Pubs Contextual ads by Snappyads Résolu/Fermé

Question

Bonjour,
Et tout d'abord merci à ceux qui se pencheront sur mon problème. 
Depuis quelques jours, j'ai ainsi très souvent des publicités intempestives "Contextual ads by Snappyads" qui s'ouvrent sur mon ordinateur. 
En parcourant un peu le forum (je suis nouvelle ici), j'ai pu voir qu'il était nécessaire pour ce genre de problème de poster le rapport Hijackthis, de ce fait le voici : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:00, on 20/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\BR040286.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Louli\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32undll32.exe
C:\Windows\System32egsvr32.exe
C:\Users\Louli\AppData\Local\hlidedlp\hlidedlp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32undll32.exe
C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: snappyads browser enhancer - {12FF14D7-FDB9-A78B-6D2E-F613F421A4F8} - C:\Windows\system32\sxbulagyumx.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mysidesearch search enhancer - {AF86FCAD-776A-01D8-D7E2-BFE86916B726} - C:\Windows\system32\vlavmimkejshanp.dll
O2 - BHO: snappyads - {bd94866a-e717-8e87-0359-59759f4b2579} - C:\Windows\system32
seE459.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [frwzqmjksq] C:\Windows\System32egsvr32.exe /s "C:\Windows\system32\sxbulagyumx.dll"
O4 - HKLM\..\Run: [hlidedlp] "C:\Users\Louli\AppData\Local\hlidedlp\hlidedlp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: runit_32.lnk = C:\Program Filesunitunit_32.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{939D50ED-7C0C-4B95-9429-5A842E93DF60}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Voilà en vous remerciant grandement par avance de l'aide que vous pourrez m'apporter. 

Bonne soirée à tous !

gil le fantom · Answer

Bonsoir

Tu télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

Tu suis les indications et tu n'apporte aucune modication aux réglages par défaut et en fin d'installation,vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

Tu fais "Exécuter un examen complet"

Si des malwares ont été détectés, leur liste s'affiche.
Tu clique sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

Tu me poste le rapport

booddha · Answer

Bonsoir
============================ ToolBar S&D ===========================

Télécharger Toolbar-S&D sur le Bureau.
	•	Important! Désactiver l'antivirus, l'antispyware résident, TeaTimer de Spybot (si présent et actif)
	•	Lancer l'installation du programme en ex‚cutant le fichier téléchargé.

	•	Pour XP Double-click sur le raccourci de Toolbar-S&D.
	•	Pour Vista click-Droit sur le raccourci de Toolbar-S&D et executer en administrateur
	
	•	Sélectionner la langue souhaitée en tapant la lettre correspondante
	•	Valider avec la touche Entrée.
	•	Choisir option 1 (Recherche). Le menu Démarrer et les icônes vont disparaitre, c'est normal
	•	Attendre la fin de la recherche qui peux prendre plusieurs minutes en ne touchant à rien.
	•	Copier/Coller le rapport généré. (C:\TB.txt) 
	•	Attendre la suite.

gil le fantom · Answer

tu fais aussi ce que Booddha t'as demandé.

Louli42 · Answer

Je peux lancer les 2 opérations simultanément ?

booddha · Answer

Non l'une après l'autre. Suit Gil le fantome.

gil le fantom · Answer

Non,tu fais MBAM et tu colle le rapport 
 Après tu fais  Toolbar-S&D

gil le fantom · Answer

Je te laisse prendre la suite Booddha,je dois me lever de bonne heure

Bonne nuit

A demain peut être, si c'est pas terminé

Louli42 · Answer

Merci gil le fantome pour ton aide et bonne nuit ! 
MBAM est toujours en cours d'analyse !
Néanmoins, étant plutôt novice en informatique, je pensais très naïvement que l'analyse serait + rapide (elle tourne depuis 37 min environ), de ce fait, devant moi aussi me lever tôt demain matin, je pense que je ne pourrais effecteur tes instructions boodha que demain... j'espère que cela ne pose pas de problème ? 

Merci en tous cas de vous être penchés sur mon problème !

booddha · Answer

Pas de problème. Je ne serai pas là demain matin. Gil le fantom prendra la suite si il est là.

Louli42 · Answer

Ok merci bien ! L'analyse MBAM vient de se terminer à l'instant. Je poste le rapport ce soir (avant de redémarrer l'ordi) et je reviendrais demain pour poursuivre les autres manips à effectuer si nécessaire !
Merci et bonne soirée à toi boodha. 

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1782
Windows 6.0.6001 Service Pack 1

20/02/2009 22:50:05
mbam-log-2009-02-20 (22-50-05).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 146177
Temps écoulé: 52 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 24

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\IEToolbar\ECO Bar	bhelper.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{255c13ae-4bb0-45c3-bae1-ba6c088c43b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8fbb0d9a-1f7b-465b-8292-1593b880e92a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e67d5bc7-7129-493e-9281-f47bdaface4f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2ee92bca-74c4-4d4b-88da-db9f9e3c9f93} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10000000-1000-1000-1000-100000000000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10000000-1000-1000-1000-100000000000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57cadc46-58ff-4105-b733-5a9f3fc9783c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\becb0939-638a-a4c6-1d02-f4eb36995c02 (Adware.MySideSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mxcpfxmtcl (Adware.SnappyAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cb37a89a-9b80-cb97-d025-39a2d0689ff1} (Adware.MySideSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT	bsb05288.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT	bsb05288.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT	bsb05288.tbsb05288 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT	bsb05288.tbsb05288.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DPS (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	bsb05288.tbsb05288toolbar (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallunit (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12ff14d7-fdb9-a78b-6d2e-f613f421a4f8} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12ff14d7-fdb9-a78b-6d2e-f613f421a4f8} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af86fcad-776a-01d8-d7e2-bfe86916b726} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af86fcad-776a-01d8-d7e2-bfe86916b726} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd94866a-e717-8e87-0359-59759f4b2579} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd94866a-e717-8e87-0359-59759f4b2579} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10000000-1000-1000-1000-100000000000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{10000000-1000-1000-1000-100000000000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frwzqmjksq (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Filesunit (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar (Trojan.Agent) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Program Files\IEToolbar\ECO Bar	bhelper.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Filesunitunit_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\dcmwj1360.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\jiag62462.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\lbfgf0805.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\ofjjj1017.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\prxw73370.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\qcok5815.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\becb0939-638a-a4c6-1d02-f4eb36995c02.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\mxcpfxmtcl.exe (Adware.SnappyAds) -> Quarantined and deleted successfully.
C:\Windows\System32\vlavmimkejshanp.dll-uninst.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\Program Filesunit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Filesunitunitu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\basis.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\icons.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\info.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\version.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\your_logo.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Louli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startupunit_32.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Windows\System32\sxbulagyumx.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\vlavmimkejshanp.dll (Adware.BHO) -> Delete on reboot.
C:\Windows\System32
seE459.dll (Adware.BHO) -> Delete on reboot.

