A l'aide pour autrui ... Résolu

**Eddy34**

Bonjour à toutes et tous,

Je suis en formation sur l'autre forum (Helper Formation) et une collègue m'a demandé d'examiner son rapport Hijackthis qui me semble beaucoup infecté, j'essayerai bien de me débrouiller seul mais là !!!!
Auriez vous l'amabilité de me donner un coup de main SVP ??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:04, on 2009-07-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Netscape Accélérateur\slipcore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Documents and Settings\Sandie Blanchette\Application Data\Save\Save.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell ... bd=6060913
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abonnes.lemonde.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell ... bd=6060913
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Mirar - {311CDB6D-5A35-4DCB-A0CA-276A0D89F5E1} - C:\WINDOWS\system32\win7478.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Accélérateur\PBHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Netscape Accélérateur\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - (no file)
O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O3 - Toolbar: (no name) - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Mirar - {311CDB6C-5A35-4DCB-A0CA-276A0D89F5E1} - C:\WINDOWS\system32\win7478.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Netscape Accélérateur\slipcore.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [Vivaty] "C:\Program Files\Vivaty\VivatyPlayer\vivaty.exe"
O4 - HKCU\..\Run: [Save] C:\Documents and Settings\Sandie Blanchette\Application Data\Save\Save.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\PornPass Manager\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\PornPass Manager\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2616494640
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - http://www.cortona3d.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.cogeco.ca/fr/OLS3.3/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O22 - SharedTaskScheduler: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OneStepSrch Service - Unknown owner - C:\Program Files\OneStepSrch\onestep.exe (file missing)
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Fichiers communs\SRS Labs Shared\Service\srslabslicenseservice.exe
O24 - Desktop Component 0: (no name) - http://image.tetesaclaques.tv/videos/04 ... -80pct.jpg

--
End of file - 12608 bytes

**clement3434**

Bonsoir Eddy et

Ton rapport comporte une infection qui a du être installée via d'autres infections sans doute invisible sur ce rapport : Toolbar Mirar
cette page t'aidera a t'en débarrasser :
http://forum-aide-contre-virus.be/Barres%20d%27outils%20ind%E9sirables%20%28toolbars%29%20-%20astuce.html

Envoi moi si possible le rapport MalwareBytes anti malware

Je remarque sinon plusieurs failles de sécurité :

Télécharge Adobe Reader 9 ICI
télécharge IE ICI

Je
vois aussi que certains programmes sont inutiles a charger, et une fois
que tu aura téléchargé ces mises à jours nous nous occuperons de ça et
je te ferai télécharger quelques logiciels Wink

PS : as tu Mozzila Firefox ??

**Eddy34**

Oui merci de m'avoir répondu si vite, et excuses moi de ne pas répondre de suite, je ne suis que l'intermédiaire et j'attends que la collègue réponde à mes demandes, donc voilà ce que tu me demandes, avec un peu d'avance car après avoir analysé son HJT je lui avais demandé de passer MBAM en prévision et voilà son rapport:
Je lui ai demandé aussi de me reposter un nouveau HJT

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2363
Windows 5.1.2600 Service Pack 3

2009-07-02 13:32:11
mbam-log-2009-07-02 (13-32-11).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 191147
Temps écoulé: 1 hour(s), 20 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\win7478.dll (Adware.Mirar) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{311cdb6c-5a35-4dcb-a0ca-276a0d89f5e1} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{311cdb6c-5a35-4dcb-a0ca-276a0d89f5e1} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{311cdb6c-5a35-4dcb-a0ca-276a0d89f5e1} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{311cdb6d-5a35-4dcb-a0ca-276a0d89f5e1} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{311cdb6d-5a35-4dcb-a0ca-276a0d89f5e1} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{311cdb6d-5a35-4dcb-a0ca-276a0d89f5e1} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{311cdb6c-5a35-4dcb-a0ca-276a0d89f5e1} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{311cdb6c-5a35-4dcb-a0ca-276a0d89f5e1} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\documents and settings\Sandie Blanchette\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
c:\program files\registry defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingAdvisor (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\win7478.dll (Adware.Mirar) -> Delete on reboot.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\application data\shoppingreport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\program files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
c:\program files\browsingadvisor\BrowsingAdvisor.dat (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\sandie blanchette\local settings\Temp\NN_MirarBar78_Installer_876993.exe (Adware.Mirar) -> Quarantined and deleted successfully.

