Pop Up CiD que je n'arrive pas à supprimerRésolu/Fermé

Question

Bonjour, Bonjour, ...


J'ai un pti souci depuis quelques temps... 

J'ai les fameux pop ups CiD qui n'arrétent pas de s'afficher (Provenance MSN !) 
Je suis passé par Suppression de programme mais le programme de désinstallation n'a pas put se lancer (??!!). Je n'ai pas de fichier CiD Help. Cela povenait du Merde-enger Plus. 

J'ai essayé Avast, Adaware et Spybot mais bien entendu ca ne fonctionne pas. J'ai donc téléchargé LopSD. 
Option 1 : La recherche dont voici le rapport ci-dessous (avant de passer à la phase suppression, il me précisait de faire vérifier le rapport pour ne pas supprimer de fichier légitimes). 

Si une bonne âme charitable pouvait me dire si je peux passer à la phase suivante... Merci d'avance !! 

Rapport : 


--------------------\ Lop S&D 4.2.4-4 XP/Vista 

Microsoft® Windows Vista™ Home Basic ( v6.0.6001 ) Service Pack 1 
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3000+ ) 
BIOS : Default System BIOS 
USER : owner ( Administrator ) 
BOOT : Normal boot 
Antivirus : Norton 360 2007 (Activated) 
Firewall : Norton 360 2007 (Activated) 
C:\ (Local Disk) - NTFS - Total : 149 Go Free : 127 Go 
D:\ (CD or DVD) 
E:\ (USB) 
F:\ (USB) 
G:\ (USB) 
H:\ (USB) 

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 ) 
Option : [1] ( 02/10/2008|10:46 ) 

[ UAC => 1 ] 

--------------------\ Listing des dossiers dans Local 

[10/12/2007|15:49] C:\Users\owner\AppData\Local\Adobe 
[16/05/2008|15:01] C:\Users\owner\AppData\Local\Ahead 
[16/09/2008|08:49] C:\Users\owner\AppData\Local\d3d9caps.dat 
[28/09/2007|10:25] C:\Users\owner\AppData\Local\Datos de programa 
[14/08/2008|11:42] C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 
[01/12/2007|16:28] C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT 
[22/02/2008|16:53] C:\Users\owner\AppData\Local\Google 
[28/09/2007|10:25] C:\Users\owner\AppData\Local\Historial 
[02/10/2008|10:22] C:\Users\owner\AppData\Local\IconCache.db 
[21/04/2008|10:04] C:\Users\owner\AppData\Local\Microsoft 
[07/12/2007|12:28] C:\Users\owner\AppData\Local\Microsoft Games 
[28/09/2007|16:17] C:\Users\owner\AppData\Local\Microsoft Help 
[08/11/2007|17:21] C:\Users\owner\AppData\Local\Mozilla 
[28/09/2007|16:25] C:\Users\owner\AppData\Local\Seven Zip 
[02/10/2008|10:44] C:\Users\owner\AppData\Local\Temp 
[28/09/2007|10:25] C:\Users\owner\AppData\Local\Temporary Internet Files 
[25/04/2008|18:40] C:\Users\owner\AppData\Local\VirtualStore 
[4|archivos] C:\Users\owner\AppData\Local\bytes 
[15|dirs] C:\Users\owner\AppData\Local\bytes libres 

--------------------\ Tâches planifiées dans C:\Windows	asks 

[02/10/2008 10:24][--ah-----] C:\Windows	asks\SA.DAT 
[02/10/2008 10:23][--a------] C:\Windows	asks\SCHEDLGU.TXT 

