S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
607 utilisateurs connectés
Forum de 01net / Sécurité / Comment me debarrasser de ce rx toolbar? (RESOLU)
page précédente  1 - 2
ou aller à la page
 page suivante

Comment me debarrasser de ce rx toolbar? (RESOLU)

dédétraqué le 05 juillet 2009 à 19h45
Salut vous deux :hello:


Faire comme ceci :

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}]



@++ :)
répondre
bzhatao le 05 juillet 2009 à 19h59
:hello: dédétraqué

Merci pour le coup de pouce...

:super: a+
répondre
Flavour le 05 juillet 2009 à 20h17
Oups j'avais pas vu ton message, dedetraque!! Je recommence avec ce que tu as ecrit! Merci! Je poste le rapport juste apres!
répondre
Flavour le 07 juillet 2009 à 12h52
:hello: bzhatao et dedetraque!

Desole d'avoir ete si long, ca fait deux jours que j'ai un probleme de connection le soir, encore un autre probleme... Bref! Voila le rapport de ComboFix (fait avec ce qu'a ecrit dedetraque) et je vous poste aussi le rapport de Malwarebytes:

- Rapport de Combofix:

ComboFix 09-07-06.02 - Laura 07/07/2009 10:53.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.510.325 [GMT 1:00]
Running from: c:\documents and settings\Laura\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laura\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 3
The syntax of the command is incorrect.

PEV Error: DesktopFile
PEV Error: DesktopFolder
PEV Error: FavFile
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile
PEV Error: MenuFile
PEV Error: MenuFolder
PEV Error: PersonalFile
PEV Error: StartUpFile