Louli42 · Answer

Bonjour à tous ! 
J'ai donc posté le rapport MBAM ci-dessus. Dois-je maintenant télécharger Toolbar-S&D ? 
Merci par avance.

booddha · Answer

Bonjour,

MalwareBytes à fait du bon boulot.

Vas-y avec Toolbar maintenant.

gil le fantom · Answer

Bonjour à vous deux,je vais suivre.

Louli42 · Answer

Bonjour boodha et gil le fantom ! 

Voici le rapport Toolbar : 

 -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual  CPU  T2370  @ 1.73GHz )
   BIOS : Default System BIOS
   USER : Louli ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security Online 2007 (Not Activated)
   Firewall  : Norton Internet Security Online 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total:111 Go (Free:64 Go)
   D:\ (Local Disk) - NTFS - Total:110 Go (Free:100 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 21/02/2009|10:54 )

   [ UAC => 1 ]

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr"
   "SEARCH PAGE"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/"
   "Local Page"="C:\Windows\system32\blank.htm"
   "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://fr.yahoo.com/"
   "Default_Page_URL"="https://fr.yahoo.com/"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 21/02/2009|10:54 - Option : [1]

   -----------\  Fin du rapport a 10:54:54,16

booddha · Answer

Par acquis de conscience on va finir la procédure toolsbar

======================= ToolBar S&D NETTOYAGE ======================	
	Le nettoyage supprime l'infection du système.

	•	Verifier dans ajout/suppression de programmes du panneau de configuration si la barre d'outil est présente. 
	•	Si oui désinstaller, si non continuer la procédure

	•	Relancer ToolBar S&D.
  •	Pour XP Double-click sur le raccourci de Toolbar-S&D.
	•	Pour Vista click-Droit sur le raccourci de Toolbar-S&D et executer en administrateur

	•	Dans le menu principal, taper 2 puis valider par entrée.
	•	Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.
	•	Le nettoyage va prendre quelques minutes...
	•	Une fois l'opération terminée, le rapport de nettoyage s'ouvre.
	•	copier/coller le rapport sur le forum
	•	Attendre la suite.
	
NOTE : Si le Bureau ne réapparait pas, appuyer simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Cliquer sur l'onglet "Processus". Cliquer en haut à gauche sur Fichier et choisir "Exécuter..."
Taper explorer puis valider.

Louli42 · Answer

Excuse moi mais je ne comprends pas ce qu'il faut que je vérifie dans ajout/suppression de programme du panneau de configuration avant de relancer Toolbar S&D ???

booddha · Answer

Saute cette étape et continue la procédure.

Louli42 · Answer

Ok, voici le nouveau rapport : 

 -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual  CPU  T2370  @ 1.73GHz )
   BIOS : Default System BIOS
   USER : Louli ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security Online 2007 (Not Activated)
   Firewall  : Norton Internet Security Online 2007 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:111 Go (Free:64 Go)
   D:\ (Local Disk) - NTFS - Total:110 Go (Free:100 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 21/02/2009|11:22 )

   [ UAC => 1 ]

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr"
   "SEARCH PAGE"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/"
   "Local Page"="C:\Windows\system32\blank.htm"
   "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="https://fr.yahoo.com/"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 21/02/2009|10:54 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 21/02/2009|11:22 - Option : [2]

   -----------\  Fin du rapport a 11:22:42,59



Par contre, je tiens à préciser que juste avant de lancer cette 2ème opération Toolbar, une nouvelle fenêtre publicitaire "Contextual ads by Snappyads" s'est ouverte sur mon ordi ! ! !

booddha · Answer

Bien, remet nous un rapport HiJackthis STP

Louli42 · Answer

Désolée mais c'est très ennuyeux, impossible de lire et ainsi d'avoir accès aux derniers messages postés sur le topic, je ne vois les messages que jusqu'à celui de 10h58 (le 17ème)... et ce même de mon autre ordinateur ! Est-ce un problème du au forum ?

gil le fantom · Answer

ça beug cher moi avec CCm je ne vois plus les messages après le 17

Louli42 · Answer

Chez moi aussi ça beuguait mais c'est bon j'arrive à relire les messages apparemment.
Voici le nouveau rapport hijackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:00, on 20/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\BR040286.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Louli\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32undll32.exe
C:\Windows\System32egsvr32.exe
C:\Users\Louli\AppData\Local\hlidedlp\hlidedlp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32undll32.exe
C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: snappyads browser enhancer - {12FF14D7-FDB9-A78B-6D2E-F613F421A4F8} - C:\Windows\system32\sxbulagyumx.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mysidesearch search enhancer - {AF86FCAD-776A-01D8-D7E2-BFE86916B726} - C:\Windows\system32\vlavmimkejshanp.dll
O2 - BHO: snappyads - {bd94866a-e717-8e87-0359-59759f4b2579} - C:\Windows\system32
seE459.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [frwzqmjksq] C:\Windows\System32egsvr32.exe /s "C:\Windows\system32\sxbulagyumx.dll"
O4 - HKLM\..\Run: [hlidedlp] "C:\Users\Louli\AppData\Local\hlidedlp\hlidedlp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: runit_32.lnk = C:\Program Filesunitunit_32.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{939D50ED-7C0C-4B95-9429-5A842E93DF60}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Louli42 · Answer

Ça re-beug... toujours pas accès aux messages après le 17...

