Sujet Précédent Sujet Suivant

Ads Served by Adssite

jyg -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je n'arrive pas à me débarasser de Ads Served by Adssite. J'ai déjà utilisé Ad Aware 2008, Spybot, A-squared, Avg antispyware, il réapparait quand même de temps en temps.
merci de m'indiquer comment procéder pour enfin éradiquer cette saloperie.

Jyg

11 réponses

Réponse 1 / 11
jyg
 
Voici le rapport Loop S&D :

--------------------\\ Lop S&D 4.2.4-6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mélodie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081020-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 66 Go Free : 12 Go
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total : 952 Mo Free : 0 Go

"C:\Lop SD" ( MAJ : 20-10-2008|20:35 )
Option : [1] ( 21/10/2008|15:47 )

--------------------\\ Listing des dossiers dans APPLIC~1

[19/07/2004|15:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[24/11/2006|11:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
[19/07/2004|09:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[16/07/2004|23:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/07/2004|15:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
[02/08/2004|15:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[16/07/2004|23:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[19/07/2004|09:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

[29/03/2008|15:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[28/09/2008|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\agi
[26/05/2005|08:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[19/07/2004|09:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[08/08/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[29/05/2005|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[19/07/2004|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[29/09/2007|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[21/10/2008|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[28/09/2008|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar
[18/10/2008|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/10/2008|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[07/06/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/10/2008|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/10/2007|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[29/11/2006|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[30/08/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[05/06/2005|17:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[16/07/2004|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/03/2005|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[21/10/2008|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf
[19/10/2008|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[19/07/2004|09:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[27/10/2007|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[23/08/2007|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[06/10/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[06/10/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07/04/2008|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[29/08/2008|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[19/07/2004|15:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[24/11/2006|11:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
[19/07/2004|09:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Help
[16/07/2004|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[19/07/2004|15:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[02/08/2004|15:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[16/07/2004|23:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[19/07/2004|09:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[28/09/2008|17:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[02/10/2008|20:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[31/05/2008|11:05] C:\DOCUME~1\Mlodie\APPLIC~1\Adobe

[08/07/2008|22:25] C:\DOCUME~1\MLODIE~1\APPLIC~1\Adobe
[28/09/2008|17:41] C:\DOCUME~1\MLODIE~1\APPLIC~1\agi
[12/08/2007|21:32] C:\DOCUME~1\MLODIE~1\APPLIC~1\Ahead
[26/10/2007|18:31] C:\DOCUME~1\MLODIE~1\APPLIC~1\Aim
[24/11/2006|11:54] C:\DOCUME~1\MLODIE~1\APPLIC~1\AOL
[03/09/2008|07:46] C:\DOCUME~1\MLODIE~1\APPLIC~1\Apple Computer
[22/01/2007|19:59] C:\DOCUME~1\MLODIE~1\APPLIC~1\CyberLink
[29/09/2007|20:54] C:\DOCUME~1\MLODIE~1\APPLIC~1\Google
[19/07/2004|09:07] C:\DOCUME~1\MLODIE~1\APPLIC~1\Help
[30/08/2008|14:06] C:\DOCUME~1\MLODIE~1\APPLIC~1\Identities
[19/07/2004|15:02] C:\DOCUME~1\MLODIE~1\APPLIC~1\InterTrust
[03/08/2008|23:59] C:\DOCUME~1\MLODIE~1\APPLIC~1\LimeWire
[03/10/2007|21:34] C:\DOCUME~1\MLODIE~1\APPLIC~1\Macromedia
[19/10/2008|00:21] C:\DOCUME~1\MLODIE~1\APPLIC~1\Malwarebytes
[06/10/2008|19:50] C:\DOCUME~1\MLODIE~1\APPLIC~1\Microsoft
[22/10/2007|14:19] C:\DOCUME~1\MLODIE~1\APPLIC~1\Mozilla
[08/03/2008|17:33] C:\DOCUME~1\MLODIE~1\APPLIC~1\MSN6
[21/10/2008|11:35] C:\DOCUME~1\MLODIE~1\APPLIC~1\OpenOffice.org2
[30/08/2008|14:07] C:\DOCUME~1\MLODIE~1\APPLIC~1\PlayFirst
[24/11/2007|22:11] C:\DOCUME~1\MLODIE~1\APPLIC~1\Sun
[22/10/2007|14:19] C:\DOCUME~1\MLODIE~1\APPLIC~1\Talkback
[21/10/2008|07:19] C:\DOCUME~1\MLODIE~1\APPLIC~1\way global dash
[06/10/2008|19:48] C:\DOCUME~1\MLODIE~1\APPLIC~1\Windows Live Writer
[19/07/2004|09:13] C:\DOCUME~1\MLODIE~1\APPLIC~1\You've Got Pictures Screensaver
[30/08/2008|14:06] C:\DOCUME~1\MLODIE~1\APPLIC~1\Zylom