**Eddy34**

Bonjour,
La collègue m'a posté un nouveau rapport HJT ainsi que celui de ToolbarSD recherche que voici et qui me semblent encore bien infectés, je vais lui faire exécuter l'option 2 de TB/SD:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:08:38, on 2009-07-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\Program Files\\Netscape Accélérateur\\slipcore.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe
C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\MétéoMédia\\MétéoÉclair\\WeatherEye.exe
C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avguard.exe
C:\\Documents and Settings\\Sandie Blanchette\\Application Data\\Save\\Save.exe
C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\WINDOWS\\system32\\cisvc.exe
C:\\Program Files\\Apple Computer\\DVD@ccess\\DVDAccess.exe
C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\system32\\cidaemon.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Trend Micro\\HijackThis\\HJT.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell ... bd=6060913
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\\Program Files\\AskSBar\\SrchAstt\\1.bin\\A2SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\\Program Files\\AskSBar\\SrchAstt\\1.bin\\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\\Program Files\\Netscape Accélérateur\\PBHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\\WINDOWS\\System32\\DLA\\DLASHX_W.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\\Program Files\\Netscape Accélérateur\\components\\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.1.1309.3572\\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: (no name) - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - (no file)
O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O3 - Toolbar: (no name) - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll
O4 - HKLM\\..\\Run: [Persistence] C:\\WINDOWS\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [SlipStream] "C:\\Program Files\\Netscape Accélérateur\\slipcore.exe"
O4 - HKLM\\..\\Run: [REGSHAVE] C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN
O4 - HKLM\\..\\Run: [ISUSPM Startup] C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup
O4 - HKLM\\..\\Run: [NBKeyScan] "C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe"
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run: [avgnt] "C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe" /min
O4 - HKLM\\..\\Run: [TkBellExe] "C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe" -osboot
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre6\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"
O4 - HKCU\\..\\Run: [Registry Cleaner] "C:\\Program Files\\Registry Cleaner Trial\\Regclean.exe" -startminimize
O4 - HKCU\\..\\Run: [msnmsgr] "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe" /background
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe"
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [WeatherEye] C:\\Program Files\\MétéoMédia\\MétéoÉclair\\WeatherEye.exe
O4 - HKCU\\..\\Run: [Vivaty] "C:\\Program Files\\Vivaty\\VivatyPlayer\\vivaty.exe"
O4 - HKCU\\..\\Run: [Save] C:\\Documents and Settings\\Sandie Blanchette\\Application Data\\Save\\Save.exe
O4 - HKLM\\..\\Policies\\Explorer\\Run: [isamonitor.exe] C:\\Program Files\\PornPass Manager\\isamonitor.exe
O4 - HKLM\\..\\Policies\\Explorer\\Run: [pmsngr.exe] C:\\Program Files\\PornPass Manager\\pmsngr.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\\Program Files\\Fichiers communs\\Adobe\\Calibration\\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\\windows\\system32\\nwprovau.dll
O12 - Plugin for .spop: C:\\Program Files\\Internet Explorer\\Plugins\\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2616494640
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - http://www.cortona3d.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.cogeco.ca/fr/OLS3.3/fscax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\FICHIE~1\\Skype\\SKYPE4~1.DLL
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O22 - SharedTaskScheduler: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\\Program Files\\Fichiers communs\\BOONTY Shared\\Service\\Boonty.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\\Program Files\\NOS\\bin\\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\\Program Files\\Intel\\PROSetWired\\NCS\\Sync\\NetSvc.exe
O23 - Service: OneStepSrch Service - Unknown owner - C:\\Program Files\\OneStepSrch\\onestep.exe (file missing)
O23 - Service: SRS Labs License Service - SRS Labs - C:\\Program Files\\Fichiers communs\\SRS Labs Shared\\Service\\srslabslicenseservice.exe
O24 - Desktop Component 0: (no name) - http://image.tetesaclaques.tv/videos/04 ... -80pct.jpg

--
End of file - 12651 bytes

**Eddy34**

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01
USER : Sandie Blanchette ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:52 Go (Free:33 Go)
D:\ (Local Disk) - NTFS - Total:18 Go (Free:8 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 2009-07-03| 0:20 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\SANDIE~1\Favoris\Bavette a l’échalote Recettes IGA.url
C:\Program Files\AskSBar
C:\Program Files\AskSBar\SrchAstt
C:\Program Files\AskSBar\SrchAstt\1.bin
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\DOCUME~1\SANDIE~1\APPLIC~1\HbTools_Icons
C:\DOCUME~1\SANDIE~1\APPLIC~1\HbTools_Icons\Registryrepair.ico
C:\DOCUME~1\SANDIE~1\APPLIC~1\HbTools_Icons\Software_Online_8.ico
C:\DOCUME~1\SANDIE~1\APPLIC~1\HbTools_Icons\wallpapere1.ico
C:\WINDOWS\Prefetch\NN_MIRARBAR78_INSTALLER_87699-1775C97B.pf

