PC PORTABLE infecté ?

AZERTY -  
 Utilisateur anonyme -
Bonjour,
Depuis quelque temps j'ai remarqué que mon pc portable tourné un peu plus lentement alors une question me domine mon pcd est il infecté voici un rapport de RSIT si quelq'un aurait bien le plaisir de bien vouloir décrypter le rapport ci joint :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Manu at 2009-07-01 17:22:47
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 75 GB (73%) free of 103 GB
Total RAM: 2037 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:07, on 01/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Manu\Downloads\RSIT.exe
C:\Program Files\trend micro\Manu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=101677&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9cb4957e9dd91) (gupdate1c9cb4957e9dd91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11635 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{8FD5F81A-2F3F-4F00-9752-7921488116C2}.job
C:\Windows\tasks\User_Feed_Synchronization-{E1D36D13-11DD-4582-8359-292571345D4E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-01 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-10-25 212992]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-07-30 1647912]
"SmAudio"=C:\Program Files\Conexant\SmartAudio\SmAudio.exe [2007-10-10 2782536]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-07-14 570664]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-06-12 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-06-12 1057064]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-07-30 2363392]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-02-19 202064]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-07-01 17:14:54 ----DC---- C:\Program Files\trend micro
2009-07-01 17:14:53 ----DC---- C:\rsit
2009-06-11 18:09:25 ----AC---- C:\Windows\system32\EncDec.dll
2009-06-11 18:09:24 ----AC---- C:\Windows\system32\psisdecd.dll
2009-06-11 18:09:12 ----AC---- C:\Windows\system32\localspl.dll
2009-06-11 18:09:10 ----AC---- C:\Windows\system32\mshtml.dll
2009-06-11 18:09:09 ----AC---- C:\Windows\system32\ieframe.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\wininet.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\urlmon.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\jsproxy.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\ieui.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\iesetup.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\iertutil.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\iernonce.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\iedkcs32.dll
2009-06-11 18:09:08 ----AC---- C:\Windows\system32\ie4uinit.exe
2009-06-11 18:09:06 ----AC---- C:\Windows\system32\rpcrt4.dll
2009-06-06 21:28:04 ----DC---- C:\Program Files\UrbanTerror
2009-06-03 15:12:14 ----DC---- C:\Users\Manu\AppData\Roaming\WildTangent
2009-05-26 17:00:05 ----DC---- C:\Program Files\Microsoft Silverlight
2009-05-26 16:58:17 ----DC---- C:\Windows\system32\x64
2009-05-26 16:41:06 ----AC---- C:\Windows\system32\mshtmled.dll
2009-05-26 16:41:05 ----AC---- C:\Windows\system32\msls31.dll