[29/09/2008|21:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[21/10/2008 15:00][--ah-----] C:\WINDOWS\tasks\ACCC5D6393B7D183.job
[16/07/2008 10:11][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[12/07/2008 13:05][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[24/04/2003 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[20/10/2008 21:01][--ah-----] C:\WINDOWS\tasks\SA.DAT

( ACCC5D6393B7D183.job )=( c:\docume~1\mlodie~1\applic~1\wayglo~1\Bashgrimcash.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[05/05/2008|10:45] C:\Program Files\Adobe
[23/08/2007|16:00] C:\Program Files\ADSL Drivers
[28/09/2008|17:32] C:\Program Files\AGI
[26/05/2005|08:57] C:\Program Files\Ahead
[08/03/2008|17:39] C:\Program Files\Alwil Software
[21/10/2008|09:15] C:\Program Files\AOL 7.0
[21/10/2008|09:15] C:\Program Files\AOL 7.0a
[08/08/2008|18:35] C:\Program Files\AOL 7.0b
[21/10/2008|11:07] C:\Program Files\a-squared Free
[19/07/2004|09:06] C:\Program Files\ATI Technologies
[02/05/2008|14:09] C:\Program Files\CCleaner
[25/07/2008|14:51] C:\Program Files\Circle Developement
[16/07/2004|23:36] C:\Program Files\Cr‚ez votre site Web
[19/07/2004|09:23] C:\Program Files\CyberLink
[22/10/2007|14:16] C:\Program Files\DivX
[21/05/2008|22:09] C:\Program Files\DK
[08/08/2008|18:48] C:\Program Files\Empire Interactive
[21/08/2008|17:37] C:\Program Files\eMule
[20/08/2008|14:27] C:\Program Files\EPSON
[17/10/2008|22:29] C:\Program Files\FenAffiche
[18/10/2008|23:31] C:\Program Files\Fichiers communs
[21/09/2008|16:12] C:\Program Files\Football Generation
[14/01/2007|11:19] C:\Program Files\FSX_Screensaver
[29/09/2007|17:18] C:\Program Files\Google
[21/10/2008|11:09] C:\Program Files\Grisoft
[05/05/2008|10:13] C:\Program Files\HDD Health
[03/05/2008|19:19] C:\Program Files\HealthMonitor
[16/07/2004|23:34] C:\Program Files\HighMAT CD Writing Wizard
[21/09/2008|16:03] C:\Program Files\InstallShield Installation Information
[15/10/2008|23:54] C:\Program Files\Internet Explorer
[08/03/2008|18:11] C:\Program Files\Java
[28/09/2008|17:41] C:\Program Files\Kiwee Toolbar
[09/03/2008|12:23] C:\Program Files\Lavalys
[18/10/2008|23:31] C:\Program Files\Lavasoft
[19/07/2004|09:13] C:\Program Files\Learn2.com
[29/08/2008|23:59] C:\Program Files\LimeWire
[19/10/2008|00:21] C:\Program Files\Malwarebytes' Anti-Malware
[19/10/2008|04:15] C:\Program Files\Messenger
[06/10/2008|20:41] C:\Program Files\Messenger Plus! Live
[02/10/2008|19:21] C:\Program Files\Microsoft
[01/03/2005|12:36] C:\Program Files\microsoft frontpage
[12/07/2008|13:10] C:\Program Files\Microsoft LifeCam
[01/03/2005|12:30] C:\Program Files\Microsoft Office
[08/06/2005|16:28] C:\Program Files\Microsoft R‚f‚rence
[10/04/2008|18:13] C:\Program Files\Microsoft SQL Server Compact Edition
[01/03/2005|12:37] C:\Program Files\Microsoft Visual Studio
[03/05/2008|19:32] C:\Program Files\Motherboard Monitor 5
[19/10/2008|04:10] C:\Program Files\Movie Maker
[21/10/2008|14:59] C:\Program Files\Mozilla Firefox
[06/10/2008|19:36] C:\Program Files\MSECACHE
[16/07/2004|23:20] C:\Program Files\MSN
[16/07/2004|23:20] C:\Program Files\MSN Gaming Zone
[19/10/2008|20:21] C:\Program Files\Navilog1