Louli42 · Answer

Désolée, j'avais pas fait attention qu'il me ressortait l'ancien rapport ! 
Voici le nouveau : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:49, on 21/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\BR040286.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Louli\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32undll32.exe
C:\Users\Louli\AppData\Local\hlidedlp\hlidedlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\System32undll32.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hlidedlp] "C:\Users\Louli\AppData\Local\hlidedlp\hlidedlp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{939D50ED-7C0C-4B95-9429-5A842E93DF60}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

booddha · Answer

Ha, c'est mieux, on avance malgrè les soucis du site

======================== SDFIX ========================

	•	Télécharger SDFix sur le bureau
	•	Double-Click sur le fichier SDFix.EXE et se laisser guider pour l'installation
	•	Le programme s'installe dans le répertoire C:\SDFix	

Il est indispensable d'effectuer le nettoyage avec SDFix en mode sans échec. 
------
	•	Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
	•	Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

	•	Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
	•	Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
	•	Une fois en mode sans échec, cliquer sur le menu Démarrer puis Exécuter et coller la commande suivant : C:\SDFix\RunThis.bat
	•	Taper Y puis appuyer sur la touche Entrée du clavier, afin de lancer le nettoyage !
	•	SDFix va procéder au nettoyage, patience...cela peut durer une trentaine de minutes
	•	Une fenêtre indique que SDFix doit redémarrer l'ordinateur afin de terminer le nettoyage.
-------
	•	Appuyer sur une touche du clavier pour redémarrer le PC.
	•	Au redémarrage du PC, SDFix indique que le nettoyage est terminé.
	•	Appuyer sur une touche du clavier afin d'ouvrir le rapport créé par SDFix.
	•	Il peut être enregistré si besoin, par exemple si on demande de le poster sur un forum (menu Edition / Enregistrer sous). 
	•	Sans quoi le rapport sera quand même sauvegardé dans le fichier suivant : Report.txt 
dans le dossier SDFix (ex : C:\SDFix\Report.txt).

Et à la suite, un nouveau rapport HijackThis

Louli42 · Answer

Je viens de passer sur mon autre PC pour poser une petite question. 
J'ai bien redémarrer mon ordi en mode sans échec, j'ai cliqué sur le menu démarrer puis Exécuter et coller la commande C:\SDFix\RunThisbat, mais ce que j'aimerais savoir c'est si il faut taper Y avant ou après avoir lancé le "programme exécuter". Le problème est que j'ai essayer les 2 solutions, et que dans les 2 cas, aucune fenêtre SDfix ne s'ouvre où je peux suivre l'avancement de l'analyse. Est-ce normal ?

Louli42 · Answer

Encore quelques beugs sur le forum... mais qui semblent se résoudre quand on poste un nouveau message

Louli42 · Answer

Je me demande booddha si SDFix fonctionne vraiment sous Vista ? Il ne viendrait pas de là le problème ?

Louli42 · Answer

...

gil le fantom · Answer

J'arrive enfin a lire les messages 

Laisse tomber SDfix ca marche que avec du XP

Louli42 · Answer

Ok merci ! 
Par contre j'ai eu le droit à l'apparition d'une pub une nouvelle fois ce matin...

gil le fantom · Answer

Bonsoir

On dirai que tout est revenu normal, on continu.

Tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

* Double-clique dessus pour lancer l'installation 
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau 
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche) 
* Patiente jusqu'à la fin du scan 
* Poste le rapport généré (C:\lopR.txt)

Louli42 · Answer

Bonsoir, 

Alors voilà le rapport gil le fantôme : 

--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual  CPU  T2370  @ 1.73GHz )
   BIOS : Default System BIOS
   USER : Louli ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security Online 2007 (Activated)
   Firewall  : Norton Internet Security Online 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total:111 Go (Free:63 Go)
   D:\ (Local Disk) - NTFS - Total:110 Go (Free:100 Go)
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 23/02/2009|22:07 )

   [ UAC => 1 ]
 
   --------------------\  Listing des dossiers dans Local

   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\Acer Arcade Deluxe
   [19/07/2008|18:34] C:\Users\Louli\AppData\Local\acer eNM
   [21/07/2008|18:53] C:\Users\Louli\AppData\Local\Adobe
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Application Data 
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\CyberLink
   [15/02/2009|19:54] C:\Users\Louli\AppData\Local\d3d9caps.dat
   [17/01/2009|17:38] C:\Users\Louli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [17/02/2009|21:59] C:\Users\Louli\AppData\Local\dtsdrlnk
   [18/08/2008|19:52] C:\Users\Louli\AppData\Local\GDIPFONTCACHEV1.DAT
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Historique 
   [17/02/2009|21:58] C:\Users\Louli\AppData\Local\hlidedlp
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\HomeMedia
   [22/02/2009|22:57] C:\Users\Louli\AppData\Local\IconCache.db
   [21/12/2008|21:13] C:\Users\Louli\AppData\Local\Microsoft
   [12/09/2008|21:33] C:\Users\Louli\AppData\Local\Microsoft Games
   [22/07/2008|19:36] C:\Users\Louli\AppData\Local\Microsoft Help
   [20/07/2008|18:24] C:\Users\Louli\AppData\Local\Mozilla
   [19/07/2008|18:34] C:\Users\Louli\AppData\Local\PlayMovie
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\PowerCinema
   [23/02/2009|22:07] C:\Users\Louli\AppData\Local\Temp
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Temporary Internet Files 
   [14/02/2009|20:58] C:\Users\Louli\AppData\Local\TVU Networks
   [20/07/2008|18:42] C:\Users\Louli\AppData\Local\VirtualStore
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [09/02/2009 21:15][--a------] C:\Windows	asks\Norton Internet Security Online - Analyse systŠme complŠte - Louli.job
   [23/02/2009 21:23][--ah-----] C:\Windows	asks\SA.DAT
   [23/02/2009 21:21][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [25/12/2007|21:00] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
   [25/12/2007|20:52] C:\ProgramData\Adobe
   [02/11/2006|14:02] C:\ProgramData\Application Data 
   [19/07/2008|18:28] C:\ProgramData\Bureau 
   [26/02/2008|00:46] C:\ProgramData\CyberLink
   [02/11/2006|14:02] C:\ProgramData\Desktop 
   [02/11/2006|14:02] C:\ProgramData\Documents 
   [19/07/2008|18:28] C:\ProgramData\Favoris 
   [02/11/2006|14:02] C:\ProgramData\Favorites 
   [20/02/2009|21:54] C:\ProgramData\Malwarebytes
   [19/07/2008|18:28] C:\ProgramData\Menu D‚marrer 
   [20/07/2008|19:41] C:\ProgramData\Messenger Plus!
   [16/12/2008|19:11] C:\ProgramData\Microsoft
   [10/12/2008|20:53] C:\ProgramData\Microsoft Help
   [19/07/2008|18:28] C:\ProgramData\ModŠles 
   [30/08/2008|18:00] C:\ProgramData\NVIDIA
   [02/11/2006|14:02] C:\ProgramData\Start Menu 
   [23/02/2009|21:36] C:\ProgramData\Symantec
   [02/11/2006|14:02] C:\ProgramData\Templates 
   [14/02/2009|20:58] C:\ProgramData\TVU Networks
   [09/02/2009|21:32] C:\ProgramData\WindowsSearch
   [19/01/2009|21:49] C:\ProgramData\WLInstaller