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-07 08:38 . 2009-07-07 08:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-05 16:45 . 2009-07-07 08:36 -------- d-----w- C:\FindyKill
2009-07-04 18:32 . 2009-07-04 18:32 -------- d-----w- C:\VundoFix Backups
2009-07-03 18:13 . 2009-07-03 18:13 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-07-03 18:10 . 2009-07-03 18:11 -------- d-----w- c:\windows\ERUNT
2009-07-01 16:51 . 2009-07-01 16:53 -------- d-----w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Temp
2009-06-29 19:09 . 2009-06-29 19:09 -------- d-----w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\AVG Security Toolbar
2009-06-28 16:05 . 2009-06-28 16:06 -------- d-----w- c:\program files\trend micro
2009-06-28 16:05 . 2009-06-28 16:06 -------- d-----w- C:\rsit
2009-06-27 14:25 . 2009-06-27 14:25 -------- d-----w- c:\program files\Enigma Software Group
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-26 18:19 . 2009-06-26 18:19 -------- d-----w- c:\program files\Free Audio Pack
2009-06-26 18:19 . 2008-09-24 20:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-26 18:19 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-24 09:45 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-24 08:47 . 2009-06-24 08:47 -------- d-----w- c:\documents and settings\Laura\Local Settings\Application Data\AVG Security Toolbar
2009-06-24 07:33 . 2009-06-24 07:32 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-24 07:32 . 2009-06-24 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 07:32 . 2009-06-24 07:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-22 09:14 . 2009-06-22 09:14 -------- d-----w- c:\documents and settings\Laura\Application Data\Simply Super Software
2009-06-20 11:13 . 2009-06-20 11:13 -------- d-----w- c:\documents and settings\Simon\PrivacIE
2009-06-20 11:06 . 2009-06-20 11:06 -------- d-----w- c:\documents and settings\Simon\IETldCache
2009-06-19 20:24 . 2009-06-19 20:24 -------- d-sh--w- c:\documents and settings\Laura\IECompatCache
2009-06-19 20:23 . 2009-06-19 20:23 -------- d-sh--w- c:\documents and settings\Laura\PrivacIE
2009-06-19 20:05 . 2009-06-19 20:05 -------- d-sh--w- c:\documents and settings\Laura\IETldCache
2009-06-19 19:26 . 2009-06-19 19:26 -------- d-sh--w- c:\documents and settings\Maureen Hedderman\PrivacIE
2009-06-19 19:24 . 2009-06-19 19:24 -------- d-sh--w- c:\documents and settings\Maureen Hedderman\IETldCache
2009-06-19 18:18 . 2009-06-19 18:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-19 18:10 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 18:10 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\windows\ie8updates
2009-06-19 18:08 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 18:03 . 2009-06-22 09:15 -------- dc-h--w- c:\windows\ie8
2009-06-19 09:04 . 2009-06-13 19:00 3015544 ----a-w- c:\documents and settings\Laura\Application Data\Simply Super Software\Trojan Remover\mka29.exe
2009-06-18 20:37 . 2009-06-18 20:37 -------- d-----w- c:\documents and settings\Laura\Application Data\Malwarebytes
2009-06-18 20:37 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 20:37 . 2009-06-22 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 20:37 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 19:26 . 2009-06-18 19:26 -------- d-----w- c:\program files\Glary Utilities
2009-06-17 17:31 . 2009-06-17 17:31 -------- d-----w- c:\program files\On Hand Software
2009-06-15 17:13 . 2009-06-17 17:31 -------- d-----w- c:\documents and settings\Louise\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 22:55 . 2009-06-03 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-01 11:58 . 2008-12-23 09:31 -------- d-----w- c:\documents and settings\Laura\Application Data\skypePM
2009-07-01 11:58 . 2008-12-23 09:27 -------- d-----w- c:\documents and settings\Laura\Application Data\Skype
2009-07-01 11:20 . 2007-09-05 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-27 16:31 . 2006-11-05 19:27 -------- d-----w- c:\program files\Family Tree Maker 2005
2009-06-27 16:31 . 2006-12-01 20:37 -------- d-----w- c:\program files\DivX
2009-06-24 07:32 . 2009-04-24 11:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 07:32 . 2009-04-24 11:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 07:32 . 2009-04-24 11:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 09:14 . 2006-02-13 18:14 -------- d-----w- c:\documents and settings\Laura\Application Data\Apple Computer
2009-06-19 09:05 . 2009-04-18 09:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 22:42 . 2007-03-26 20:48 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-17 17:08 . 2006-11-12 21:42 -------- d-----w- c:\program files\QuickTime
2009-06-15 16:28 . 2006-09-16 13:36 -------- d-----w- c:\documents and settings\Louise\Application Data\PC Suite
2009-06-15 15:45 . 2007-02-16 22:02 57496 ----a-w- c:\documents and settings\Louise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 17:20 . 2009-06-05 17:20 -------- d-----w- c:\program files\AxBx
2009-06-04 08:29 . 2009-06-03 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-04 08:20 . 2009-06-04 08:20 -------- d-----w- c:\documents and settings\Laura\Application Data\TrojanHunter
2009-06-03 20:44 . 2005-10-29 19:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 20:40 . 2009-06-03 20:22 -------- d-----w- c:\program files\Lavasoft
2009-06-03 20:40 . 2009-06-03 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-03 09:08 . 2009-06-03 09:08 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-03 09:08 . 2009-06-03 09:08 -------- d-----w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll
2009-05-21 11:12 . 2009-05-21 11:12 -------- d-----w- c:\program files\CCleaner
2009-05-19 16:53 . 2009-05-19 15:04 -------- d-----w- c:\documents and settings\Laura\Application Data\SUPERAntiSpyware.com
2009-05-19 16:52 . 2009-05-19 15:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-19 15:05 . 2009-05-19 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-14 11:20 . 2009-04-26 12:36 -------- d-----w- c:\documents and settings\Simon\Application Data\AVGTOOLBAR
2009-05-13 05:15 . 2004-08-04 05:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 22:07 . 2006-12-27 18:43 -------- d-----w- c:\program files\LimeWire
2009-05-10 22:05 . 2009-04-15 17:04 -------- d-----w- c:\documents and settings\Laura\Application Data\LimeWire
2009-05-10 16:05 . 2009-04-28 11:04 -------- d-----w- c:\documents and settings\Laura\Application Data\dvdcss
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 13:57 . 2009-04-24 11:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-28 19:04 . 2005-12-12 16:26 57496 ----a-w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 18:08 . 2009-04-22 14:16 15530016 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-04-26 12:40 . 2005-11-25 21:38 57496 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 17:24 . 2009-04-23 17:24 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-23 17:24 . 2009-04-23 17:24 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-23 17:24 . 2009-04-23 17:24 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-23 17:23 . 2009-04-23 17:25 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-23 13:45 . 2007-04-01 17:35 57496 ----a-w- c:\documents and settings\Laura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 16:29 . 2009-04-18 16:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-18 16:28 . 2009-04-18 12:48 152576 ----a-w- c:\documents and settings\Laura\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-18 12:47 . 2009-04-18 12:47 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-18 12:47 . 2009-04-18 12:47 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-18 12:47 . 2009-04-18 12:47 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-18 12:44 . 2009-04-18 12:50 33642704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng.exe
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-02-27 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 07:32 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Corel Photo Downloader"=c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [24/04/2009 12:41 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [24/04/2009 12:41 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/04/2009 12:40 298776]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [08/04/2009 10:29 55152]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [02/03/2006 17:18 515803]
S2 gupdate1c9a8837b0e06ce;Google Update Service (gupdate1c9a8837b0e06ce);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 12:11 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\NtpaSp50.sys [15/09/2006 13:36 17536]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [02/03/2006 17:18 10986]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-18 10:39]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 11:10]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 11:10]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:10]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:10]
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/ie/enu/gen/default.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Laura\Application Data\Mozilla\Firefox\Profiles\zhp5aqeh.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-t(...)
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 11:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName]
@DACL=(02 0000)
@="sfcont.bin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID]
@DACL=(02 0000)
@="RXResult.RXResultFilter.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID]
@DACL=(02 0000)
@="RXResult.RXResultFilter"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\TypeLib]
@DACL=(02 0000)
@="{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1084)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\conime.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-07 11:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 10:16
ComboFix2.txt 2009-07-05 18:51
ComboFix3.txt 2009-07-05 18:06
ComboFix4.txt 2009-07-05 15:15