[19/10/2008|04:07] C:\Program Files\NetMeeting
[21/09/2008|16:21] C:\Program Files\NRJ
[19/03/2008|15:36] C:\Program Files\OpenOffice.org 2.3
[19/10/2008|04:07] C:\Program Files\Outlook Express
[18/10/2007|16:56] C:\Program Files\PC Camera
[28/03/2007|17:05] C:\Program Files\Philips
[16/07/2004|23:35] C:\Program Files\Phoenix Technologies Ltd
[31/05/2008|12:52] C:\Program Files\PhotoFiltre
[19/07/2004|10:22] C:\Program Files\Pinnacle
[08/08/2008|19:05] C:\Program Files\QuickTime
[19/07/2004|09:13] C:\Program Files\Real
[16/06/2007|10:20] C:\Program Files\Sega
[16/07/2004|23:22] C:\Program Files\Services en ligne
[01/03/2005|12:30] C:\Program Files\Snapshot Viewer
[03/05/2008|19:35] C:\Program Files\SpeedFan
[18/10/2008|23:52] C:\Program Files\Spybot - Search & Destroy
[18/03/2008|17:12] C:\Program Files\SSC Service Utility
[17/06/2007|16:09] C:\Program Files\The Adventure Company
[29/12/2007|12:18] C:\Program Files\The K-Ball
[01/03/2005|12:42] C:\Program Files\Thomson
[30/07/2005|07:51] C:\Program Files\Uninstall Information
[19/07/2004|09:13] C:\Program Files\Viewpoint
[21/10/2008|07:19] C:\Program Files\way global dash
[06/10/2008|19:37] C:\Program Files\Windows Installer Clean Up
[16/07/2004|23:34] C:\Program Files\Windows Journal Viewer
[02/10/2008|19:45] C:\Program Files\Windows Live
[29/09/2008|19:20] C:\Program Files\Windows Live Favorites
[02/10/2008|19:42] C:\Program Files\Windows Live Toolbar
[18/04/2008|11:40] C:\Program Files\Windows Media Components
[27/10/2007|19:35] C:\Program Files\Windows Media Connect 2
[19/10/2008|04:07] C:\Program Files\Windows Media Player
[19/10/2008|04:07] C:\Program Files\Windows NT
[17/11/2005|17:57] C:\Program Files\WinRAR
[26/05/2005|09:04] C:\Program Files\WinZip 8.1 Fr
[16/07/2004|23:29] C:\Program Files\xerox
[07/04/2008|11:38] C:\Program Files\Yahoo!
[02/09/2008|18:59] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[05/05/2008|10:44] C:\Program Files\Fichiers communs\Adobe
[26/05/2005|08:52] C:\Program Files\Fichiers communs\Ahead
[15/08/2008|21:55] C:\Program Files\Fichiers communs\AOL
[10/04/2007|15:13] C:\Program Files\Fichiers communs\aolshare
[01/03/2005|12:26] C:\Program Files\Fichiers communs\Designer
[09/04/2007|16:45] C:\Program Files\Fichiers communs\DirectX
[02/03/2005|10:40] C:\Program Files\Fichiers communs\EPSON
[18/10/2007|16:53] C:\Program Files\Fichiers communs\InstallShield
[29/08/2007|18:43] C:\Program Files\Fichiers communs\Java
[06/10/2008|19:59] C:\Program Files\Fichiers communs\Microsoft Shared
[16/07/2004|23:21] C:\Program Files\Fichiers communs\MSSoap
[19/07/2004|09:13] C:\Program Files\Fichiers communs\Nullsoft
[18/10/2007|16:56] C:\Program Files\Fichiers communs\PAC207
[19/07/2004|09:13] C:\Program Files\Fichiers communs\Real
[16/07/2004|23:21] C:\Program Files\Fichiers communs\Services
[17/07/2004|00:17] C:\Program Files\Fichiers communs\SpeechEngines
[19/10/2008|04:07] C:\Program Files\Fichiers communs\System
[02/10/2008|19:15] C:\Program Files\Fichiers communs\Windows Live
[13/11/2007|13:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[18/10/2008|23:31] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 43 Processes )