   --------------------\  Listing des dossiers dans C:\Program Files

   [14/12/2008|14:08] C:\Program Files\7-Zip
   [26/02/2008|00:45] C:\Program Files\Acer Arcade Deluxe
   [25/12/2007|21:07] C:\Program Files\Acer GameZone
   [26/02/2008|00:49] C:\Program Files\Acer Inc
   [25/12/2007|21:00] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [25/12/2007|20:52] C:\Program Files\Adobe
   [19/07/2008|18:33] C:\Program Files\Apoint2K
   [17/02/2009|22:02] C:\Program Files\CCleaner
   [16/12/2008|19:11] C:\Program Files\Common Files
   [25/12/2007|19:13] C:\Program Files\CONEXANT
   [25/12/2007|20:45] C:\Program Files\CyberLink
   [19/07/2008|18:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [19/07/2008|18:33] C:\Program Files\InstallShield Installation Information
   [26/02/2008|00:40] C:\Program Files\Intel
   [30/08/2008|18:07] C:\Program Files\Internet Explorer
   [20/12/2008|23:15] C:\Program Files\Java
   [26/02/2008|00:44] C:\Program Files\Launch Manager
   [30/08/2008|20:16] C:\Program Files\LimeWire
   [20/02/2009|21:54] C:\Program Files\Malwarebytes' Anti-Malware
   [08/02/2009|19:55] C:\Program Files\Messenger Plus! Live
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [19/07/2008|18:50] C:\Program Files\Microsoft Office
   [10/09/2008|18:51] C:\Program Files\Microsoft Works
   [25/12/2007|20:56] C:\Program Files\Microsoft.NET
   [30/08/2008|18:08] C:\Program Files\Movie Maker
   [07/02/2009|13:20] C:\Program Files\Mozilla Firefox
   [02/11/2006|13:37] C:\Program Files\MSBuild
   [25/12/2007|19:51] C:\Program Files\MSXML 4.0
   [25/12/2007|20:21] C:\Program Files\NewTech Infosystems
   [09/08/2008|17:12] C:\Program Files\Norton Internet Security
   [25/12/2007|19:05] C:\Program Files\Realtek
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [06/01/2009|21:17] C:\Program Files\Symantec
   [20/02/2009|20:15] C:\Program Files\Trend Micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [01/11/2008|20:55] C:\Program Files\Veetle
   [03/10/2008|20:07] C:\Program Files\VideoLAN
   [30/08/2008|18:08] C:\Program Files\Windows Calendar
   [30/08/2008|18:07] C:\Program Files\Windows Collaboration
   [30/08/2008|18:07] C:\Program Files\Windows Defender
   [30/08/2008|18:07] C:\Program Files\Windows Journal
   [19/01/2009|21:50] C:\Program Files\Windows Live
   [16/12/2008|19:19] C:\Program Files\Windows Live SkyDrive
   [13/02/2009|21:39] C:\Program Files\Windows Mail
   [30/08/2008|18:07] C:\Program Files\Windows Media Player
   [19/07/2008|18:28] C:\Program Files\Windows NT
   [30/08/2008|18:07] C:\Program Files\Windows Photo Gallery
   [30/08/2008|18:08] C:\Program Files\Windows Sidebar
   [22/12/2008|10:50] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [25/12/2007|20:52] C:\Program Files\Common Files\Adobe
   [25/12/2007|20:56] C:\Program Files\Common Files\DESIGNER
   [25/12/2007|20:45] C:\Program Files\Common Files\InstallShield
   [25/07/2008|20:31] C:\Program Files\Common Files\Java
   [25/12/2007|20:20] C:\Program Files\Common Files\LightScribe
   [16/12/2008|19:19] C:\Program Files\Common Files\microsoft shared
   [25/12/2007|20:20] C:\Program Files\Common Files\muvee Technologies
   [25/12/2007|20:21] C:\Program Files\Common Files\NewTech Infosystems
   [25/12/2007|21:02] C:\Program Files\Common Files\Oberon Media
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [06/01/2009|21:17] C:\Program Files\Common Files\Symantec Shared
   [30/08/2008|18:07] C:\Program Files\Common Files\System
   [16/12/2008|19:11] C:\Program Files\Common Files\Windows Live
   [20/07/2008|18:38] C:\Program Files\Common Files\WindowsLiveInstaller

   --------------------\  Process

   ( 83 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\Users\Louli\AppData\Local\Temp
si7D4B.tmp
   C:\Users\Louli\AppData\Local\Temp
soD26E.tmp
   C:\Users\Louli\AppData\Local\Temp
sp9DE6.tmp
   C:\Users\Louli\AppData\Local\Temp
spE3AD.tmp
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-02-23 22:07:59
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 46
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:127][D:19]-> C:\Users\Louli\AppData\Local\Temp
   [F:75][D:1]-> C:\Users\Louli\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:488][D:5]-> C:\Users\Louli\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:2][D:2]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 23/02/2009|22:09 - Option : [1]

   --------------------\  Fin du rapport a 22:09:38
   [ UAC => 1 ]

gil le fantom · Answer

Bonsoir

Relance Lop S&D


* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)


(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Louli42 · Answer

Bonsoir, 

Voici le nouveau rapport Lop S&D : 

--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual  CPU  T2370  @ 1.73GHz )
   BIOS : Default System BIOS
   USER : Louli ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security Online 2007 (Activated)
   Firewall  : Norton Internet Security Online 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total:111 Go (Free:63 Go)
   D:\ (Local Disk) - NTFS - Total:110 Go (Free:100 Go)
   E:\ (CD or DVD)
   G:\ (USB) - FAT - Total:1009 Mo (Free:0 Go)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 24/02/2009|21:29 )

   [ UAC => 1 ]


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\Users\Louli\AppData\Local\Temp
si7D4B.tmp
   Supprime! - C:\Users\Louli\AppData\Local\Temp
soD26E.tmp
   Supprime! - C:\Users\Louli\AppData\Local\Temp
sp9DE6.tmp
   Supprime! - C:\Users\Louli\AppData\Local\Temp
spE3AD.tmp
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans Local