--------------------\ Listing des dossiers dans C:\ProgramData 

[28/09/2007|16:25] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} 
[10/12/2007|15:48] C:\ProgramData\Adobe 
[05/08/2008|19:11] C:\ProgramData\aim rect help creative 
[02/11/2006|14:59] C:\ProgramData\Application Data 
[28/09/2007|16:38] C:\ProgramData\CyberLink 
[28/09/2007|10:23] C:\ProgramData\Datos de programa 
[02/11/2006|14:59] C:\ProgramData\Desktop 
[28/09/2007|10:23] C:\ProgramData\Documentos 
[02/11/2006|14:59] C:\ProgramData\Documents 
[28/09/2007|10:23] C:\ProgramData\Escritorio 
[02/11/2006|14:59] C:\ProgramData\Favorites 
[28/09/2007|10:23] C:\ProgramData\Favoritos 
[04/12/2007|12:22] C:\ProgramData\Google 
[06/08/2008|09:22] C:\ProgramData\helpoptionoption.1hg69o 
[05/08/2008|19:10] C:\ProgramData\helpoptionoption.31dst 
[05/08/2008|19:10] C:\ProgramData\helpoptionoption.crd2ne 
[06/08/2008|09:43] C:\ProgramData\helpoptionoption.pg5y9h 
[06/08/2008|10:16] C:\ProgramData\helpoptionoption.snawq 
[27/08/2008|18:44] C:\ProgramData\helpoptionoption.xp98c 
[01/12/2007|17:36] C:\ProgramData\Hewlett-Packard 
[01/12/2007|17:38] C:\ProgramData\HP 
[01/12/2007|17:30] C:\ProgramData\HP Product Assistant 
[01/12/2007|17:33] C:\ProgramData\HPSSUPPLY 
[01/12/2007|17:38] C:\ProgramData\hpzinstall.log 
[17/09/2008|13:36] C:\ProgramData\Lavasoft 
[05/08/2008|19:11] C:\ProgramData\License Once Link 
[28/09/2007|10:23] C:\ProgramData\Men£ Inicio 
[12/12/2007|15:38] C:\ProgramData\Microsoft 
[10/09/2008|09:28] C:\ProgramData\Microsoft Help 
[28/09/2007|16:13] C:\ProgramData\Nero 
[06/08/2008|09:52] C:\ProgramData
tuser.pol 
[03/06/2008|08:51] C:\ProgramData\Office Genuine Advantage 
[28/09/2007|10:23] C:\ProgramData\Plantillas 
[05/08/2008|19:11] C:\ProgramData\pure mix 01.aaeohnu 
[24/09/2008|08:51] C:\ProgramData\Spybot - Search & Destroy 
[02/11/2006|14:59] C:\ProgramData\Start Menu 
[16/09/2008|11:41] C:\ProgramData\Symantec 
[02/11/2006|14:59] C:\ProgramData\Templates 
[01/12/2007|17:43] C:\ProgramData\WEBREG 
[25/08/2008|09:27] C:\ProgramData\WindowsSearch 
[21/04/2008|10:03] C:\ProgramData\WLInstaller 
[9|archivos] C:\ProgramData\bytes 
[34|dirs] C:\ProgramData\bytes libres 

--------------------\ Listing des dossiers dans C:\Program Files 

[28/09/2007|16:25] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites 
[10/12/2007|15:47] C:\Program Files\Adobe 
[28/09/2007|10:23] C:\Program Files\Archivos comunes [C:\Program Files\Common Files] 
[17/09/2008|13:33] C:\Program Files\Common Files 
[01/12/2007|16:23] C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor 
[28/09/2007|16:06] C:\Program Files\CyberLink 
[22/02/2008|16:52] C:\Program Files\Google 
[01/12/2007|17:28] C:\Program Files\Hewlett-Packard 
[01/12/2007|17:33] C:\Program Files\HP 
[01/12/2007|16:23] C:\Program Files\InstallShield Installation Information 
[25/06/2008|19:28] C:\Program Files\Internet Explorer 
[10/06/2008|16:13] C:\Program Files\Java 
[17/09/2008|13:34] C:\Program Files\Lavasoft 
[05/08/2008|19:10] C:\Program Files\License Once Link 
[01/12/2007|15:30] C:\Program Files\Microsoft CAPICOM 2.1.0.2 
[02/11/2006|14:35] C:\Program Files\Microsoft Games 
[28/09/2007|16:21] C:\Program Files\Microsoft Office 
[28/09/2007|16:21] C:\Program Files\Microsoft Visual Studio 
[28/09/2007|16:21] C:\Program Files\Microsoft Works 
[28/09/2007|16:20] C:\Program Files\Microsoft.NET 
[25/06/2008|19:28] C:\Program Files\Movie Maker 
[08/11/2007|17:21] C:\Program Files\Mozilla Firefox 
[02/11/2006|14:35] C:\Program Files\MSBuild 
[03/12/2007|12:23] C:\Program Files\MSXML 4.0 
[28/09/2007|16:13] C:\Program Files\Nero 
[02/10/2008|10:25] C:\Program Files\Norton 360 
[08/11/2007|17:22] C:\Program Files\OpenOffice.org 2.2 
[02/11/2006|14:35] C:\Program Files\Reference Assemblies 
[23/09/2008|14:44] C:\Program Files\Spybot - Search & Destroy 
[02/06/2008|09:17] C:\Program Files\Symantec 
[02/11/2006|14:58] C:\Program Files\Uninstall Information 
[25/06/2008|19:28] C:\Program Files\Windows Calendar 
[25/06/2008|19:28] C:\Program Files\Windows Collaboration 
[25/06/2008|19:28] C:\Program Files\Windows Defender 
[21/04/2008|10:03] C:\Program Files\Windows Live 
[15/07/2008|17:32] C:\Program Files\Windows Live Safety Center 
[13/08/2008|17:59] C:\Program Files\Windows Mail 
[25/06/2008|19:28] C:\Program Files\Windows Media Player 
[28/09/2007|10:23] C:\Program Files\Windows NT 
[25/06/2008|19:28] C:\Program Files\Windows Photo Gallery 
[25/06/2008|19:28] C:\Program Files\Windows Sidebar 
[08/11/2007|17:22] C:\Program Files\XP Codec Pack 
[0|archivos] C:\Program Files\bytes 
[44|dirs] C:\Program Files\bytes libres 