IEXPLORE.EXE ~ [PID:2696]
IEXPLORE.EXE ~ [PID:2140]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\Dvd Film.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\media boob.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\Sign Proxy.exe
C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1
C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\Bash grim cash.exe
C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\jmvtwqsz.exe
C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\soapplatformknobsave.exe
C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\Team Trust.exe
C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\vvvbglxv.exe
C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\xdbdwqdc.exe
C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\ylnhyxlf.exe
C:\Program Files\wayglo~1
C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp\nsp2DB.tmp
C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp\nsr2DA.tmp
C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp\nsy28E.tmp
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\MLODIE~1\Cookies\mélodie@banner.cotedazurpalace[1].txt
C:\DOCUME~1\MLODIE~1\Cookies\mélodie@adopt.euroclick[2].txt
C:\DOCUME~1\MLODIE~1\Cookies\mélodie@pacificpoker[1].txt
C:\WINDOWS\Tasks\ACCC5D6393B7D183.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LiesMpeg"="C:\\DOCUME~1\\MLODIE~1\\APPLIC~1\\WAYGLO~1\\Team Trust.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAST SURF BROWSE TOOL"="C:\\Documents and Settings\\All Users\\Application Data\\Shim Cdrom Cast Surf\\Sign Proxy.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 15:49:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 891

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:33][D:16]-> C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp
[F:34][D:0]-> C:\DOCUME~1\MLODIE~1\Cookies
[F:222][D:4]-> C:\DOCUME~1\MLODIE~1\LOCALS~1\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 21/10/2008|15:51 - Option : [1]

--------------------\\ Fin du rapport a 15:51:15
0
Réponse 2 / 11
jyg
 
Voici le rapport de Loop S&D option 2, puis celui de Hijackthis.

Concernant mes soucis, j'espère que ta parfaite intervention me permettra de faire fonctionner ce PC sans problème maintenant. Je ne sais pas ce qui a pu se passer, la machine ne m'appartient pas, mais je sais que ce PC est utilisé par des jeunes filles (18 et 15 ans) et que la sécurité n'est pas leur tasse de thé... L'utilisation de MSN ainsi que des téléchargements sans doute risqués n'ont pas dû arranger la situation de cette pauvre machine.
Je vais donc les sermonner, mais sans trop me faire d'illusion sur la suite.

Pour infos, je remarque que dans les processus, iexplore n'est pas dans la liste alors qu'il apparaissait systématiquement, même après avoir déconnecté MSN, c'est une information intéressante ?????

Encore merci mille fois.

Jyg

--------------------\\ Lop S&D 4.2.4-6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mélodie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081020-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 66 Go Free : 12 Go
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 20-10-2008|20:35 )
Option : [2] ( 21/10/2008|16:11 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\Dvd Film.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\media boob.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\Sign Proxy.exe
Supprime! - C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\Bash grim cash.exe
Supprime! - C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\jmvtwqsz.exe
Supprime! - C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\soapplatformknobsave.exe
Supprime! - C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\Team Trust.exe
Supprime! - C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\vvvbglxv.exe
Supprime! - C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\xdbdwqdc.exe
Supprime! - C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1\ylnhyxlf.exe
Supprime! - C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp\nsp2DB.tmp
Supprime! - C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp\nsr2DA.tmp
Supprime! - C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp\nsy28E.tmp
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\DOCUME~1\MLODIE~1\Cookies\mélodie@banner.cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\MLODIE~1\Cookies\mélodie@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\MLODIE~1\Cookies\mélodie@pacificpoker[1].txt
Supprime! - C:\WINDOWS\Tasks\ACCC5D6393B7D183.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf
Supprime! - C:\DOCUME~1\MLODIE~1\APPLIC~1\wayglo~1
Supprime! - C:\Program Files\wayglo~1
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[19/07/2004|15:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[24/11/2006|11:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
[19/07/2004|09:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[16/07/2004|23:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/07/2004|15:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
[02/08/2004|15:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[16/07/2004|23:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[19/07/2004|09:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