   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\Acer Arcade Deluxe
   [19/07/2008|18:34] C:\Users\Louli\AppData\Local\acer eNM
   [21/07/2008|18:53] C:\Users\Louli\AppData\Local\Adobe
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Application Data 
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\CyberLink
   [15/02/2009|19:54] C:\Users\Louli\AppData\Local\d3d9caps.dat
   [17/01/2009|17:38] C:\Users\Louli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [17/02/2009|21:59] C:\Users\Louli\AppData\Local\dtsdrlnk
   [18/08/2008|19:52] C:\Users\Louli\AppData\Local\GDIPFONTCACHEV1.DAT
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Historique 
   [17/02/2009|21:58] C:\Users\Louli\AppData\Local\hlidedlp
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\HomeMedia
   [24/02/2009|20:48] C:\Users\Louli\AppData\Local\IconCache.db
   [21/12/2008|21:13] C:\Users\Louli\AppData\Local\Microsoft
   [12/09/2008|21:33] C:\Users\Louli\AppData\Local\Microsoft Games
   [22/07/2008|19:36] C:\Users\Louli\AppData\Local\Microsoft Help
   [20/07/2008|18:24] C:\Users\Louli\AppData\Local\Mozilla
   [19/07/2008|18:34] C:\Users\Louli\AppData\Local\PlayMovie
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\PowerCinema
   [24/02/2009|21:29] C:\Users\Louli\AppData\Local\Temp
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Temporary Internet Files 
   [14/02/2009|20:58] C:\Users\Louli\AppData\Local\TVU Networks
   [20/07/2008|18:42] C:\Users\Louli\AppData\Local\VirtualStore
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [09/02/2009 21:15][--a------] C:\Windows	asks\Norton Internet Security Online - Analyse systŠme complŠte - Louli.job
   [24/02/2009 20:50][--ah-----] C:\Windows	asks\SA.DAT
   [24/02/2009 20:48][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [25/12/2007|21:00] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
   [25/12/2007|20:52] C:\ProgramData\Adobe
   [02/11/2006|14:02] C:\ProgramData\Application Data 
   [19/07/2008|18:28] C:\ProgramData\Bureau 
   [26/02/2008|00:46] C:\ProgramData\CyberLink
   [02/11/2006|14:02] C:\ProgramData\Desktop 
   [02/11/2006|14:02] C:\ProgramData\Documents 
   [19/07/2008|18:28] C:\ProgramData\Favoris 
   [02/11/2006|14:02] C:\ProgramData\Favorites 
   [20/02/2009|21:54] C:\ProgramData\Malwarebytes
   [19/07/2008|18:28] C:\ProgramData\Menu D‚marrer 
   [20/07/2008|19:41] C:\ProgramData\Messenger Plus!
   [16/12/2008|19:11] C:\ProgramData\Microsoft
   [10/12/2008|20:53] C:\ProgramData\Microsoft Help
   [19/07/2008|18:28] C:\ProgramData\ModŠles 
   [30/08/2008|18:00] C:\ProgramData\NVIDIA
   [02/11/2006|14:02] C:\ProgramData\Start Menu 
   [24/02/2009|21:01] C:\ProgramData\Symantec
   [02/11/2006|14:02] C:\ProgramData\Templates 
   [14/02/2009|20:58] C:\ProgramData\TVU Networks
   [09/02/2009|21:32] C:\ProgramData\WindowsSearch
   [19/01/2009|21:49] C:\ProgramData\WLInstaller

   --------------------\  Listing des dossiers dans C:\Program Files

   [14/12/2008|14:08] C:\Program Files\7-Zip
   [26/02/2008|00:45] C:\Program Files\Acer Arcade Deluxe
   [25/12/2007|21:07] C:\Program Files\Acer GameZone
   [26/02/2008|00:49] C:\Program Files\Acer Inc
   [25/12/2007|21:00] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [25/12/2007|20:52] C:\Program Files\Adobe
   [19/07/2008|18:33] C:\Program Files\Apoint2K
   [17/02/2009|22:02] C:\Program Files\CCleaner
   [16/12/2008|19:11] C:\Program Files\Common Files
   [25/12/2007|19:13] C:\Program Files\CONEXANT
   [25/12/2007|20:45] C:\Program Files\CyberLink
   [19/07/2008|18:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [19/07/2008|18:33] C:\Program Files\InstallShield Installation Information
   [26/02/2008|00:40] C:\Program Files\Intel
   [30/08/2008|18:07] C:\Program Files\Internet Explorer
   [20/12/2008|23:15] C:\Program Files\Java
   [26/02/2008|00:44] C:\Program Files\Launch Manager
   [30/08/2008|20:16] C:\Program Files\LimeWire
   [20/02/2009|21:54] C:\Program Files\Malwarebytes' Anti-Malware
   [08/02/2009|19:55] C:\Program Files\Messenger Plus! Live
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [19/07/2008|18:50] C:\Program Files\Microsoft Office
   [10/09/2008|18:51] C:\Program Files\Microsoft Works
   [25/12/2007|20:56] C:\Program Files\Microsoft.NET
   [30/08/2008|18:08] C:\Program Files\Movie Maker
   [07/02/2009|13:20] C:\Program Files\Mozilla Firefox
   [02/11/2006|13:37] C:\Program Files\MSBuild
   [25/12/2007|19:51] C:\Program Files\MSXML 4.0
   [25/12/2007|20:21] C:\Program Files\NewTech Infosystems
   [09/08/2008|17:12] C:\Program Files\Norton Internet Security
   [25/12/2007|19:05] C:\Program Files\Realtek
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [06/01/2009|21:17] C:\Program Files\Symantec
   [20/02/2009|20:15] C:\Program Files\Trend Micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [01/11/2008|20:55] C:\Program Files\Veetle
   [03/10/2008|20:07] C:\Program Files\VideoLAN
   [30/08/2008|18:08] C:\Program Files\Windows Calendar
   [30/08/2008|18:07] C:\Program Files\Windows Collaboration
   [30/08/2008|18:07] C:\Program Files\Windows Defender
   [30/08/2008|18:07] C:\Program Files\Windows Journal
   [19/01/2009|21:50] C:\Program Files\Windows Live
   [16/12/2008|19:19] C:\Program Files\Windows Live SkyDrive
   [13/02/2009|21:39] C:\Program Files\Windows Mail
   [30/08/2008|18:07] C:\Program Files\Windows Media Player
   [19/07/2008|18:28] C:\Program Files\Windows NT
   [30/08/2008|18:07] C:\Program Files\Windows Photo Gallery
   [30/08/2008|18:08] C:\Program Files\Windows Sidebar
   [22/12/2008|10:50] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [25/12/2007|20:52] C:\Program Files\Common Files\Adobe
   [25/12/2007|20:56] C:\Program Files\Common Files\DESIGNER
   [25/12/2007|20:45] C:\Program Files\Common Files\InstallShield
   [25/07/2008|20:31] C:\Program Files\Common Files\Java
   [25/12/2007|20:20] C:\Program Files\Common Files\LightScribe
   [16/12/2008|19:19] C:\Program Files\Common Files\microsoft shared
   [25/12/2007|20:20] C:\Program Files\Common Files\muvee Technologies
   [25/12/2007|20:21] C:\Program Files\Common Files\NewTech Infosystems
   [25/12/2007|21:02] C:\Program Files\Common Files\Oberon Media
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [06/01/2009|21:17] C:\Program Files\Common Files\Symantec Shared
   [30/08/2008|18:07] C:\Program Files\Common Files\System
   [16/12/2008|19:11] C:\Program Files\Common Files\Windows Live
   [20/07/2008|18:38] C:\Program Files\Common Files\WindowsLiveInstaller

