Se connecter avec
S'enregistrer | Connectez-vous

Virus ads...

Dernière réponse : dans Sécurité

Bonjour,

Sur mon ordinateur, j'ai souvent (de nombreuses fois par jour) une pop-up qui s'affiche. Cela semble être un virus. :( 
Le nom de la pop-up qui s'affiche est "ads served by adssite" ou "ads served on rightonads", et d'autres nom de ce type là...
Je n'arrive pas à les supprimer, j'ai scanné mon ordinateur avec mon antivirus (Avast) et je l'ai également scanné avec un Anti-espion (Yahoo! Anti-Spy), mais rien n'y fait !

Est-ce qu'il y aurait quelqu'un de gentil pour me dire que faire ? :ange: 

Merci.

Autres pages sur : virus ads

Lassé par la pub ? Créez un compte

Voici l'analyse de mon scan HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:07, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Victor\Local Settings\Temporary Internet Files\Content.IE5\S5E7CXMZ\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\Adssite_sidebar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nst6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 5788 bytes

Voici le rapport de Conbofix :

ComboFix 07-12-07.3 - Victor 2007-12-07 18:46:48.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.56 [GMT 1:00]
Running from: C:\Documents and Settings\Victor\Local Settings\Temporary Internet Files\Content.IE5\A56FGTY3\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nst6.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))))))))
.

2007-12-03 16:51 . 2007-12-03 16:51 59,221 --a------ C:\WINDOWS\system32\Adssite_sidebar_uninstall.exe
2007-12-03 13:34 . 2007-12-03 13:34 282,624 --a------ C:\WINDOWS\system32\Adssite_sidebar.dll
2007-11-28 14:32 . 2007-11-28 14:32 <REP> d-------- C:\Documents and Settings\Parents\Incomplete
2007-11-28 14:29 . 2007-11-28 14:50 <REP> d-------- C:\Documents and Settings\Parents\Application Data\LimeWire
2007-11-28 14:29 . 2006-06-02 20:32 33,792 -----c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-28 14:07 . 2007-11-28 14:07 <REP> d-------- C:\Documents and Settings\Parents\Application Data\Apple Computer
2007-11-27 22:14 . 2007-11-27 22:14 268 --ah----- C:\sqmdata06.sqm
2007-11-27 22:14 . 2007-11-27 22:14 244 --ah----- C:\sqmnoopt06.sqm
2007-11-27 17:23 . 2007-11-27 17:24 <REP> d-------- C:\Documents and Settings\Victor\Application Data\VoipBuster
2007-11-27 17:21 . 2007-11-27 17:29 <REP> d-------- C:\Program Files\VoipBuster
2007-11-27 16:48 . 2007-11-27 16:48 268 --ah----- C:\sqmdata05.sqm
2007-11-27 16:48 . 2007-11-27 16:48 244 --ah----- C:\sqmnoopt05.sqm
2007-11-26 13:45 . 2007-11-26 13:45 268 --ah----- C:\sqmdata04.sqm
2007-11-26 13:45 . 2007-11-26 13:45 244 --ah----- C:\sqmnoopt04.sqm
2007-11-20 09:44 . 2007-12-07 18:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-20 09:44 . 2007-11-20 09:44 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-20 09:43 . 2007-11-20 09:43 <REP> d-------- C:\Program Files\iTunes
2007-11-20 09:43 . 2007-11-20 09:43 <REP> d-------- C:\Program Files\iPod
2007-11-20 09:41 . 2007-11-20 09:42 <REP> d-------- C:\Program Files\QuickTime
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-11 15:01 . 2007-11-11 15:02 <REP> d-------- C:\Program Files\CDex
2007-11-10 19:41 . 2007-11-10 19:41 268 --ah----- C:\sqmdata03.sqm
2007-11-10 19:41 . 2007-11-10 19:41 244 --ah----- C:\sqmnoopt03.sqm