2009-05-26 16:41:05 ----AC---- C:\Windows\system32\mshtmler.dll
2009-05-26 16:41:05 ----AC---- C:\Windows\system32\icardie.dll
2009-05-26 16:41:05 ----AC---- C:\Windows\system32\corpol.dll
2009-05-26 16:41:05 ----AC---- C:\Windows\system32\admparse.dll
2009-05-26 16:41:04 ----AC---- C:\Windows\system32\imgutil.dll
2009-05-26 16:41:04 ----AC---- C:\Windows\system32\ieakeng.dll
2009-05-26 16:41:04 ----AC---- C:\Windows\system32\dxtrans.dll
2009-05-26 16:41:04 ----AC---- C:\Windows\system32\dxtmsft.dll
2009-05-26 16:41:03 ----AC---- C:\Windows\system32\webcheck.dll
2009-05-26 16:41:03 ----AC---- C:\Windows\system32\occache.dll
2009-05-26 16:41:03 ----AC---- C:\Windows\system32\msrating.dll
2009-05-26 16:41:03 ----AC---- C:\Windows\system32\msfeedsbs.dll
2009-05-26 16:41:03 ----AC---- C:\Windows\system32\licmgr10.dll
2009-05-26 16:41:03 ----AC---- C:\Windows\system32\inseng.dll
2009-05-26 16:41:03 ----AC---- C:\Windows\system32\iepeers.dll
2009-05-26 16:41:03 ----AC---- C:\Windows\system32\ieaksie.dll
2009-05-26 16:41:02 ----AC---- C:\Windows\system32\WinFXDocObj.exe
2009-05-26 16:41:02 ----AC---- C:\Windows\system32\wextract.exe
2009-05-26 16:41:02 ----AC---- C:\Windows\system32\mstime.dll
2009-05-26 16:41:02 ----AC---- C:\Windows\system32\msfeedssync.exe
2009-05-26 16:41:02 ----AC---- C:\Windows\system32\ieakui.dll
2009-05-26 16:41:01 ----AC---- C:\Windows\system32\vbscript.dll
2009-05-26 16:41:01 ----AC---- C:\Windows\system32\url.dll
2009-05-26 16:41:01 ----AC---- C:\Windows\system32\pngfilt.dll
2009-05-26 16:41:01 ----AC---- C:\Windows\system32\msfeeds.dll
2009-05-26 16:41:01 ----AC---- C:\Windows\system32\jscript.dll
2009-05-26 16:41:01 ----AC---- C:\Windows\system32\ieapfltr.dll
2009-05-26 16:41:01 ----AC---- C:\Windows\system32\advpack.dll
2009-05-26 16:40:59 ----AC---- C:\Windows\system32\SetIEInstalledDate.exe
2009-05-26 16:40:59 ----AC---- C:\Windows\system32\SetDepNx.exe
2009-05-26 16:40:59 ----AC---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-05-26 16:40:59 ----AC---- C:\Windows\system32\PDMSetup.exe
2009-05-26 16:40:59 ----AC---- C:\Windows\system32\mshta.exe
2009-05-26 16:40:59 ----AC---- C:\Windows\system32\iexpress.exe
2009-05-26 16:40:59 ----AC---- C:\Windows\system32\ieUnatt.exe
2009-05-26 16:40:59 ----AC---- C:\Windows\system32\iesysprep.dll
2009-05-26 16:14:14 ----AC---- C:\Windows\system32\infocardapi.dll
2009-05-26 16:14:13 ----AC---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-26 16:14:12 ----AC---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-26 16:14:12 ----AC---- C:\Windows\system32\icardres.dll
2009-05-26 16:14:12 ----AC---- C:\Windows\system32\icardagt.exe
2009-05-26 16:14:10 ----AC---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-26 16:14:08 ----AC---- C:\Windows\system32\PresentationHost.exe
2009-05-26 16:07:29 ----AC---- C:\Windows\system32\dfshim.dll
2009-05-26 16:07:24 ----AC---- C:\Windows\system32\mscoree.dll
2009-05-26 16:07:23 ----AC---- C:\Windows\system32\netfxperf.dll
2009-05-26 16:07:07 ----AC---- C:\Windows\system32\mscorier.dll