   --------------------\  Process

   ( 84 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-02-24 21:29:17
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1A120F75.emf 82580 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\236AA93.emf 82600 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\25F70F8F.emf 82580 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8773FB57.emf 610648 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8D183B78.emf 82580 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9A73725A.emf 82580 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A0A4D519.emf 82580 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2876D6C.emf 12880 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A4B7C846.emf 82568 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E2B5C444.emf 82580 bytes
   C:\Users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E605967D.emf 82580 bytes
   scan completed successfully
   hidden processes: 0
   hidden files: 57
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:128][D:14]-> C:\Users\Louli\AppData\Local\Temp
   [F:75][D:1]-> C:\Users\Louli\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:515][D:5]-> C:\Users\Louli\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:2][D:2]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 23/02/2009|22:09 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 24/02/2009|21:30 - Option : [2]

   --------------------\  Fin du rapport a 21:30:45
   [ UAC => 1 ]

Louli42 · Answer

Bonjour,
C'est juste pour signaler que mon problème perdure toujours. De plus, mon antivirus aurait détecté également un virus "Trojan". Je ne sais pas si cela est en rapport avec mon problème.

Merci par avance

gil le fantom · Answer

Bonjour,

toujour les pub CID ?

Louli42 · Answer

Bonsoir, 

Oui toujours les mêmes pubs !

gil le fantom · Answer

OK

Si tu as Messenger Plus!
tu vas dans le menu Démarrer 
tu clique sur panneau de configuration 
tu choisi le module ajout/suppression de programmes 
verifie si  le sponsor est désinstallé

puis tu refais ça

Louli42 · Answer

Bonjour,

Donc j'ai vérifié dans le panneau de configuration pour regarder si le sponsor de messenger plus était installé ou non (même si je ne l'ai jamais installé) et il ne me semble pas qu'il le soit. néanmoins, si tu pouvais me dire comment il s'intitule je pourrais en être sure ! 

Sinon voici le rapport demandé : 

 --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual  CPU  T2370  @ 1.73GHz )
   BIOS : Default System BIOS
   USER : Louli ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security Online 2007 (Activated)
   Firewall  : Norton Internet Security Online 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total:111 Go (Free:64 Go)
   D:\ (Local Disk) - NTFS - Total:110 Go (Free:100 Go)
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 01/03/2009|14:31 )

   [ UAC => 1 ]
 
   --------------------\  Listing des dossiers dans Local

   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\Acer Arcade Deluxe
   [19/07/2008|18:34] C:\Users\Louli\AppData\Local\acer eNM
   [21/07/2008|18:53] C:\Users\Louli\AppData\Local\Adobe
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Application Data 
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\CyberLink
   [01/03/2009|00:01] C:\Users\Louli\AppData\Local\d3d9caps.dat
   [17/01/2009|17:38] C:\Users\Louli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [17/02/2009|21:59] C:\Users\Louli\AppData\Local\dtsdrlnk
   [18/08/2008|19:52] C:\Users\Louli\AppData\Local\GDIPFONTCACHEV1.DAT
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Historique 
   [17/02/2009|21:58] C:\Users\Louli\AppData\Local\hlidedlp
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\HomeMedia
   [01/03/2009|00:09] C:\Users\Louli\AppData\Local\IconCache.db
   [21/12/2008|21:13] C:\Users\Louli\AppData\Local\Microsoft
   [12/09/2008|21:33] C:\Users\Louli\AppData\Local\Microsoft Games
   [22/07/2008|19:36] C:\Users\Louli\AppData\Local\Microsoft Help
   [20/07/2008|18:24] C:\Users\Louli\AppData\Local\Mozilla
   [19/07/2008|18:34] C:\Users\Louli\AppData\Local\PlayMovie
   [19/07/2008|21:10] C:\Users\Louli\AppData\Local\PowerCinema
   [01/03/2009|14:31] C:\Users\Louli\AppData\Local\Temp
   [19/07/2008|18:32] C:\Users\Louli\AppData\Local\Temporary Internet Files 
   [14/02/2009|20:58] C:\Users\Louli\AppData\Local\TVU Networks
   [20/07/2008|18:42] C:\Users\Louli\AppData\Local\VirtualStore
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [09/02/2009 21:15][--a------] C:\Windows	asks\Norton Internet Security Online - Analyse systŠme complŠte - Louli.job
   [01/03/2009 10:46][--ah-----] C:\Windows	asks\SA.DAT
   [01/03/2009 00:10][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [25/12/2007|21:00] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
   [25/12/2007|20:52] C:\ProgramData\Adobe
   [02/11/2006|14:02] C:\ProgramData\Application Data 
   [19/07/2008|18:28] C:\ProgramData\Bureau 
   [26/02/2008|00:46] C:\ProgramData\CyberLink
   [02/11/2006|14:02] C:\ProgramData\Desktop 
   [02/11/2006|14:02] C:\ProgramData\Documents 
   [19/07/2008|18:28] C:\ProgramData\Favoris 
   [02/11/2006|14:02] C:\ProgramData\Favorites 
   [20/02/2009|21:54] C:\ProgramData\Malwarebytes
   [19/07/2008|18:28] C:\ProgramData\Menu D‚marrer 
   [20/07/2008|19:41] C:\ProgramData\Messenger Plus!
   [16/12/2008|19:11] C:\ProgramData\Microsoft
   [10/12/2008|20:53] C:\ProgramData\Microsoft Help
   [19/07/2008|18:28] C:\ProgramData\ModŠles 
   [30/08/2008|18:00] C:\ProgramData\NVIDIA
   [02/11/2006|14:02] C:\ProgramData\Start Menu 
   [01/03/2009|11:38] C:\ProgramData\Symantec
   [02/11/2006|14:02] C:\ProgramData\Templates 
   [14/02/2009|20:58] C:\ProgramData\TVU Networks
   [09/02/2009|21:32] C:\ProgramData\WindowsSearch
   [19/01/2009|21:49] C:\ProgramData\WLInstaller