--------------------\ Listing des dossiers dans C:\Program Files\Common Files 

[10/12/2007|15:47] C:\Program Files\Common Files\Adobe 
[28/09/2007|16:14] C:\Program Files\Common Files\Ahead 
[28/09/2007|16:21] C:\Program Files\Common Files\DESIGNER 
[01/12/2007|17:28] C:\Program Files\Common Files\Hewlett-Packard 
[01/12/2007|17:29] C:\Program Files\Common Files\HP 
[28/09/2007|16:05] C:\Program Files\Common Files\InstallShield 
[10/06/2008|16:11] C:\Program Files\Common Files\Java 
[21/04/2008|10:03] C:\Program Files\Common Files\microsoft shared 
[02/11/2006|13:18] C:\Program Files\Common Files\Services 
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines 
[07/03/2008|10:32] C:\Program Files\Common Files\Symantec Shared 
[25/06/2008|19:28] C:\Program Files\Common Files\System 
[21/04/2008|10:03] C:\Program Files\Common Files\WindowsLiveInstaller 
[17/09/2008|13:33] C:\Program Files\Common Files\Wise Installation Wizard 
[0|archivos] C:\Program Files\Common Files\bytes 
[16|dirs] C:\Program Files\Common Files\bytes libres 

--------------------\ Process 

( 59 Processes ) 

iexplore.exe ~ [PID:3980] 
iexplore.exe ~ [PID:2992] 
iexplore.exe ~ [PID:3164] 

--------------------\ Recherche avec S_Lop 

C:\ProgramData\helpoptionoption.31dst 
C:\ProgramData\helpoptionoption.snawq 
C:\ProgramData\helpoptionoption.xp98c 
C:\ProgramData\helpoptionoption.1hg69o 
C:\ProgramData\helpoptionoption.crd2ne 
C:\ProgramData\helpoptionoption.pg5y9h 

--------------------\ Recherche de Fichiers / Dossiers Lop 

C:\ProgramData\aim rect help creative 
C:\ProgramData\aim rect help creative\Rule Acid.exe 
C:\Users\owner\AppData\Roaming\MICROS~1\Windows\Cookies\owner@www.lop[1].txt 
C:\Users\owner\AppData\Roaming\MICROS~1\Windows\Cookies\owner@888[1].txt 

--------------------\ Verification du Registre 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Funk ford"="\"C:\ProgramData\helpoptionoption.xp98c\"" 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

--------------------\ Verification du fichier Hosts 

Fichier Hosts PROPRE 


--------------------\ Recherche de fichiers avec Catchme 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net 
Rootkit scan 2008-10-02 10:46:34 
Windows 6.0.6001 Service Pack 1 NTFS 
scanning hidden processes ... 
scanning hidden files ... 
C:\Users\owner\AppData\Local\Microsoft\Windows Mail\edb003BC.log 2097152 bytes 
scan completed successfully 
hidden processes: 0 
hidden files: 796 

--------------------\ Recherche d'autres infections 


Aucune autre infection trouvée ! 