Pre-Run: 106,371,788,800 bytes free
Post-Run: 106,362,236,928 bytes free

338 --- E O F --- 2009-06-19 18:11


- Rapport de Malwarebytes

Malwarebytes' Anti-Malware 1.38
Database version: 2384
Windows 5.1.2600 Service Pack 3

07/07/2009 11:34:14
mbam-log-2009-07-07 (11-34-14).txt

Scan type: Quick Scan
Objects scanned: 126910
Time elapsed: 11 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Hum hum... je pense que ce rx toolbar est insupprimable! :pleure: Y a-t-il encore une autre solution?
-->Message édité par Flavour le 07/07/2009 12:54:27<--
répondre
bzhatao le 07 juillet 2009 à 19h42
:hello: Flavour...

Reprends OTM (old timer) ...
Tu l'as utilisé plus haut...

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe





:commands
[purity]
[emptytemp]
[start explorer]


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

a+


-->Message édité par bzhatao le 07/07/2009 19:45:16<--
répondre
Flavour le 07 juillet 2009 à 20h39
:hello: bzhatao!

Cette fois OTM a bien fonctionne! Voici donc le rapport!

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll unregistered successfully.
c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll moved successfully.
c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Billy

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4538794 bytes

User: Laura
->Temp folder emptied: 1612 bytes
->Temporary Internet Files folder emptied: 4485268 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 125441677 bytes
->Google Chrome cache emptied: 1373992 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 251698 bytes

User: Louise
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 598973 bytes
->FireFox cache emptied: 3307092 bytes

User: Maureen Hedderman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 7617554 bytes
->FireFox cache emptied: 6107445 bytes
->Google Chrome cache emptied: 675874 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner

User: Simon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 499983 bytes
->Java cache emptied: 10572781 bytes
->FireFox cache emptied: 66065901 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 14508561 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 234.82 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07072009_192520

Files moved on Reboot...

