Malware + redirection

belette2986 -  
 Belette2986 -
Bonjour,

Depuis 2 jours, je suis redirigée sur des sites publicitaires quand j'effectue une recherche sur google. J'ai téléchargé Spywaredoctor, Lavasoft et j'en passe, mais le problème persiste. Merci de m'aider! Je vous envoie mon log de Highjack this. Merci d'avance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:14:05, on 2009-07-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsAuxs.exe
C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsSvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsGui.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: MapQuest Toolbar Search Class - {2731C719-B8C5-4282-993D-B5AD0E77531D} - C:\Program Files\MapQuest Toolbar\mqtb.dll
R3 - URLSearchHook: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: MapQuest Toolbar Loader - {E34F0E11-AB79-487c-9773-36C594DFF5AA} - C:\Program Files\MapQuest Toolbar\mqtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MapQuest Toolbar - {57ABF0DD-577C-4ec6-855C-8DC29768C2B0} - C:\Program Files\MapQuest Toolbar\mqtb.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MapQuest Toolbar Search - C:\Documents and Settings\All Users\Application Data\MapQuest Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
A voir également:

6 réponses

Réponse 1 / 6
Utilisateur anonyme
 
Salut ,


▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.

• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt .
0
belette2986
 
Merci beaucoup de ton aide!!

J'ai fais ce que tu m'as dit et voilà ce que ça donne :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gilles Lacoursiere at 2009-07-04 12:05:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 36 GB (65%) free of 55 GB
Total RAM: 511 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:03, on 2009-07-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsAuxs.exe
C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsSvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsGui.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gilles Lacoursiere\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Gilles Lacoursiere.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: MapQuest Toolbar Search Class - {2731C719-B8C5-4282-993D-B5AD0E77531D} - C:\Program Files\MapQuest Toolbar\mqtb.dll
R3 - URLSearchHook: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: MapQuest Toolbar Loader - {E34F0E11-AB79-487c-9773-36C594DFF5AA} - C:\Program Files\MapQuest Toolbar\mqtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MapQuest Toolbar - {57ABF0DD-577C-4ec6-855C-8DC29768C2B0} - C:\Program Files\MapQuest Toolbar\mqtb.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MapQuest Toolbar Search - C:\Documents and Settings\All Users\Application Data\MapQuest Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Documents and Settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
0
belette2986
 
Suis-je fixée??
0
Réponse 2 / 6
Utilisateur anonyme
 
Telecharge malwarebytes
https://www.malwarebytes.com/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
Réponse 3 / 6
belette2986
 
Allo!

J'ai essayé d'installer malewarebytes, mais malheureusement, celle-ci ne se rend pas plus loin que la fenêtre installation`... Je n'ai donc pas accès au logiciel.

Merci de me dire quoi faire!
0
Réponse 4 / 6
Utilisateur anonyme
 
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
belette2986
 
Salut!

Quelle galère. Je n'ai pas réussi à trouver comment suspendre temporairement AVG, alors j'ai pensé à le désinstaller complètement, mais rien n'y fait! J'ai essayé plusieurs fois, et mon ordi semble refuser catégoriquement de désinstaller le programme.

Suis-je moi qui suis-trop nulle? Car rien ne semble fonctionner malgré les nombreuses heures déjà passées à tenter de résoudre ce problème.

Merci!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Utilisateur anonyme
 
execute combofix ainsi , tant pis
0
belette2986
 
Voici le rapport combofix :

ComboFix 09-07-04.05 - Gilles Lacoursiere 2009-07-05 10:01.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.511.146 [GMT -4:00]
Lancé depuis: c:\documents and settings\Gilles Lacoursiere\Desktop\juillet.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\15c4d.msi
c:\windows\Installer\1ea1f0.msi
c:\windows\Installer\1eccd8ea.msi
c:\windows\Installer\200d7.msi
c:\windows\Installer\200de.msi
c:\windows\Installer\2806d1c.msp
c:\windows\Installer\2806d88.msp
c:\windows\Installer\8093.msi
c:\windows\Installer\c27e.msi
c:\windows\Installer\edd4.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\UACrgssndkwnsryiow.sys
c:\windows\system32\UACabduiurqxdoettw.dll
c:\windows\system32\UACbiqmlxpmsqoxvya.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmlfflrvyldsilan.dll
c:\windows\system32\UACnqlldsowftqsinmph.log
c:\windows\system32\UACrmnaiqakypjbfhd.dll
c:\windows\system32\UACyibeovrkhmkhbol.dat
M:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-06-05 au 2009-07-05 ))))))))))))))))))))))))))))))))))))
.