[F:67][D:17]-> C:\Users\owner\AppData\Local\Temp 
[F:333][D:1]-> C:\Users\owner\AppData\Roaming\MICROS~1\Windows\Cookies 
[F:1807][D:4]-> C:\Users\owner\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 
[F:12][D:6]-> C:\$Recycle.Bin 

1 - "C:\Lop SD\LopR_1.txt" - 02/10/2008|11:29 - Option : [1] 

--------------------\ Fin du rapport a 11:29:37 
[ UAC => 1 ]

benurrr · Answer

bonjour

Relance LOP S&D d'Eric71 

Choisis cette fois ci l'option 3 ( Suppression ) 
Ne ferme pas la fenêtre lors de la suppression ! 
Poste le rapport généré (situé aussi ici C:\lopR.txt )

jemieg · Answer

OK, Je suis prêt à lancer l'option mais pas de risques de supprimer de fichiers légitimes ??

Il s'agit du PC de mon boulot, je ne voudrais pas le planter...

Merci pour les conseils.

jemieg · Answer

Voici le nouveau rapport de Lop SD...
Et apparemment depuis qu'il a terminé, je n'ai plus de pop ups qui s'affichent (je touche du bois)..


   --------------------\  Lop S&D 4.2.4-4   XP/Vista

   Microsoft® Windows Vista™ Home Basic  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
   BIOS : Default System BIOS
   USER : owner ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton 360 2007 (Activated)
   Firewall  : Norton 360 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total : 149 Go Free : 127 Go
   D:\ (CD or DVD)
   E:\ (USB)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)

   "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
   Option : [3] ( 03/10/2008|10:04 )

   [ UAC => 1 ]


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\ProgramData\aim rect help creative\Rule Acid.exe
   Supprime! - C:\Users\owner\AppData\Roaming\MICROS~1\Windows\Cookies\owner@www.lop[1].txt
   Supprime! - C:\ProgramData\helpoptionoption.31dst
   Supprime! - C:\ProgramData\helpoptionoption.snawq
   Supprime! - C:\ProgramData\helpoptionoption.xp98c
   Supprime! - C:\ProgramData\helpoptionoption.1hg69o
   Supprime! - C:\ProgramData\helpoptionoption.crd2ne
   Supprime! - C:\ProgramData\helpoptionoption.pg5y9h
   Supprime! - C:\ProgramData\aim rect help creative
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans Local  