2009-05-26 16:07:02 ----AC---- C:\Windows\system32\mscories.dll
2009-05-20 17:39:15 ----AC---- C:\Windows\system32\AdvrCntr2D6E0B790.dll
2009-05-20 17:38:18 ----AC---- C:\Windows\system32\ShellManager10E2D762.dll
2009-05-20 17:06:39 ----DC---- C:\Program Files\Common Files\LightScribe
2009-05-20 17:03:05 ----DC---- C:\ProgramData\Nero
2009-05-20 16:31:41 ----DC---- C:\MyWorks
2009-05-18 20:21:20 ----DC---- C:\Users\Manu\AppData\Roaming\muvee Technologies
2009-05-18 19:43:55 ----DC---- C:\ProgramData\TEMP
2009-05-17 05:01:16 ----DC---- C:\Program Files\vLite
2009-05-16 20:54:12 ----DC---- C:\ProgramData\LightScribe
2009-05-14 22:01:16 ----AC---- C:\kjqpew.txt
2009-05-09 07:11:04 ----DC---- C:\Users\Manu\AppData\Roaming\Hide IP NG
2009-05-08 13:15:47 ----DC---- C:\Program Files\AnalogX
2009-05-08 13:04:51 ----AC---- C:\log.txt
2009-05-08 11:10:12 ----DC---- C:\Users\Manu\AppData\Roaming\vlc
2009-05-08 11:03:17 ----DC---- C:\Program Files\VideoLAN
2009-05-07 22:50:18 ----DC---- C:\Program Files\Bosco
2009-05-02 20:46:37 ----DC---- C:\ProgramData\AOL OCP
2009-05-02 20:46:36 ----DC---- C:\ProgramData\AOL
2009-05-02 18:12:13 ----AC---- C:\Windows\NeroDigital.ini
2009-05-02 18:01:15 ----DC---- C:\Program Files\filehippo.com
2009-05-02 17:37:01 ----DC---- C:\Users\Manu\AppData\Roaming\Ahead
2009-05-02 17:35:35 ----DC---- C:\ProgramData\Ahead
2009-05-02 17:27:25 ----DC---- C:\Program Files\Nero
2009-05-02 17:27:25 ----DC---- C:\Program Files\Common Files\Ahead
2009-05-02 12:02:57 ----DC---- C:\Windows\Sun
2009-05-02 11:11:40 ----DC---- C:\Users\Manu\AppData\Roaming\FrostWire
2009-05-02 11:11:07 ----DC---- C:\Program Files\Mozilla Firefox
2009-05-02 11:11:07 ----DC---- C:\Program Files\AskBarDis
2009-05-02 11:11:05 ----DC---- C:\Program Files\FrostWire
2009-05-01 22:15:54 ----DC---- C:\Users\Manu\AppData\Roaming\IObit
2009-05-01 22:15:54 ----DC---- C:\Program Files\IObit
2009-05-01 21:35:04 ----AC---- C:\Windows\WinInit.Ini
2009-05-01 21:33:12 ----DC---- C:\Users\Manu\AppData\Roaming\Malwarebytes
2009-05-01 20:38:33 ----DC---- C:\Users\Manu\AppData\Roaming\Macromedia
2009-05-01 20:38:33 ----DC---- C:\Users\Manu\AppData\Roaming\Adobe
2009-05-01 20:28:27 ----DC---- C:\Users\Manu\AppData\Roaming\CyberLink
2009-05-01 18:45:54 ----DC---- C:\Users\Manu\AppData\Roaming\Mozilla
2009-05-01 18:43:14 ----DC---- C:\Users\Manu\AppData\Roaming\Hewlett-Packard
2009-05-01 18:42:09 ----DC---- C:\Users\Manu\AppData\Roaming\FaxCtr
2009-05-01 18:41:40 ----DC---- C:\Users\Manu\AppData\Roaming\Identities
2009-05-01 18:41:31 ----DC---- C:\Users\Manu\AppData\Roaming\Media Center Programs
2009-05-01 18:41:30 ----SDC---- C:\Users\Manu\AppData\Roaming\Microsoft
2009-05-01 17:52:15 ----DC---- C:\Program Files\Microsoft
2009-05-01 17:52:00 ----DC---- C:\Program Files\Windows Live SkyDrive
2009-05-01 17:51:42 ----DC---- C:\Program Files\Windows Live
2009-05-01 17:43:50 ----DC---- C:\Program Files\Common Files\Windows Live
2009-05-01 17:41:02 ----DC---- C:\Windows\system32\Adobe
2009-05-01 17:40:39 ----DC---- C:\Program Files\Common Files\Adobe
2009-05-01 17:40:39 ----DC---- C:\Program Files\Adobe