Registry entries deleted on Reboot...


Je suppose que maintenant je dois refaire une analyse avec Malwarebytes? Si c'est le cas je te la posterai surement demain car la je dois partir! Desole!

a+
répondre
bzhatao le 07 juillet 2009 à 20h50
Je suppose que maintenant je dois refaire une analyse avec Malwarebytes? Si c'est le cas je te la posterai surement demain car la je dois partir! Desole!


OUI tout à fait...

==> Sympa de s'adresser à des gens réactifs comme toi !!!

a+
répondre
Flavour le 08 juillet 2009 à 18h57
:hello: bzhatao

Voici le rapport de Malwarebytes:

Malwarebytes' Anti-Malware 1.38
Database version: 2384
Windows 5.1.2600 Service Pack 3

08/07/2009 17:45:37
mbam-log-2009-07-08 (17-45-37).txt

Scan type: Quick Scan
Objects scanned: 127069
Time elapsed: 15 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


J'ai aussi essaye a-squared free, il m'a trouve aussi une infection rx toolbar sur la meme cle, mais il n'a pas reussi a la supprimer.

-->Message édité par Flavour le 08/07/2009 20:34:57<--
répondre
bzhatao le 08 juillet 2009 à 20h06
:hello: flavour

Télécharge FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 "
(recherche) et tape sur [entrée]

? Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

a+
répondre
Flavour le 08 juillet 2009 à 20h37
Voici le rapport de FindyKill, bzhatao:


############################## | FindyKill V6.004 |

# User : Laura (Users) # DCZZ1J1J
# Update on 08/07/09 by Chiquitine29 & C_XX
# Start at: 19:31:04 | 08/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 146.22 Go (104.02 Go free) # NTFS
# D:\ # CD-ROM Disc
# E:\ # Removable Disk # 967.22 Mo (170.84 Mo free) [CL・FLAVIEN] # FAT
# F:\ # Removable Disk
# G:\ # Local Fixed Disk # 186.26 Go (27.68 Go free) [FLAVIEN] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"=""
HKCU_Main: "Start Page Redirect Cache"="http://ie.msn.com/?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:fe,db,55,0f,3a,f7,c9,01
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="en-ie"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Laura"
HKLM_logon: "AltDefaultUserName"="Laura"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe"
HKLM_Run: IntelMeM=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
HKLM_Run: UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: PaperPort PTD=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
HKLM_Run: IndexSearch=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
HKLM_Run: SetDefPrt=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
HKLM_Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: igfxpers=C:\WINDOWS\system32\igfxpers.exe
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: BigDog303=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: UserFaultCheck=%systemroot%\system32\dumprep 0 -u
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: UnlockerAssistant="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Creative Detector=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\Laura\Temporary Internet Files |


################## | All Drives ... |


################## | Registre # Cl駸 Run infectieuses |


################## | Registre # Mountpoints2 |


################## | Etat / Services / Informations |

# Affichage des fichiers cach駸 : OK

# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.004 ! |
répondre
bzhatao le 08 juillet 2009 à 20h58
Re....

aurais-tu une idée Dédétraqué?

a+
répondre
dédétraqué le 08 juillet 2009 à 23h22
Salut Flavour


Double-clique sur OTM.exe sur le bureau

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

:processes
explorer.exe

:reg
[-HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]


- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.


@++ :)
répondre
Flavour le 09 juillet 2009 à 13h35
:hello: dedetraque et bzhatao,

Cette fois OTM a fonctionne mais il n'a pas ete capable de supprimer la cle HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}...