2007-11-09 21:04 . 2007-11-09 21:04 268 --ah----- C:\sqmdata02.sqm
2007-11-09 21:04 . 2007-11-09 21:04 244 --ah----- C:\sqmnoopt02.sqm
2007-11-07 11:33 . 2007-12-04 17:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 12:18 --------- d-----w C:\Program Files\Avast
2007-12-04 18:49 --------- d-----w C:\Documents and Settings\Victor\Application Data\LimeWire
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 21:49 --------- d-----w C:\Program Files\CamStudio
2007-11-29 17:46 938 ----a-w C:\Documents and Settings\Victor\Application Data\wklnhst.dat
2007-11-28 13:30 --------- d-----w C:\Program Files\LimeWire
2007-11-27 16:26 --------- d-----w C:\Program Files\NetAppel
2007-10-31 13:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-30 14:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-30 11:05 --------- d-----w C:\Program Files\EdenSoftware
2007-10-28 21:17 3,382 ----a-w C:\Documents and Settings\Parents\Application Data\wklnhst.dat
2007-10-28 12:46 --------- d-----w C:\Program Files\CodeStuff
2007-10-26 21:41 --------- d-----w C:\Program Files\STK014
2007-10-23 20:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 20:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 20:03 --------- d-----w C:\Program Files\Epson
2007-10-18 13:38 --------- d-----w C:\Documents and Settings\Victor\Application Data\Adssite Advanced Toolbar
2007-10-18 12:56 --------- d-----w C:\Documents and Settings\Victor\Application Data\DAEMON Tools Pro
2007-10-18 12:44 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-17 11:26 --------- d-----w C:\Program Files\Rockstar Games
2007-10-15 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-12 09:12 --------- d-----w C:\Program Files\Apple Software Update
2007-10-10 20:15 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-10 17:48 --------- d-----w C:\Program Files\iCoverArt
2007-10-10 17:40 --------- d-----w C:\Program Files\iArt
2007-10-10 17:38 --------- d-----w C:\Program Files\MSBuild
2007-10-10 17:34 --------- d-----w C:\Program Files\iGnuteel
2007-10-10 17:24 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-10 16:45 --------- d-----w C:\Program Files\Super
2007-10-09 17:59 --------- d-----w C:\Program Files\TuneSleeve
2007-10-09 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\eSellerate
2007-10-08 12:15 --------- d-----w C:\Program Files\Fichiers communs\eSellerate
2007-10-07 18:32 --------- d-----w C:\Program Files\Videora
2007-10-07 18:08 --------- d-----w C:\Program Files\AviSynth 2.5
2007-07-27 21:18 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-03 13:34 282624 --a------ C:\WINDOWS\system32\Adssite_sidebar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"postSetupCheck"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-19 15:10]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2007-12-04 14:00 79224 --a------ C:\PROGRA~1\Avast\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Install5G]
E:\Install.exe 0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 --a------ C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 DCamUSBSTK014;STK014 Camera;C:\WINDOWS\system32\DRIVERS\STK014W2.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-07 09:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 18:56:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 18:58:49 - machine was rebooted
.
--- E O F ---