[29/03/2008|15:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[28/09/2008|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\agi
[26/05/2005|08:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[19/07/2004|09:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[08/08/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[29/05/2005|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[19/07/2004|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[29/09/2007|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[21/10/2008|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[28/09/2008|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar
[18/10/2008|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/10/2008|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[07/06/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/10/2008|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/10/2007|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[29/11/2006|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[30/08/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[05/06/2005|17:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[16/07/2004|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/03/2005|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[19/10/2008|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[27/10/2007|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[23/08/2007|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[06/10/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[06/10/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07/04/2008|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[29/08/2008|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[19/07/2004|15:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[24/11/2006|11:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
[19/07/2004|09:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Help
[16/07/2004|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[19/07/2004|15:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[02/08/2004|15:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[16/07/2004|23:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[19/07/2004|09:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[28/09/2008|17:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[02/10/2008|20:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[31/05/2008|11:05] C:\DOCUME~1\Mlodie\APPLIC~1\Adobe

[08/07/2008|22:25] C:\DOCUME~1\MLODIE~1\APPLIC~1\Adobe
[28/09/2008|17:41] C:\DOCUME~1\MLODIE~1\APPLIC~1\agi
[12/08/2007|21:32] C:\DOCUME~1\MLODIE~1\APPLIC~1\Ahead
[26/10/2007|18:31] C:\DOCUME~1\MLODIE~1\APPLIC~1\Aim
[24/11/2006|11:54] C:\DOCUME~1\MLODIE~1\APPLIC~1\AOL
[03/09/2008|07:46] C:\DOCUME~1\MLODIE~1\APPLIC~1\Apple Computer
[22/01/2007|19:59] C:\DOCUME~1\MLODIE~1\APPLIC~1\CyberLink
[29/09/2007|20:54] C:\DOCUME~1\MLODIE~1\APPLIC~1\Google
[19/07/2004|09:07] C:\DOCUME~1\MLODIE~1\APPLIC~1\Help
[30/08/2008|14:06] C:\DOCUME~1\MLODIE~1\APPLIC~1\Identities
[19/07/2004|15:02] C:\DOCUME~1\MLODIE~1\APPLIC~1\InterTrust
[03/08/2008|23:59] C:\DOCUME~1\MLODIE~1\APPLIC~1\LimeWire
[03/10/2007|21:34] C:\DOCUME~1\MLODIE~1\APPLIC~1\Macromedia
[19/10/2008|00:21] C:\DOCUME~1\MLODIE~1\APPLIC~1\Malwarebytes
[06/10/2008|19:50] C:\DOCUME~1\MLODIE~1\APPLIC~1\Microsoft
[22/10/2007|14:19] C:\DOCUME~1\MLODIE~1\APPLIC~1\Mozilla
[08/03/2008|17:33] C:\DOCUME~1\MLODIE~1\APPLIC~1\MSN6
[21/10/2008|11:35] C:\DOCUME~1\MLODIE~1\APPLIC~1\OpenOffice.org2
[30/08/2008|14:07] C:\DOCUME~1\MLODIE~1\APPLIC~1\PlayFirst
[24/11/2007|22:11] C:\DOCUME~1\MLODIE~1\APPLIC~1\Sun
[22/10/2007|14:19] C:\DOCUME~1\MLODIE~1\APPLIC~1\Talkback
[06/10/2008|19:48] C:\DOCUME~1\MLODIE~1\APPLIC~1\Windows Live Writer
[19/07/2004|09:13] C:\DOCUME~1\MLODIE~1\APPLIC~1\You've Got Pictures Screensaver
[30/08/2008|14:06] C:\DOCUME~1\MLODIE~1\APPLIC~1\Zylom