Voici le rapport:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry delete failed. HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Billy

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Laura
->Temp folder emptied: 150281 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32556789 bytes
->Google Chrome cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Louise
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Maureen Hedderman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

User: Simon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.25 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07092009_122152


Decidement, je ne sais vraiment pas si on y arrivera un jour! Bon, je refais une analyse avec Malwarebytes meme si je connais deja le resultat...
répondre
bzhatao le 09 juillet 2009 à 14h09
:hello: vous deux...

Pour dédé:

==> Combofix :

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName]
@DACL=(02 0000)
@="sfcont.bin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID]
@DACL=(02 0000)
@="RXResult.RXResultFilter.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID]
@DACL=(02 0000)
@="RXResult.RXResultFilter"


a+
répondre
dédétraqué le 10 juillet 2009 à 00h07
Salut vous deux


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :

KillAll::

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\Programmable]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\TypeLib]


- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

< inclued picture >

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


@++ :)
répondre
Flavour le 10 juillet 2009 à 01h20
Hi bzhatao et dedetraque!

Je vous poste le rapport de ComboFIx:


ComboFix 09-07-09.04 - Laura 09/07/2009 23:18.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.510.157 [GMT 1:00]
Running from: c:\documents and settings\Laura\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laura\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 3
The syntax of the command is incorrect.

PEV Error: DesktopFile
PEV Error: DesktopFolder
PEV Error: FavFile
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile
PEV Error: MenuFile
PEV Error: MenuFolder
PEV Error: PersonalFile
PEV Error: StartUpFile