   [10/12/2007|15:49] C:\Users\owner\AppData\Local\Adobe
   [16/05/2008|15:01] C:\Users\owner\AppData\Local\Ahead
   [16/09/2008|08:49] C:\Users\owner\AppData\Local\d3d9caps.dat
   [28/09/2007|10:25] C:\Users\owner\AppData\Local\Datos de programa 
   [14/08/2008|11:42] C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [01/12/2007|16:28] C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
   [22/02/2008|16:53] C:\Users\owner\AppData\Local\Google
   [28/09/2007|10:25] C:\Users\owner\AppData\Local\Historial 
   [02/10/2008|19:01] C:\Users\owner\AppData\Local\IconCache.db
   [21/04/2008|10:04] C:\Users\owner\AppData\Local\Microsoft
   [07/12/2007|12:28] C:\Users\owner\AppData\Local\Microsoft Games
   [28/09/2007|16:17] C:\Users\owner\AppData\Local\Microsoft Help
   [08/11/2007|17:21] C:\Users\owner\AppData\Local\Mozilla
   [28/09/2007|16:25] C:\Users\owner\AppData\Local\Seven Zip
   [03/10/2008|10:04] C:\Users\owner\AppData\Local\Temp
   [28/09/2007|10:25] C:\Users\owner\AppData\Local\Temporary Internet Files 
   [25/04/2008|18:40] C:\Users\owner\AppData\Local\VirtualStore
   [4|archivos] C:\Users\owner\AppData\Local\bytes
   [15|dirs] C:\Users\owner\AppData\Local\bytes libres
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [03/10/2008 09:06][--ah-----] C:\Windows	asks\SA.DAT
   [02/10/2008 19:02][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [28/09/2007|16:25] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
   [10/12/2007|15:48] C:\ProgramData\Adobe
   [02/11/2006|14:59] C:\ProgramData\Application Data 
   [28/09/2007|16:38] C:\ProgramData\CyberLink
   [28/09/2007|10:23] C:\ProgramData\Datos de programa 
   [02/11/2006|14:59] C:\ProgramData\Desktop 
   [28/09/2007|10:23] C:\ProgramData\Documentos 
   [02/11/2006|14:59] C:\ProgramData\Documents 
   [28/09/2007|10:23] C:\ProgramData\Escritorio 
   [02/11/2006|14:59] C:\ProgramData\Favorites 
   [28/09/2007|10:23] C:\ProgramData\Favoritos 
   [04/12/2007|12:22] C:\ProgramData\Google
   [01/12/2007|17:36] C:\ProgramData\Hewlett-Packard
   [01/12/2007|17:38] C:\ProgramData\HP
   [01/12/2007|17:30] C:\ProgramData\HP Product Assistant
   [01/12/2007|17:33] C:\ProgramData\HPSSUPPLY
   [01/12/2007|17:38] C:\ProgramData\hpzinstall.log
   [17/09/2008|13:36] C:\ProgramData\Lavasoft
   [05/08/2008|19:11] C:\ProgramData\License Once Link
   [28/09/2007|10:23] C:\ProgramData\Men£ Inicio 
   [12/12/2007|15:38] C:\ProgramData\Microsoft
   [10/09/2008|09:28] C:\ProgramData\Microsoft Help
   [28/09/2007|16:13] C:\ProgramData\Nero
   [06/08/2008|09:52] C:\ProgramData
tuser.pol
   [03/06/2008|08:51] C:\ProgramData\Office Genuine Advantage
   [28/09/2007|10:23] C:\ProgramData\Plantillas 
   [05/08/2008|19:11] C:\ProgramData\pure mix 01.aaeohnu
   [24/09/2008|08:51] C:\ProgramData\Spybot - Search & Destroy
   [02/11/2006|14:59] C:\ProgramData\Start Menu 
   [16/09/2008|11:41] C:\ProgramData\Symantec
   [02/11/2006|14:59] C:\ProgramData\Templates 
   [01/12/2007|17:43] C:\ProgramData\WEBREG
   [25/08/2008|09:27] C:\ProgramData\WindowsSearch
   [21/04/2008|10:03] C:\ProgramData\WLInstaller
   [3|archivos] C:\ProgramData\bytes
   [33|dirs] C:\ProgramData\bytes libres