2009-07-05 13:58 . 2009-07-05 13:58 -------- d-sh--w- C:\FOUND.002
2009-07-05 07:08 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-04 16:41 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 16:26 . 2009-07-04 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 16:05 . 2009-07-04 16:05 -------- d-----w- C:\rsit
2009-07-04 11:40 . 2009-06-30 19:00 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-04 11:40 . 2009-06-30 19:00 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-04 11:40 . 2009-06-30 19:00 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-04 11:40 . 2009-06-30 19:00 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-04 11:40 . 2009-06-30 19:00 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-04 11:40 . 2009-06-30 19:00 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-04 09:15 . 2009-07-04 09:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-04 01:04 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-04 01:04 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-04 01:04 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-04 01:04 . 2009-07-04 01:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-04 01:04 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-04 01:04 . 2009-07-04 01:04 -------- d-----w- c:\documents and settings\Gilles Lacoursiere\Application Data\PC Tools
2009-07-04 01:04 . 2009-07-04 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-07-04 01:02 . 2009-07-04 01:02 256 ----a-w- c:\documents and settings\Gilles Lacoursiere\pool.bin
2009-07-02 00:10 . 2009-07-02 00:10 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-02 00:10 . 2009-07-02 00:10 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-02 00:10 . 2009-07-02 00:10 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-02 00:10 . 2009-06-30 19:00 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-07-02 00:10 . 2009-06-30 19:00 352024 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-02 00:10 . 2009-07-02 00:10 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-01 09:08 . 2009-07-01 00:30 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-01 00:31 . 2009-07-01 00:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-01 00:29 . 2009-07-01 00:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-01 00:29 . 2009-01-18 21:43 2892112 ----a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-01 00:29 . 2009-07-01 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-30 20:24 . 2009-06-30 20:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-30 20:24 . 2009-06-30 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-30 20:02 . 2009-06-30 20:02 -------- d-----w- c:\program files\Trend Micro
2009-06-30 19:03 . 2009-06-30 19:03 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-30 19:00 . 2009-06-30 19:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 19:00 . 2009-06-30 19:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-30 19:00 . 2009-07-04 11:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 19:00 . 2009-07-02 00:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-30 19:00 . 2009-06-30 19:00 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-30 19:00 . 2009-06-30 19:00 -------- d-----w- c:\program files\AVG
2009-06-30 19:00 . 2009-06-30 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-25 15:47 . 2009-06-25 15:47 -------- d-----w- c:\documents and settings\Gilles Lacoursiere\Application Data\Blackberry Desktop
2009-06-25 15:37 . 2009-06-25 15:37 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-25 15:37 . 2009-06-25 15:37 -------- d-----w- c:\program files\Roxio
2009-06-25 15:30 . 2009-06-25 15:30 69632 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\DesktopMgr.exe
2009-06-25 15:30 . 2009-06-25 15:30 6502 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-06-25 15:30 . 2009-06-25 15:30 6502 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-06-25 15:30 . 2009-06-25 15:30 6502 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:29 . 2009-06-25 15:29 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-25 15:29 . 2009-06-25 15:29 -------- d-----w- c:\program files\Research In Motion
2009-06-18 02:18 . 2009-06-18 02:18 -------- d-----w- c:\program files\iPod
2009-06-18 02:18 . 2009-06-18 02:18 -------- d-----w- c:\program files\iTunes
2009-06-18 02:13 . 2009-06-18 02:13 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 20:33 . 2009-06-06 20:33 -------- d-----w- c:\program files\DIFX
2009-06-06 20:33 . 2009-06-06 20:33 -------- d-----w- c:\program files\Garmin