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Sandie Blanchette) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Redirect Cache"="http://sympatico.msn.ca/defaultf.aspx?lang=fr-ca&ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="
"Home_Page"="http://www1.ca.dell.com/content/default.aspx?c=ca&l=FR&s=gen"
"Help_Page"="http://www1.ca.dell.com/content/topics/reftopic.aspx/gen/fr/online_support?c=ca&l=fr&s=gen"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 2009-07-03| 0:21 - Option : [1]

-----------\\ Fin du rapport a 0:21:36,32

**Eddy34**

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01
USER : Sandie Blanchette ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:52 Go (Free:33 Go)
D:\ (Local Disk) - NTFS - Total:18 Go (Free:8 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 2009-07-03| 5:57 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskSBar\SrchAstt
Supprime! - C:\DOCUME~1\SANDIE~1\APPLIC~1\HbTools_Icons\Registryrepair.ico
Supprime! - C:\DOCUME~1\SANDIE~1\APPLIC~1\HbTools_Icons\Software_Online_8.ico
Supprime! - C:\DOCUME~1\SANDIE~1\APPLIC~1\HbTools_Icons\wallpapere1.ico
Supprime! - C:\WINDOWS\Prefetch\NN_MIRARBAR78_INSTALLER_87699-1775C97B.pf
Supprime! - C:\Program Files\AskSBar
Supprime! - C:\DOCUME~1\SANDIE~1\APPLIC~1\HbTools_Icons

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\SANDIE~1\Favoris\Bavette a l’échalote Recettes IGA.url

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Sandie Blanchette) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Redirect Cache"="http://sympatico.msn.ca/defaultf.aspx?lang=fr-ca&ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="
"Home_Page"="http://www1.ca.dell.com/content/default.aspx?c=ca&l=FR&s=gen"
"Help_Page"="http://www1.ca.dell.com/content/topics/reftopic.aspx/gen/fr/online_support?c=ca&l=fr&s=gen"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 2009-07-03| 0:21 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2009-07-03| 5:59 - Option : [2]

-----------\\ Fin du rapport a 5:59:41,39

**Anthony5151**

Bonjour à tous,

A la demande d'Eddy, je viens jeter un oeil sur ce sujet Wink

MalwareBytes et ToolbarS&D ont supprimé les barres d'outils Ask et Mirar, mais il y a encore des restes de l'adware WhenUSave, des restes de l'adware eoRezo (Plus d'infos ici sur eoRezo), et un trojan Zlob.

AD-Remover va supprimer les deux adwares :

● Désactive ton antivirus, car il risque de faire de fausses alertes sur le programme suivant.
● Télécharge Ad-Remover (de C_XX) sur ton Bureau.
● /!\ Déconnecte toi et ferme toutes les applications en cours /!\
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Clique sur le raccourci pour le lancer
● Au menu principal choisis l'option "L" (lancer le nettoyage)
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report.log)

Aide en images : Installation
Aide en images : Nettoyage

Ensuite, on passe à Combofix pour s'occuper de Zlob :

A l'attention de ceux qui passent sur ce sujet
Ce logiciel n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helper du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

Télécharge ComboFix (de sUBs) sur ton Bureau.
Double-clique sur ComboFix.exe afin de le lancer.
Il va te demander d'installer la console de récupération : accepte.
Ne touche à rien pendant le scan.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

_________________

**Eddy34**

C'est vraiment du sport de haut niveau Helper, là je suis un peu débordé, merci de ton aide...