   --------------------\  Listing des dossiers dans C:\Program Files

   [14/12/2008|14:08] C:\Program Files\7-Zip
   [26/02/2008|00:45] C:\Program Files\Acer Arcade Deluxe
   [25/12/2007|21:07] C:\Program Files\Acer GameZone
   [26/02/2008|00:49] C:\Program Files\Acer Inc
   [25/12/2007|21:00] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [25/12/2007|20:52] C:\Program Files\Adobe
   [19/07/2008|18:33] C:\Program Files\Apoint2K
   [17/02/2009|22:02] C:\Program Files\CCleaner
   [16/12/2008|19:11] C:\Program Files\Common Files
   [25/12/2007|19:13] C:\Program Files\CONEXANT
   [25/12/2007|20:45] C:\Program Files\CyberLink
   [19/07/2008|18:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [19/07/2008|18:33] C:\Program Files\InstallShield Installation Information
   [26/02/2008|00:40] C:\Program Files\Intel
   [30/08/2008|18:07] C:\Program Files\Internet Explorer
   [20/12/2008|23:15] C:\Program Files\Java
   [26/02/2008|00:44] C:\Program Files\Launch Manager
   [30/08/2008|20:16] C:\Program Files\LimeWire
   [20/02/2009|21:54] C:\Program Files\Malwarebytes' Anti-Malware
   [08/02/2009|19:55] C:\Program Files\Messenger Plus! Live
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [19/07/2008|18:50] C:\Program Files\Microsoft Office
   [10/09/2008|18:51] C:\Program Files\Microsoft Works
   [25/12/2007|20:56] C:\Program Files\Microsoft.NET
   [30/08/2008|18:08] C:\Program Files\Movie Maker
   [07/02/2009|13:20] C:\Program Files\Mozilla Firefox
   [02/11/2006|13:37] C:\Program Files\MSBuild
   [25/12/2007|19:51] C:\Program Files\MSXML 4.0
   [25/12/2007|20:21] C:\Program Files\NewTech Infosystems
   [09/08/2008|17:12] C:\Program Files\Norton Internet Security
   [25/12/2007|19:05] C:\Program Files\Realtek
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [06/01/2009|21:17] C:\Program Files\Symantec
   [20/02/2009|20:15] C:\Program Files\Trend Micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [01/11/2008|20:55] C:\Program Files\Veetle
   [03/10/2008|20:07] C:\Program Files\VideoLAN
   [30/08/2008|18:08] C:\Program Files\Windows Calendar
   [30/08/2008|18:07] C:\Program Files\Windows Collaboration
   [30/08/2008|18:07] C:\Program Files\Windows Defender
   [30/08/2008|18:07] C:\Program Files\Windows Journal
   [19/01/2009|21:50] C:\Program Files\Windows Live
   [16/12/2008|19:19] C:\Program Files\Windows Live SkyDrive
   [13/02/2009|21:39] C:\Program Files\Windows Mail
   [30/08/2008|18:07] C:\Program Files\Windows Media Player
   [19/07/2008|18:28] C:\Program Files\Windows NT
   [30/08/2008|18:07] C:\Program Files\Windows Photo Gallery
   [30/08/2008|18:08] C:\Program Files\Windows Sidebar
   [22/12/2008|10:50] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [25/12/2007|20:52] C:\Program Files\Common Files\Adobe
   [25/12/2007|20:56] C:\Program Files\Common Files\DESIGNER
   [25/12/2007|20:45] C:\Program Files\Common Files\InstallShield
   [25/07/2008|20:31] C:\Program Files\Common Files\Java
   [25/12/2007|20:20] C:\Program Files\Common Files\LightScribe
   [16/12/2008|19:19] C:\Program Files\Common Files\microsoft shared
   [25/12/2007|20:20] C:\Program Files\Common Files\muvee Technologies
   [25/12/2007|20:21] C:\Program Files\Common Files\NewTech Infosystems
   [25/12/2007|21:02] C:\Program Files\Common Files\Oberon Media
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [06/01/2009|21:17] C:\Program Files\Common Files\Symantec Shared
   [30/08/2008|18:07] C:\Program Files\Common Files\System
   [16/12/2008|19:11] C:\Program Files\Common Files\Windows Live
   [20/07/2008|18:38] C:\Program Files\Common Files\WindowsLiveInstaller

   --------------------\  Process

   ( 84 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-03-01 14:31:53
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 46
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:159][D:14]-> C:\Users\Louli\AppData\Local\Temp
   [F:79][D:1]-> C:\Users\Louli\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:1089][D:5]-> C:\Users\Louli\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:2][D:2]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 23/02/2009|22:09 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 24/02/2009|21:30 - Option : [2]
   3 - "C:\Lop SD\LopR_3.txt" - 01/03/2009|14:33 - Option : [1]

   --------------------\  Fin du rapport a 14:33:21
   [ UAC => 1 ]

gil le fantom · Answer

Rien sur Lop SD

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> lis attentivement le tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

