso sous xp

Et enfin post le rapport du scan navilog

Et qu'est ce que j'ai fait ?

Hier, il y avait Messenger Skinner sur un ordi, et Navilog l'a supprimé.

D'ailleurs, avec tout ce qu'il a detecte dans le system32 hein..

Re

Donc me revoilà, que faut-il faire maintenant, svp ?

Re,

Chipie88,
en fait tu aurais du commencer par poster un rapport HiJackT (et non tout ces fix)

Donc fais ceci stp,
>Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger-159-hijackthis
- Lance le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,



Ensuite,
> Lance navilog1 :
- Choisis l'option 2
Navilog travail... patient jusqu'à ce qui soit marqué < Nettoyage Termine le ..... >
Un rapport va être générer. Poste le dans ta prochaine réponse.
Note: le bureau disparaît.



Raphy00 après analyse de ton HiJackT va prendre la suite en main.


Bon courage.


A+