[29/09/2008|21:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[16/07/2008 10:11][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[12/07/2008 13:05][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[24/04/2003 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[20/10/2008 21:01][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Listing des dossiers dans C:\Program Files

[05/05/2008|10:45] C:\Program Files\Adobe
[23/08/2007|16:00] C:\Program Files\ADSL Drivers
[28/09/2008|17:32] C:\Program Files\AGI
[26/05/2005|08:57] C:\Program Files\Ahead
[08/03/2008|17:39] C:\Program Files\Alwil Software
[21/10/2008|09:15] C:\Program Files\AOL 7.0
[21/10/2008|09:15] C:\Program Files\AOL 7.0a
[08/08/2008|18:35] C:\Program Files\AOL 7.0b
[21/10/2008|11:07] C:\Program Files\a-squared Free
[19/07/2004|09:06] C:\Program Files\ATI Technologies
[02/05/2008|14:09] C:\Program Files\CCleaner
[16/07/2004|23:36] C:\Program Files\Cr‚ez votre site Web
[19/07/2004|09:23] C:\Program Files\CyberLink
[22/10/2007|14:16] C:\Program Files\DivX
[21/05/2008|22:09] C:\Program Files\DK
[08/08/2008|18:48] C:\Program Files\Empire Interactive
[21/08/2008|17:37] C:\Program Files\eMule
[20/08/2008|14:27] C:\Program Files\EPSON
[17/10/2008|22:29] C:\Program Files\FenAffiche
[18/10/2008|23:31] C:\Program Files\Fichiers communs
[21/09/2008|16:12] C:\Program Files\Football Generation
[14/01/2007|11:19] C:\Program Files\FSX_Screensaver
[29/09/2007|17:18] C:\Program Files\Google
[21/10/2008|11:09] C:\Program Files\Grisoft
[05/05/2008|10:13] C:\Program Files\HDD Health
[03/05/2008|19:19] C:\Program Files\HealthMonitor
[16/07/2004|23:34] C:\Program Files\HighMAT CD Writing Wizard
[21/09/2008|16:03] C:\Program Files\InstallShield Installation Information
[15/10/2008|23:54] C:\Program Files\Internet Explorer
[08/03/2008|18:11] C:\Program Files\Java
[28/09/2008|17:41] C:\Program Files\Kiwee Toolbar
[09/03/2008|12:23] C:\Program Files\Lavalys
[18/10/2008|23:31] C:\Program Files\Lavasoft
[19/07/2004|09:13] C:\Program Files\Learn2.com
[29/08/2008|23:59] C:\Program Files\LimeWire
[19/10/2008|00:21] C:\Program Files\Malwarebytes' Anti-Malware
[19/10/2008|04:15] C:\Program Files\Messenger
[06/10/2008|20:41] C:\Program Files\Messenger Plus! Live
[02/10/2008|19:21] C:\Program Files\Microsoft
[01/03/2005|12:36] C:\Program Files\microsoft frontpage
[12/07/2008|13:10] C:\Program Files\Microsoft LifeCam
[01/03/2005|12:30] C:\Program Files\Microsoft Office
[08/06/2005|16:28] C:\Program Files\Microsoft R‚f‚rence
[10/04/2008|18:13] C:\Program Files\Microsoft SQL Server Compact Edition
[01/03/2005|12:37] C:\Program Files\Microsoft Visual Studio
[03/05/2008|19:32] C:\Program Files\Motherboard Monitor 5
[19/10/2008|04:10] C:\Program Files\Movie Maker
[21/10/2008|14:59] C:\Program Files\Mozilla Firefox
[06/10/2008|19:36] C:\Program Files\MSECACHE
[16/07/2004|23:20] C:\Program Files\MSN
[16/07/2004|23:20] C:\Program Files\MSN Gaming Zone
[19/10/2008|20:21] C:\Program Files\Navilog1
[19/10/2008|04:07] C:\Program Files\NetMeeting
[21/09/2008|16:21] C:\Program Files\NRJ
[19/03/2008|15:36] C:\Program Files\OpenOffice.org 2.3
[19/10/2008|04:07] C:\Program Files\Outlook Express
[18/10/2007|16:56] C:\Program Files\PC Camera
[28/03/2007|17:05] C:\Program Files\Philips
[16/07/2004|23:35] C:\Program Files\Phoenix Technologies Ltd
[31/05/2008|12:52] C:\Program Files\PhotoFiltre
[19/07/2004|10:22] C:\Program Files\Pinnacle
[08/08/2008|19:05] C:\Program Files\QuickTime