Louli42 · Answer

Bonjour, Et tout d'abord merci encore gil le fantome pour toute ton aide ! Voici le rapport combofix : ComboFix 09-03-02.03 - Louli 2009-03-03 20:54:36.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3069.1988 [GMT 1:00] Lancé depuis: c:\users\Louli\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini c:\drv\Tuner\Yuan\Resources\_desktop.ini c:\program files\Mozilla Firefox\components\4b095286-b0a2-6f7d-ef0b-6ed4683fc6b8.dll c:\program files\Mozilla Firefox\components\vlavmimkejshanp.dll c:\users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp2847.tmp c:\users\Louli\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9201.tmp c:\windows\bacn73658.exe c:\windows\ckju6768.exe c:\windows\dfejr1137.exe c:\windows\eubec5801.exe c:\windows\fnmw7870.exe c:\windows\jnnmp1381.exe c:\windows\laci82862.exe c:\windows\rhjp24204.exe c:\windows\system32\_sxbulagyumx.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 )))))))))))))))))))))))))))))))))))) . 2009-03-02 21:00 . 2009-03-02 21:00 d-------- c:\windows\System32\drivers\NIS 2009-03-02 21:00 . 2009-03-02 21:00 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS 2009-03-02 21:00 . 2009-03-02 21:00 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys 2009-03-02 21:00 . 2009-03-02 21:00 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT 2009-03-02 21:00 . 2009-03-02 21:00 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF 2009-03-02 20:59 . 2009-03-02 20:59 d-------- c:\program files\Norton Internet Security 2009-03-02 20:53 . 2009-03-02 20:53 d-------- c:\users\All Users\PCSettings 2009-03-02 20:53 . 2009-03-02 20:53 d-------- c:\users\All Users\NortonInstaller 2009-03-02 20:53 . 2009-03-02 21:01 d-------- c:\users\All Users\Norton 2009-03-02 20:53 . 2009-03-02 20:53 d-------- c:\programdata\PCSettings 2009-03-02 20:53 . 2009-03-02 20:53 d-------- c:\programdata\NortonInstaller 2009-03-02 20:53 . 2009-03-02 21:01 d-------- c:\programdata\Norton 2009-03-02 20:53 . 2009-03-02 20:53 d-------- c:\program files\NortonInstaller 2009-02-23 22:07 . 2009-03-01 14:33 d-------- C:\Lop SD 2009-02-21 15:25 . 2008-11-06 02:03 d-------- C:\SDFix 2009-02-21 10:53 . 2009-02-21 11:22 d-------- C:\ToolBar SD 2009-02-20 21:54 . 2009-02-20 21:54 d-------- c:\users\Louli\AppData\Roaming\Malwarebytes 2009-02-20 21:54 . 2009-02-20 21:54 d-------- c:\users\All Users\Malwarebytes 2009-02-20 21:54 . 2009-02-20 21:54 d-------- c:\programdata\Malwarebytes 2009-02-20 21:54 . 2009-02-20 21:54 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-20 21:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-20 21:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-20 20:15 . 2009-02-20 20:15 d-------- c:\program files\Trend Micro 2009-02-18 18:53 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-18 18:53 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-18 18:53 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-18 18:53 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-18 18:53 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-17 22:02 . 2009-02-17 22:02 d-------- c:\program files\CCleaner 2009-02-17 21:58 . 2009-02-17 21:58 381,952 --a------ c:\windows\rgmonsvc.exe 2009-02-17 21:58 . 2009-02-17 21:59 380,928 --a------ c:\windows\rgmonsvc1.exe 2009-02-14 20:58 . 2009-02-14 20:58 d-------- c:\users\All Users\TVU Networks 2009-02-14 20:58 . 2009-02-14 20:58 d-------- c:\programdata\TVU Networks 2009-02-12 20:37 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-12 20:37 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-09 21:32 . 2009-02-09 21:32 d-------- c:\users\All Users\WindowsSearch 2009-02-09 21:32 . 2009-02-09 21:32 d-------- c:\programdata\WindowsSearch . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-02 20:36 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-02 20:01 --------- d-----w c:\programdata\Symantec 2009-03-02 20:00 --------- d-----w c:\program files\Symantec 2009-02-17 20:52 --------- d-----w c:\users\Louli\AppData\Roaming\LimeWire 2009-02-13 20:39 --------- d-----w c:\program files\Windows Mail 2009-02-08 18:55 --------- d-----w c:\program files\Messenger Plus! Live 2009-01-19 20:50 --------- d-----w c:\program files\Windows Live 2009-01-19 20:49 --------- d-----w c:\programdata\WLInstaller 2008-12-20 22:15 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-10-04 15:13 27,839 ----a-w c:\users\Louli\AppData\Roaming\nvModes.dat 2008-08-30 17:16 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-10 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-10 8501792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-10 81920] "hlidedlp"="c:\users\Louli\AppData\Local\hlidedlp\hlidedlp.exe" [2009-02-17 856064] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe] c:\users\Louli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - c:\users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-16 143360] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-25 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{95A7975D-F577-4067-AC0A-954BCF96402E}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{5F29E5F7-5482-49D6-9F4E-1BF6426FA02D}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{94900125-AC46-4578-9B8C-4800245D3DA6}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{50E87D2A-F768-47F4-8DB9-99477B0B2538}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{032D76A3-1403-40E4-8D3F-EDAC700F61D3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F9A7E859-6350-444F-A69B-AE53485A6107}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{301A59B9-557A-45D7-B3BE-C42C5AD69822}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{70F82F78-0E74-471F-AC7F-9BDA5FD5B33C}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{1688444F-5166-41CD-B24B-21F9A0CA8B59}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{D6F7C188-7DAC-4306-AFAC-EA0514AE4F5A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{73E512F6-6F17-4194-8DC9-CC336606AE1E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{8E5F13DF-558D-4F23-85EB-518D85B16A96}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{0887A2B4-E29F-47F2-A6E2-00A9899DBDA0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{FFA3DB89-9CC9-49F9-993C-FD913524BB46}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{CA6F5CE5-2A65-4E31-B34A-B50C96A5BB06}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{5DE7AA61-491A-4394-A48F-745DD4687B9A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000.07D\SymEFA.sys [2009-03-02 309296] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-03-02 254512] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-03-02 362544] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090225.002\IDSvix86.sys [2009-03-03 292912] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2008-02-26 00:45:54 41456] R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-12-25 50688] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-03-02 115560] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2007-12-26 32256] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-02 101936] R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [2009-03-02 40496] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-12-26 180736] S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-07-20 80744] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3559477d-d9b8-11dd-a286-c0aadbc4484b}] \shell\Auto\command - cmd /C launch.bat \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Acer Tour Reminder - (no file) HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mWindow Title = uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {939D50ED-7C0C-4B95-9429-5A842E93DF60} = 194.117.200.10,194.117.200.15 FF - ProfilePath - c:\users\Louli\AppData\Roaming\Mozilla\Firefox\Profiles\wqup306v.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q= 1 fichier(s) déplacé(s). FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLC\npvlc.dll FF - plugin: c:\users\Louli\AppData\Roaming\Mozilla\Firefox\Profiles\wqup306v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll ---- PARAMETRES FIREFOX ---- FF - user.js: google.toolbar.linkdoctor.enabled - false FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q= FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q= FF - user.js: keyword.enabled - true . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-03 20:56:34 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\users\Louli\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . Et voici également le rapport hijackthis comme demandé : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:07:50, on 03/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Windows\BR040286.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Users\Louli\AppData\Local\hlidedlp\hlidedlp.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [hlidedlp] "C:\Users\Louli\AppData\Local\hlidedlp\hlidedlp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Louli\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{939D50ED-7C0C-4B95-9429-5A842E93DF60}: NameServer = 194.117.200.10,194.117.200.15 O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Louli42 · Answer

bonjour, 

depuis cette manip, apparemment, plus de pubs intempestives ! 
J'espère que c'est bon signe ! ! !

Pubs Contextual ads by Snappyads

43 réponses

Discussions similaires