((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-08 13:56 . 2009-07-09 11:58 -------- d-----w- c:\program files\a-squared Free
2009-07-07 18:25 . 2009-07-07 18:25 -------- d-----w- C:\_OTM
2009-07-07 13:06 . 2009-07-07 13:06 -------- d-----w- c:\program files\Unlocker
2009-07-07 08:38 . 2009-07-07 08:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-04 18:32 . 2009-07-04 18:32 -------- d-----w- C:\VundoFix Backups
2009-07-03 18:13 . 2009-07-03 18:13 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-07-03 18:10 . 2009-07-03 18:11 -------- d-----w- c:\windows\ERUNT
2009-07-01 16:51 . 2009-07-01 16:53 -------- d-----w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Temp
2009-06-29 19:09 . 2009-06-29 19:09 -------- d-----w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\AVG Security Toolbar
2009-06-28 16:05 . 2009-06-28 16:06 -------- d-----w- c:\program files\trend micro
2009-06-28 16:05 . 2009-06-28 16:06 -------- d-----w- C:\rsit
2009-06-27 14:25 . 2009-06-27 14:25 -------- d-----w- c:\program files\Enigma Software Group
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-26 18:19 . 2009-06-26 18:19 -------- d-----w- c:\program files\Free Audio Pack
2009-06-26 18:19 . 2008-09-24 20:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-26 18:19 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-24 09:45 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-24 08:47 . 2009-06-24 08:47 -------- d-----w- c:\documents and settings\Laura\Local Settings\Application Data\AVG Security Toolbar
2009-06-24 07:32 . 2009-06-24 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 07:32 . 2009-06-24 07:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-22 09:14 . 2009-06-22 09:14 -------- d-----w- c:\documents and settings\Laura\Application Data\Simply Super Software
2009-06-20 11:13 . 2009-06-20 11:13 -------- d-----w- c:\documents and settings\Simon\PrivacIE
2009-06-20 11:06 . 2009-06-20 11:06 -------- d-----w- c:\documents and settings\Simon\IETldCache
2009-06-19 20:24 . 2009-06-19 20:24 -------- d-sh--w- c:\documents and settings\Laura\IECompatCache
2009-06-19 20:23 . 2009-06-19 20:23 -------- d-sh--w- c:\documents and settings\Laura\PrivacIE
2009-06-19 20:05 . 2009-06-19 20:05 -------- d-sh--w- c:\documents and settings\Laura\IETldCache
2009-06-19 19:26 . 2009-06-19 19:26 -------- d-sh--w- c:\documents and settings\Maureen Hedderman\PrivacIE
2009-06-19 19:24 . 2009-06-19 19:24 -------- d-sh--w- c:\documents and settings\Maureen Hedderman\IETldCache
2009-06-19 18:18 . 2009-06-19 18:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-19 18:10 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 18:10 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\windows\ie8updates
2009-06-19 18:08 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 18:03 . 2009-06-22 09:15 -------- dc-h--w- c:\windows\ie8
2009-06-19 09:04 . 2009-06-13 19:00 3015544 ----a-w- c:\documents and settings\Laura\Application Data\Simply Super Software\Trojan Remover\mka29.exe
2009-06-18 20:37 . 2009-06-18 20:37 -------- d-----w- c:\documents and settings\Laura\Application Data\Malwarebytes
2009-06-18 20:37 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 20:37 . 2009-06-22 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 20:37 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 19:26 . 2009-06-18 19:26 -------- d-----w- c:\program files\Glary Utilities
2009-06-17 17:31 . 2009-06-17 17:31 -------- d-----w- c:\program files\On Hand Software
2009-06-15 17:13 . 2009-06-17 17:31 -------- d-----w- c:\documents and settings\Louise\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 21:14 . 2009-04-18 09:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-08 13:39 . 2009-06-03 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-01 11:58 . 2008-12-23 09:31 -------- d-----w- c:\documents and settings\Laura\Application Data\skypePM
2009-07-01 11:58 . 2008-12-23 09:27 -------- d-----w- c:\documents and settings\Laura\Application Data\Skype
2009-07-01 11:20 . 2007-09-05 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-27 16:31 . 2006-11-05 19:27 -------- d-----w- c:\program files\Family Tree Maker 2005
2009-06-27 16:31 . 2006-12-01 20:37 -------- d-----w- c:\program files\DivX
2009-06-24 07:32 . 2009-04-24 11:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 07:32 . 2009-04-24 11:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 07:32 . 2009-04-24 11:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 09:14 . 2006-02-13 18:14 -------- d-----w- c:\documents and settings\Laura\Application Data\Apple Computer
2009-06-17 22:42 . 2007-03-26 20:48 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-17 17:08 . 2006-11-12 21:42 -------- d-----w- c:\program files\QuickTime
2009-06-15 16:28 . 2006-09-16 13:36 -------- d-----w- c:\documents and settings\Louise\Application Data\PC Suite
2009-06-15 15:45 . 2007-02-16 22:02 57496 ----a-w- c:\documents and settings\Louise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 08:29 . 2009-06-03 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-04 08:20 . 2009-06-04 08:20 -------- d-----w- c:\documents and settings\Laura\Application Data\TrojanHunter
2009-06-03 20:44 . 2005-10-29 19:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 20:40 . 2009-06-03 20:22 -------- d-----w- c:\program files\Lavasoft
2009-06-03 20:40 . 2009-06-03 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-03 09:08 . 2009-06-03 09:08 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-03 09:08 . 2009-06-03 09:08 -------- d-----w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll
2009-05-21 11:12 . 2009-05-21 11:12 -------- d-----w- c:\program files\CCleaner
2009-05-19 16:53 . 2009-05-19 15:04 -------- d-----w- c:\documents and settings\Laura\Application Data\SUPERAntiSpyware.com
2009-05-19 16:52 . 2009-05-19 15:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-19 15:05 . 2009-05-19 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-14 11:20 . 2009-04-26 12:36 -------- d-----w- c:\documents and settings\Simon\Application Data\AVGTOOLBAR
2009-05-13 05:15 . 2004-08-04 05:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 13:57 . 2009-04-24 11:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-28 19:04 . 2005-12-12 16:26 57496 ----a-w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 18:08 . 2009-04-22 14:16 15530016 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-04-26 12:40 . 2005-11-25 21:38 57496 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 17:24 . 2009-04-23 17:24 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-23 17:24 . 2009-04-23 17:24 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-23 17:24 . 2009-04-23 17:24 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-23 17:23 . 2009-04-23 17:25 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-23 13:45 . 2007-04-01 17:35 57496 ----a-w- c:\documents and settings\Laura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 16:29 . 2009-04-18 16:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-18 16:28 . 2009-04-18 12:48 152576 ----a-w- c:\documents and settings\Laura\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-18 12:47 . 2009-04-18 12:47 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-18 12:47 . 2009-04-18 12:47 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-18 12:47 . 2009-04-18 12:47 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-18 12:44 . 2009-04-18 12:50 33642704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng.exe
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-07_10.06.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-09 22:30 . 2009-07-09 22:30 16384 c:\windows\temp\Perflib_Perfdata_780.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-02-27 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 07:32 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Corel Photo Downloader"=c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [24/04/2009 12:41 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [24/04/2009 12:41 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/04/2009 12:40 298776]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [08/04/2009 10:29 55152]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [02/03/2006 17:18 515803]
S2 gupdate1c9a8837b0e06ce;Google Update Service (gupdate1c9a8837b0e06ce);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 12:11 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\NtpaSp50.sys [15/09/2006 13:36 17536]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [02/03/2006 17:18 10986]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-18 10:39]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 11:10]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 11:10]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:10]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:10]
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/ie/enu/gen/default.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Laura\Application Data\Mozilla\Firefox\Profiles\zhp5aqeh.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-t(...)
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 23:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3748)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\conime.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-09 23:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 22:44
ComboFix2.txt 2009-07-07 10:16
ComboFix3.txt 2009-07-05 18:51
ComboFix4.txt 2009-07-05 18:06
ComboFix5.txt 2009-07-09 22:17