Avant d'avoir ta réponse et comme elle était infectée par Pornpassmanager je lui ai fait exécuter la 1ere partie de
SmitFraudFix dont voici le rapport (que je ne sais pas analyser.....) je vais lui faire passer Ad-remover et Combofix.
SmitFraudFix v2.423

Rapport fait à 9:11:33,71, 2009-07-03
Executé à partir de C:\Documents and Settings\Sandie Blanchette\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Netscape Accélérateur\slipcore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\Sandie Blanchette\Application Data\Save\Save.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sandie Blanchette\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sandie Blanchette

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SANDIE~1\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sandie Blanchette\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SANDIE~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\MMediaCodec\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://image.tetesaclaques.tv/videos/046.le.cannibale-80pct.jpg"
"SubscribedURL"="http://image.tetesaclaques.tv/videos/046.le.cannibale-80pct.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 205.151.67.6
DNS Server Search Order: 205.151.67.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F1EEF4B-547D-4EDE-9505-352D5E7DFE8C}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F1EEF4B-547D-4EDE-9505-352D5E7DFE8C}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8F1EEF4B-547D-4EDE-9505-352D5E7DFE8C}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=205.151.67.6 205.151.67.2

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

**Eddy34**

Bonsoir, voici le rapport Ad-remover, pour ce qui est de lui faire exécuter Combofix, j'ai un peu la pétoche l'ordi n'est pas à moi !!!

======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:42:19, 2009-07-03 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: ELLIE | Utilisateur actuel: Sandie Blanchette
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Sandie Blanchette
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: "OneStepSrch Service"
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSrch
HKLM\Software\OneStepSrch
HKLM\SYSTEM\ControlSet002\Services\OneStepSrch Service
HKCR\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
.
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\cache
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\ConfMedia.cyp.old
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\EoClock.cfg
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\EoClockVal.cfg
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\EoClockVal_2AAB2F6.cfg
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\1.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\10.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\11.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\12.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\13.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\14.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\15.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\16.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\17.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\18.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\19.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\2.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\3.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\33.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\4.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\5.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\6.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\7.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\8.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\9.txt
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo\db\cat.nfo
C:\DOCUME~1\SANDIE~1\APPLIC~1\EoRezo
C:\Program Files\OneStepSrch\home.js
C:\Program Files\OneStepSrch\onestep.dll
C:\Program Files\OneStepSrch\osopt.exe
C:\Program Files\OneStepSrch\readme.html
C:\Program Files\OneStepSrch\uninstall.exe
C:\Program Files\OneStepSrch
C:\DOCUME~1\SANDIE~1\LOCALS~1\Temp\nsp58.tmp\NSIS_Picasa.dll
C:\DOCUME~1\SANDIE~1\LOCALS~1\Temp\nsp58.tmp\System.dll
C:\DOCUME~1\SANDIE~1\LOCALS~1\Temp\nsp58.tmp\utos-gb-fr.txt
C:\DOCUME~1\SANDIE~1\LOCALS~1\Temp\nsp58.tmp

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 2.0.0.14 *

Nom du profil: atuenz3v.default (Sandie Blanchette)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://abonnes.lemonde.fr/web/desk/0,26-3424,1-0,0.html");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.14");
.
.

* Internet Explorer Version 8.0.6001.18702 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Start Page: hxxp://sympatico.msn.ca/defaultf.aspx?l ... &ocid=iehp

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
5089 Octet(s) - C:\Ad-Report-CLEAN.log
.
536 Fichier(s) - C:\DOCUME~1\SANDIE~1\LOCALS~1\Temp
279 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
38 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 13:15:56 | 2009-07-03
.
============== E.O.F ==============

**Anthony5151**

Bonjour Eddy,

Si ton amie suit bien ce que je t'ai indiqué, en particulier la désactivation de tous ses logiciels de protection avant de lancer Combofix, il n'y a pas de raison que ça se passe mal. Au pire, s'il y avait un problème, il y a possibilité de revenir en arrière (Combofix crée automatiquement un point de restauration système et une sauvegarde du Registre avant de scanner l'ordinateur) ou de réparer avec la console de récupération Wink

Au passage, je t'avertis que je pars en vacances cette semaine. Si des volontaires veulent poursuivre la désinfection à ma place, pas de problème, sinon je reviendrai répondre au plus tard lundi 13 juillet Wink

@+

_________________

**Eddy34**

Bonjour Anthony et Geoffrey,

Oui un grand merci de Montréal, effectivement comme vous le préconisiez Combofix a bien fait son travail de nettoyage.
J'étais très anxieux car l'avertissement de précautions du canned me faisait peur pour ma collègue qui marchait sur des ampoules car vraiment novice en informatique et moi je ne m'estime pas encore assez fort dans ma formation pour faire courrir de gros risques aux personnes que je dépanne, (c'est ce que vous m'aviez enseigné au début des cours de helper...)

Donc encore merci et bonnes vacances à toi Anthony.
PS: Je fais un copié/collé de ce message à la suite du 2ème que j'ai posté...
Eddy