[19/07/2004|09:13] C:\Program Files\Real
[16/06/2007|10:20] C:\Program Files\Sega
[16/07/2004|23:22] C:\Program Files\Services en ligne
[01/03/2005|12:30] C:\Program Files\Snapshot Viewer
[03/05/2008|19:35] C:\Program Files\SpeedFan
[18/10/2008|23:52] C:\Program Files\Spybot - Search & Destroy
[18/03/2008|17:12] C:\Program Files\SSC Service Utility
[17/06/2007|16:09] C:\Program Files\The Adventure Company
[29/12/2007|12:18] C:\Program Files\The K-Ball
[01/03/2005|12:42] C:\Program Files\Thomson
[30/07/2005|07:51] C:\Program Files\Uninstall Information
[06/10/2008|19:37] C:\Program Files\Windows Installer Clean Up
[16/07/2004|23:34] C:\Program Files\Windows Journal Viewer
[02/10/2008|19:45] C:\Program Files\Windows Live
[29/09/2008|19:20] C:\Program Files\Windows Live Favorites
[02/10/2008|19:42] C:\Program Files\Windows Live Toolbar
[18/04/2008|11:40] C:\Program Files\Windows Media Components
[27/10/2007|19:35] C:\Program Files\Windows Media Connect 2
[19/10/2008|04:07] C:\Program Files\Windows Media Player
[19/10/2008|04:07] C:\Program Files\Windows NT
[17/11/2005|17:57] C:\Program Files\WinRAR
[26/05/2005|09:04] C:\Program Files\WinZip 8.1 Fr
[16/07/2004|23:29] C:\Program Files\xerox
[07/04/2008|11:38] C:\Program Files\Yahoo!
[02/09/2008|18:59] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[05/05/2008|10:44] C:\Program Files\Fichiers communs\Adobe
[26/05/2005|08:52] C:\Program Files\Fichiers communs\Ahead
[15/08/2008|21:55] C:\Program Files\Fichiers communs\AOL
[10/04/2007|15:13] C:\Program Files\Fichiers communs\aolshare
[01/03/2005|12:26] C:\Program Files\Fichiers communs\Designer
[09/04/2007|16:45] C:\Program Files\Fichiers communs\DirectX
[02/03/2005|10:40] C:\Program Files\Fichiers communs\EPSON
[18/10/2007|16:53] C:\Program Files\Fichiers communs\InstallShield
[29/08/2007|18:43] C:\Program Files\Fichiers communs\Java
[06/10/2008|19:59] C:\Program Files\Fichiers communs\Microsoft Shared
[16/07/2004|23:21] C:\Program Files\Fichiers communs\MSSoap
[19/07/2004|09:13] C:\Program Files\Fichiers communs\Nullsoft
[18/10/2007|16:56] C:\Program Files\Fichiers communs\PAC207
[19/07/2004|09:13] C:\Program Files\Fichiers communs\Real
[16/07/2004|23:21] C:\Program Files\Fichiers communs\Services
[17/07/2004|00:17] C:\Program Files\Fichiers communs\SpeechEngines
[19/10/2008|04:07] C:\Program Files\Fichiers communs\System
[02/10/2008|19:15] C:\Program Files\Fichiers communs\Windows Live
[13/11/2007|13:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[18/10/2008|23:31] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 39 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 16:12:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 891

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:30][D:14]-> C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp
[F:31][D:0]-> C:\DOCUME~1\MLODIE~1\Cookies
[F:222][D:4]-> C:\DOCUME~1\MLODIE~1\LOCALS~1\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 21/10/2008|15:51 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 21/10/2008|16:14 - Option : [2]

--------------------\\ Fin du rapport a 16:14:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:58, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: adssite - {54364fdf-914b-8006-2fcc-59dd0770d297} - C:\WINDOWS\system32\nsb2DC.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093373904468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 3 / 11
jyg
 
Voici le rapport du scan de Malwarebyte's et celui du Hijackthis à suivre.