Pre-Run: 111,490,387,968 bytes free
Post-Run: 111,501,008,896 bytes free

324 --- E O F --- 2009-06-19 18:11
répondre
Flavour le 10 juillet 2009 à 01h40
WOOOOOUHOOOOOU!!! Ca a marche!!! Je viens de faire une analyse avec Malwarebytes et elle n'a rien trouve!!! Je vous la poste quand meme et attends votre confirmation des fois qu'il y ait encore quelque chose a faire!!

Malwarebytes' Anti-Malware 1.38
Database version: 2384
Windows 5.1.2600 Service Pack 3

10/07/2009 00:38:33
mbam-log-2009-07-10 (00-38-33).txt

Scan type: Quick Scan
Objects scanned: 126864
Time elapsed: 15 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
répondre
dédétraqué le 10 juillet 2009 à 01h52
Salut Flavour


Effectivement, je n'avais pas remarqué que les clés étais bloquées.

Je te laisse au bon soin de bzhatao :hello:


@++ :)
répondre
bzhatao le 10 juillet 2009 à 19h41
:hello: Flavour

MERCI Dédétraqué pour le coup de pouce...et aussi pour le script !
==>>DIRECT ds la caisse a outils !!!!! (je ne le connaissais pas:
KillAll::

RegLockDel::

FLAVOUR:

As-tu d'autres soucis ?

Si non on finalisera....

a+
répondre
Flavour le 12 juillet 2009 à 15h03
Salut bzhatao!

Non, je n'ai pas d'autres soucis! Pas pour l'instant en tout cas... Pour moi le probleme est donc resolu, mais peut-etre qu'il y a des petites choses que tu me conseillerais de faire avant? Et est-ce que je peux supprimer toutes les applications telechargees ainsi que tous les logs crees?
-->Message édité par Flavour le 12/07/2009 17:53:52<--
répondre
bzhatao le 12 juillet 2009 à 16h21
:hello:flavour

Pour desinstaller les outils utilisés


Telecharge ToolsCleaner2--> http://pc-system.fr/TC/ToolsCleaner2.exe
-Une fois téléchargé, installe-le et lance-le
-Clique sur Recherche et laisse le scan se terminer
-Clique sur SUPPRESSION
-Clique sur Quitter pour que le rapport puisse se créer
-Poste moi le rapport se trouvant ici--> C:\TCleaner.txt


puis

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs(...)

* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre).
* Décoche la case plus vieux que 48 h



---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
XP:
http://www.tayo.fr/desactiver-restauration-systeme-sur-windows-xp-tutoriel.ph(...)
VISTA:
http://www.tayo.fr/desactiver-restauration-windows-vista-tutoriel.php

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
http://www.vulgarisation-informatique.com/creer-point-restauration.php

a+



répondre
Flavour le 12 juillet 2009 à 18h00
Voila le rapport de ToolsCleaner2:

[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\VundoFix.txt: trouv・!
C:\Combofix.txt: trouv・!
C:\rapport_clean.txt: trouv・!
C:\FindyKill.txt: trouv・!
C:\Vundofix backups: trouv・!
C:\Qoobox: trouv・!
C:\_OTM: trouv・!
C:\Rsit: trouv・!
C:\Documents and Settings\Laura\desktop\ComboFix.exe: trouv・!
C:\Program Files\trend micro\HijackThis.exe: trouv・!
C:\Program Files\trend micro\hijackthis.log: trouv・!

---------------------------------
--> Suppression:

C:\Documents and Settings\Laura\desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\HijackThis.exe: supprim・!
C:\VundoFix.txt: supprim・!
C:\Combofix.txt: supprim・!
C:\rapport_clean.txt: supprim・!
C:\FindyKill.txt: supprim・!
C:\Program Files\trend micro\hijackthis.log: supprim・!
C:\Vundofix backups: supprim・!
C:\Qoobox: supprim・!
C:\_OTM: supprim・!
C:\Rsit: supprim・!


Je fais le reste maintenant!
répondre
bzhatao le 12 juillet 2009 à 18h18
Supprimes Combofix ainsi :

->Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :

ComboFix /u

( laisses l'espace entre Combofix et /u )

-->Valides .

a+
répondre
Flavour le 14 juillet 2009 à 18h11
:hello: bzhatao!

Desole, j'avais plus acces a internet, probleme de modem...

Ca y est, j'ai fait tout ce que tu m'as dit pour l'instant, il y a encore des choses a faire?
répondre
bzhatao le 14 juillet 2009 à 18h33
:hello: Flavour

Eh bien,non si tu n'as plus de soucis!
Bons surfs...
Pour mettre le sujet en "RESOLU"
Remonte a ton tout premier message
clic sur < inclued picture >
Et en face du titre marque (RESOLU) puis "envoyer".

a+
répondre
Flavour le 15 juillet 2009 à 10h40
:hello: bzhatao et dedetraque!

OK je marque "RESOLU" dans un instant, mais d'abord je voulais vous dire un grand MERCI a tous les deux, j'aimerais dire plus specialement a toi bzhatao qui a passe plus de temps sur ce probleme, mais a toi aussi dedetraque car sans ta methode je crois que l'on y serait encore!

Encore merci! :super:
répondre
page précédente  1 - 2
ou aller à la page
 page suivante


PRODUITS

TÉLÉCHARGER - LOGICIELS

JEUX VIDÉOS

LOISIRS

01NET PRO

AVIS ET COMMENTAIRES

A PROPOS DE 01NET

Forum de 01net / Sécurité / Comment me debarrasser de ce rx toolbar? (RESOLU)
publicité
> ChanceRoom
Découvrez la nouvelle Poker Room montante.

Service 01net
Newsletters 01net
abonnez vous gratuitement !
Actus
Voir le dernier numéro
Entreprise
Voir le dernier numéro
  
01Informatique
01 INFORMATIQUE
L'hebdo de référence des décideurs informatiques.
Micro Hebdo
MICRO HEBDO
L'hebdo qui vous simplifie la micro
et Internet.
L'Ordinateur Individuel
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter  |  Charte de confiance  |  Voir notice légale

01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.