Et voilà le nouveau scan HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:30, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Victor\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\Adssite_sidebar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 5510 bytes

Re


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\Adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\Adssite_sidebar.dll
C:\Documents and Settings\Victor\Application Data\Adssite Advanced Toolbar
C:\WINDOWS\system32\gzmrt.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"postSetupCheck"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Voici le le rapport de ComboFix :



ComboFix 07-12-08.1 - Victor 2007-12-08 12:01:44.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.44 [GMT 1:00]
Running from: C:\Documents and Settings\Victor\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Victor\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Victor\Application Data\Adssite Advanced Toolbar
C:\WINDOWS\system32\Adssite_sidebar.dll
C:\WINDOWS\system32\Adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\gzmrt.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Adssite_sidebar.dll
C:\WINDOWS\system32\Adssite_sidebar_uninstall.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
.

2007-11-28 14:32 . 2007-11-28 14:32 <REP> d-------- C:\Documents and Settings\Parents\Incomplete
2007-11-28 14:29 . 2007-11-28 14:50 <REP> d-------- C:\Documents and Settings\Parents\Application Data\LimeWire
2007-11-28 14:29 . 2006-06-02 20:32 33,792 -----c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-28 14:07 . 2007-11-28 14:07 <REP> d-------- C:\Documents and Settings\Parents\Application Data\Apple Computer
2007-11-27 22:14 . 2007-11-27 22:14 268 --ah----- C:\sqmdata06.sqm
2007-11-27 22:14 . 2007-11-27 22:14 244 --ah----- C:\sqmnoopt06.sqm
2007-11-27 17:23 . 2007-11-27 17:24 <REP> d-------- C:\Documents and Settings\Victor\Application Data\VoipBuster
2007-11-27 17:21 . 2007-11-27 17:29 <REP> d-------- C:\Program Files\VoipBuster
2007-11-27 16:48 . 2007-11-27 16:48 268 --ah----- C:\sqmdata05.sqm
2007-11-27 16:48 . 2007-11-27 16:48 244 --ah----- C:\sqmnoopt05.sqm
2007-11-26 13:45 . 2007-11-26 13:45 268 --ah----- C:\sqmdata04.sqm
2007-11-26 13:45 . 2007-11-26 13:45 244 --ah----- C:\sqmnoopt04.sqm
2007-11-20 09:44 . 2007-12-08 11:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-20 09:44 . 2007-11-20 09:44 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-20 09:43 . 2007-11-20 09:43 <REP> d-------- C:\Program Files\iTunes
2007-11-20 09:43 . 2007-11-20 09:43 <REP> d-------- C:\Program Files\iPod
2007-11-20 09:41 . 2007-11-20 09:42 <REP> d-------- C:\Program Files\QuickTime
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-11 15:01 . 2007-11-11 15:02 <REP> d-------- C:\Program Files\CDex
2007-11-10 19:41 . 2007-11-10 19:41 268 --ah----- C:\sqmdata03.sqm
2007-11-10 19:41 . 2007-11-10 19:41 244 --ah----- C:\sqmnoopt03.sqm
2007-11-09 21:04 . 2007-11-09 21:04 268 --ah----- C:\sqmdata02.sqm
2007-11-09 21:04 . 2007-11-09 21:04 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 12:18 --------- d-----w C:\Program Files\Avast
2007-12-04 18:49 --------- d-----w C:\Documents and Settings\Victor\Application Data\LimeWire
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 21:49 --------- d-----w C:\Program Files\CamStudio
2007-11-29 17:46 938 ----a-w C:\Documents and Settings\Victor\Application Data\wklnhst.dat
2007-11-28 13:30 --------- d-----w C:\Program Files\LimeWire
2007-11-27 16:26 --------- d-----w C:\Program Files\NetAppel
2007-10-31 13:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-30 14:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-30 11:05 --------- d-----w C:\Program Files\EdenSoftware
2007-10-28 21:17 3,382 ----a-w C:\Documents and Settings\Parents\Application Data\wklnhst.dat
2007-10-28 12:46 --------- d-----w C:\Program Files\CodeStuff
2007-10-26 21:41 --------- d-----w C:\Program Files\STK014
2007-10-23 20:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 20:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 20:03 --------- d-----w C:\Program Files\Epson
2007-10-18 13:38 --------- d-----w C:\Documents and Settings\Victor\Application Data\Adssite Advanced Toolbar
2007-10-18 12:56 --------- d-----w C:\Documents and Settings\Victor\Application Data\DAEMON Tools Pro
2007-10-18 12:44 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-17 11:26 --------- d-----w C:\Program Files\Rockstar Games
2007-10-15 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-12 09:12 --------- d-----w C:\Program Files\Apple Software Update
2007-10-10 20:15 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-10 17:48 --------- d-----w C:\Program Files\iCoverArt
2007-10-10 17:40 --------- d-----w C:\Program Files\iArt
2007-10-10 17:38 --------- d-----w C:\Program Files\MSBuild
2007-10-10 17:34 --------- d-----w C:\Program Files\iGnuteel
2007-10-10 17:24 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-10 16:45 --------- d-----w C:\Program Files\Super
2007-10-09 17:59 --------- d-----w C:\Program Files\TuneSleeve
2007-10-09 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\eSellerate
2007-10-08 12:15 --------- d-----w C:\Program Files\Fichiers communs\eSellerate
2007-07-27 21:18 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-07_18.57.44.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 02:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 02:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 11:07:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_578.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2007-12-04 14:00 79224 --a------ C:\PROGRA~1\Avast\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Install5G]
E:\Install.exe 0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 --a------ C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 DCamUSBSTK014;STK014 Camera;C:\WINDOWS\system32\DRIVERS\STK014W2.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-07 09:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Victor\LOCALS~1\Temp\epgulmljUR.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 12:08:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-08 12:11:42 - machine was rebooted
.
--- E O F ---

Re

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\Documents and Settings\Victor\Application Data\Adssite Advanced Toolbar

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Tom's guide dans le monde