   --------------------\  Listing des dossiers dans C:\Program Files

   [28/09/2007|16:25] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [10/12/2007|15:47] C:\Program Files\Adobe
   [28/09/2007|10:23] C:\Program Files\Archivos comunes [C:\Program Files\Common Files]
   [17/09/2008|13:33] C:\Program Files\Common Files
   [01/12/2007|16:23] C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
   [28/09/2007|16:06] C:\Program Files\CyberLink
   [22/02/2008|16:52] C:\Program Files\Google
   [01/12/2007|17:28] C:\Program Files\Hewlett-Packard
   [01/12/2007|17:33] C:\Program Files\HP
   [01/12/2007|16:23] C:\Program Files\InstallShield Installation Information
   [25/06/2008|19:28] C:\Program Files\Internet Explorer
   [10/06/2008|16:13] C:\Program Files\Java
   [17/09/2008|13:34] C:\Program Files\Lavasoft
   [05/08/2008|19:10] C:\Program Files\License Once Link
   [01/12/2007|15:30] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [02/11/2006|14:35] C:\Program Files\Microsoft Games
   [28/09/2007|16:21] C:\Program Files\Microsoft Office
   [28/09/2007|16:21] C:\Program Files\Microsoft Visual Studio
   [28/09/2007|16:21] C:\Program Files\Microsoft Works
   [28/09/2007|16:20] C:\Program Files\Microsoft.NET
   [25/06/2008|19:28] C:\Program Files\Movie Maker
   [08/11/2007|17:21] C:\Program Files\Mozilla Firefox
   [02/11/2006|14:35] C:\Program Files\MSBuild
   [03/12/2007|12:23] C:\Program Files\MSXML 4.0
   [28/09/2007|16:13] C:\Program Files\Nero
   [02/10/2008|10:25] C:\Program Files\Norton 360
   [08/11/2007|17:22] C:\Program Files\OpenOffice.org 2.2
   [02/11/2006|14:35] C:\Program Files\Reference Assemblies
   [23/09/2008|14:44] C:\Program Files\Spybot - Search & Destroy
   [02/06/2008|09:17] C:\Program Files\Symantec
   [02/11/2006|14:58] C:\Program Files\Uninstall Information
   [25/06/2008|19:28] C:\Program Files\Windows Calendar
   [25/06/2008|19:28] C:\Program Files\Windows Collaboration
   [25/06/2008|19:28] C:\Program Files\Windows Defender
   [21/04/2008|10:03] C:\Program Files\Windows Live
   [15/07/2008|17:32] C:\Program Files\Windows Live Safety Center
   [13/08/2008|17:59] C:\Program Files\Windows Mail
   [25/06/2008|19:28] C:\Program Files\Windows Media Player
   [28/09/2007|10:23] C:\Program Files\Windows NT
   [25/06/2008|19:28] C:\Program Files\Windows Photo Gallery
   [25/06/2008|19:28] C:\Program Files\Windows Sidebar
   [08/11/2007|17:22] C:\Program Files\XP Codec Pack
   [0|archivos] C:\Program Files\bytes
   [44|dirs] C:\Program Files\bytes libres

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [10/12/2007|15:47] C:\Program Files\Common Files\Adobe
   [28/09/2007|16:14] C:\Program Files\Common Files\Ahead
   [28/09/2007|16:21] C:\Program Files\Common Files\DESIGNER
   [01/12/2007|17:28] C:\Program Files\Common Files\Hewlett-Packard
   [01/12/2007|17:29] C:\Program Files\Common Files\HP
   [28/09/2007|16:05] C:\Program Files\Common Files\InstallShield
   [10/06/2008|16:11] C:\Program Files\Common Files\Java
   [21/04/2008|10:03] C:\Program Files\Common Files\microsoft shared
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [07/03/2008|10:32] C:\Program Files\Common Files\Symantec Shared
   [25/06/2008|19:28] C:\Program Files\Common Files\System
   [21/04/2008|10:03] C:\Program Files\Common Files\WindowsLiveInstaller
   [17/09/2008|13:33] C:\Program Files\Common Files\Wise Installation Wizard
   [0|archivos] C:\Program Files\Common Files\bytes
   [16|dirs] C:\Program Files\Common Files\bytes libres

   --------------------\  Process

   ( 55 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\Users\owner\AppData\Roaming\MICROS~1\Windows\Cookies\owner@888[2].txt
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-03 10:04:48
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 867
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:76][D:18]-> C:\Users\owner\AppData\Local\Temp
   [F:349][D:1]-> C:\Users\owner\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:2132][D:4]-> C:\Users\owner\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:12][D:6]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 02/10/2008|11:29 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 03/10/2008|10:29 - Option : [3]

   --------------------\  Fin du rapport a 10:29:40
   [ UAC => 1 ]

jemieg · Answer

Voici le rapport Hijackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:03, on 03/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mostrar la Barra de herramientas de Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1213107129730&h=e0f28fb7a64e3a8795408f6d666ac712/&filename=jinstall-6u6-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

jemieg · Answer

Et voici pour finir le résultat de Malwarebytes que j'ai effectué en mode normal (fallait que je continue de taffer en même temps !)... Je pense pouvoir crier alleluia et surtout merci Benurrr pour tes conseils.

Ca fait du bien de pouvoir naviguer tranquille !!

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1225
Windows 6.0.6001 Service Pack 1

03/10/2008 14:50:44
mbam-log-2008-10-03 (14-50-44).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 133631
Temps écoulé: 1 hour(s), 10 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Pop Up CiD que je n'arrive pas à supprimer

5 réponses

Discussions similaires

Newsletters