Malwarebyte's : 2 éléments trouvés et supprimés.

Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1127
Windows 5.1.2600 Service Pack 3

21/10/2008 18:41:34
mbam-log-2008-10-21 (18-41-26).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 123015
Temps écoulé: 1 hour(s), 23 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:38, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Outils_Jyg\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093373904468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 4 / 11
jyg
 
Comme indiqué, j'ai bien viré les 2 problèmes trouvés par Malwarebyte's et il semble que les problèmes aient disparus.

Merci encore.

Jyg
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
-1
jyg
 
Bonjour,
Tout d'abord, merci de cette prompte réponse, voici le rapport généré par ToolbarSD
-----------\\ ToolBar S&D 1.2.2 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mélodie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081020-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 66 Go Free : 12 Go
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total : 952 Mo Free : 0 Go
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [1] ( 21/10/2008|14:09 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\MLODIE~1\MENUDM~1\PROGRA~1\Adssite Games Collection
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp\nsk28F.tmp

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(M‚lodie) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(M‚lodie) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 21/10/2008|14:11 - Option : [1]

-----------\\ Fin du rapport a 14:11:47,77
0
Réponse 6 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok relance toolbar sd et choisi l'option 2 et colle le rapport

______________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-sect­ion-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
-1
jyg
 
Voici les rapports de ToolbarSD et ensuite de Hijackthis renommé en Eden

Pour info, j'avais déjà Hijackthis sur le pc, je l'ai donc directement renommé, sans le télécharger.

d'autre part, ayant Spybot en résident, j'ai eu deux messages de modification de la base auxquels j'ai répondu en acceptant la modification à la suppression de l'outil ToolbarSD.

-----------\\ ToolBar S&D 1.2.2 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mélodie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081020-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 66 Go Free : 12 Go
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [2] ( 21/10/2008|14:26 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\MLODIE~1\MENUDM~1\PROGRA~1\Adssite Games Collection
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\WINDOWS\system32\adssite-remove.exe
Supprime! - C:\DOCUME~1\MLODIE~1\LOCALS~1\Temp\nsk28F.tmp

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(M‚lodie) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(M‚lodie) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 21/10/2008|14:11 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 21/10/2008|14:28 - Option : [2]

-----------\\ Fin du rapport a 14:28:13,30



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:37, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: adssite - {54364fdf-914b-8006-2fcc-59dd0770d297} - C:\WINDOWS\system32\nsf290.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [CAST SURF BROWSE TOOL] C:\Documents and Settings\All Users\Application Data\Shim Cdrom Cast Surf\Sign Proxy.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LiesMpeg] C:\DOCUME~1\MLODIE~1\APPLIC~1\WAYGLO~1\Team Trust.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093373904468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 7 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
-1
Réponse 8 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok relance lop sd choisi l'option 2 et colle le rapport

puis remets un hijakchits et dis tes soucis
-1
Réponse 9 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\nsb2DC.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________________________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________________________

remets un hijakchits et dis si encore des soucis
-1
Réponse 10 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
il faut virer ce qui a été trouvé par malwarebyte??

encore des problèmes???
-1
Réponse 11 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est boon

garde malwarebyte en complément de spybot et avast

bonne suite
-1

Discussions similaires

ads by images+
Fildyr -
bazfile -

5 réponses
Comment supprimer les pubs "ads not by this site"
syco_juro -
Slym -

20 réponses
comment supprimer sponsored ads dans google?
sissinessa -
Malekal_morte- -

1 réponse
Supprimer ads by conversion+
PerrylSnowfall -
bazfile -

5 réponses
To Be Filled By O.E.M...
xav|865 -
Bus!ll!s -

3 réponses