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 13:35 . 2008-12-21 17:30 256 ----a-w- c:\windows\system32\pool.bin
2009-07-04 09:14 . 2003-03-19 00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-04 09:14 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-04 00:27 . 2009-07-04 00:27 98304 ------w- c:\program files\Spyware Doctor
2009-06-30 18:31 . 2009-06-30 18:30 0 ----a-w- c:\documents and settings\Gilles Lacoursiere\Application Data\~ygw.tmp
2009-06-25 15:44 . 2004-02-19 13:56 81704 ----a-w- c:\documents and settings\Gilles Lacoursiere\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 15:42 . 2009-03-14 11:45 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-02-27 16:15 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-09 05:14 . 2009-05-09 05:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 05:14 . 2009-05-09 05:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 1980-01-01 04:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-02-06 22:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 1980-01-01 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-04-16 10:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-09-07 20:09 . 2008-09-07 20:18 2402832 ----a-w- c:\program files\WLinstaller.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E34F0E11-AB79-487c-9773-36C594DFF5AA}]
2008-03-18 21:35 1267040 ----a-w- c:\program files\MapQuest Toolbar\mqtb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 368640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2001-07-19 401493]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2009-03-23 146432]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-03 2832280]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]
"LXDJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 102400]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-08-01 815104]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"ISTray"="c:\documents and settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-04 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Gilles Lacoursiere\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-6-14 1512720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 19:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=c:\windows\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=c:\windows\pss\Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\System32\\lxdjcoms.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\LXDJAMON.EXE"=
"c:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"c:\\WINDOWS\\System32\\lxdjcfg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDJwbgw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjPSWX.EXE"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjjswx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDJTIME.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 DiskFilt;DiskFilt;c:\windows\system32\drivers\DISKFILT.SYS [2003-09-19 4341]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-06-30 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-07-03 130936]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2004-02-15 17792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-30 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-30 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-06-30 298776]
R2 sdAuxService;PC Tools Auxiliary Service;c:\documents and settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsAuxs.exe [2009-07-03 348752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 EraserUtilDrv10620;EraserUtilDrv10620; [x]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1029456]
S3 musbehco;musbehco; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-04 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 20:43]

2009-07-05 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 20:43]

2009-07-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:30]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &MapQuest Toolbar Search - c:\documents and settings\All Users\Application Data\MapQuest Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: decclic.qc.ca
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Gilles Lacoursiere\Application Data\Mozilla\Firefox\Profiles\6qupkl43.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Gilles Lacoursiere\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
.
------- Associations de fichier -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 10:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\AMUST\Registry Cleaner\pos*whor_xpos**]
"wX"=dword:01c6b1be
"whY"=dword:218a4450

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-07-05 10:10
ComboFix-quarantined-files.txt 2009-07-05 14:10
ComboFix2.txt 2008-11-15 17:32

Avant-CF: 38 198 935 552 bytes free
Après-CF: 38 206 242 816 bytes free

289 --- E O F --- 2009-07-05 13:26
0
belette2986
 
Allo!!

Ma machine est-elle fixée?? Merci de ton aide!
0
Réponse 6 / 6
Utilisateur anonyme
 
re , le rootkit a été supprimé ... donc ça devrait aller mieux chez toi


néanmoins il reste du nettoyage a faire


Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.


* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Tuto : https://sites.google.com/site/toolbarsd/aideenimages
0
Belette2986
 
Salut!

Voici le rapport Toolbar-S&D


-----------\\ ToolBar S&D 1.2.8 XP/Vista


"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 2009-07-12| 9:09 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.ca/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 2009-07-12| 9:12 - Option : [1]

-----------\\ Fin du rapport a 9:12:25,23
0
Belette2986
 
Et puis? Suis-je fixée?
0
Belette2986
 
Et puis... Est-ce que mon ordi est réparé?
0

Discussions similaires

supprimer tor.jack android
sabinelouisonbruno -
akaloupile -

4 réponses
Tor.Jack.Malware
Camille -
bazfile -

1 réponse
GOOGLE avertissement de redirection
RebeccaLyli -
MPMP10 -

9 réponses
Win64 malware gen
jules555 -
bazfile -

1 réponse
je n'arrive pas a supprimer un virus sur mon téléphone
nath340 -
christou -

26 réponses