2009-05-01 17:38:32 ----DC---- C:\Program Files\7-Zip
2009-05-01 17:37:18 ----DC---- C:\Program Files\QuickTime
2009-05-01 17:37:16 ----DC---- C:\ProgramData\Apple Computer
2009-05-01 17:36:35 ----DC---- C:\ProgramData\Apple
2009-05-01 17:36:35 ----DC---- C:\Program Files\Apple Software Update
2009-05-01 17:35:10 ----AC---- C:\Windows\system32\javaws.exe
2009-05-01 17:35:10 ----AC---- C:\Windows\system32\javaw.exe
2009-05-01 17:35:10 ----AC---- C:\Windows\system32\java.exe
2009-05-01 17:35:10 ----AC---- C:\Windows\system32\deploytk.dll
2009-05-01 17:24:55 ----DC---- C:\Program Files\Common Files\DESIGNER
2009-05-01 17:24:20 ----DC---- C:\Program Files\Microsoft Visual Studio
2009-05-01 16:29:30 ----DC---- C:\ProgramData\Spybot - Search & Destroy
2009-05-01 16:29:30 ----DC---- C:\Program Files\Spybot - Search & Destroy
2009-05-01 16:22:42 ----DC---- C:\ProgramData\Avira
2009-05-01 16:22:42 ----DC---- C:\Program Files\Avira
2009-05-01 15:42:17 ----A---- C:\Windows\system32\winhttp.dll
2009-05-01 15:42:15 ----A---- C:\Windows\system32\xolehlp.dll
2009-05-01 15:42:15 ----A---- C:\Windows\system32\msdtcprx.dll
2009-05-01 15:41:51 ----A---- C:\Windows\system32\wmp.dll
2009-05-01 15:41:51 ----A---- C:\Windows\system32\spwmp.dll
2009-05-01 15:41:50 ----A---- C:\Windows\system32\wmploc.DLL
2009-05-01 15:41:50 ----A---- C:\Windows\system32\dxmasf.dll
2009-05-01 15:41:44 ----A---- C:\Windows\system32\rpcss.dll
2009-05-01 15:41:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-05-01 15:41:44 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-05-01 15:41:43 ----A---- C:\Windows\system32\sdohlp.dll
2009-05-01 15:41:43 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-05-01 15:41:43 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-05-01 15:41:43 ----A---- C:\Windows\system32\iasrecst.dll
2009-05-01 15:41:43 ----A---- C:\Windows\system32\iashost.exe
2009-05-01 15:41:43 ----A---- C:\Windows\system32\iasdatastore.dll
2009-05-01 15:41:43 ----A---- C:\Windows\system32\iasads.dll
2009-05-01 15:41:35 ----A---- C:\Windows\system32\secur32.dll
2009-05-01 15:41:35 ----A---- C:\Windows\system32\lsasrv.dll
2009-05-01 15:41:35 ----A---- C:\Windows\system32\kernel32.dll
2009-05-01 15:41:35 ----A---- C:\Windows\system32\apilogen.dll
2009-05-01 15:41:35 ----A---- C:\Windows\system32\amxread.dll
2009-05-01 15:41:29 ----A---- C:\Windows\system32\schannel.dll
2009-05-01 15:03:11 ----DC---- C:\Program Files\Mozilla Firefox 3.1 Beta 3
2009-05-01 11:39:17 ----DC---- C:\ProgramData\Malwarebytes
2009-05-01 11:39:07 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-30 21:31:58 ----DC---- C:\Program Files\Microsoft Encarta
2009-04-30 21:31:37 ----DC---- C:\Windows\Lhsp
2009-04-30 19:12:27 ----DC---- C:\Securitoo
2009-04-30 19:02:55 ----AC---- C:\Windows\ODBC.INI
2009-04-30 19:02:51 ----A---- C:\Windows\system32\mdimon.dll
2009-04-30 18:56:14 ----DC---- C:\Windows\PCHEALTH
2009-04-30 18:56:14 ----DC---- C:\Program Files\Microsoft.NET
2009-04-30 18:55:00 ----RHDC---- C:\MSOCache
2009-04-30 18:26:37 ----DC---- C:\Program Files\CCleaner
2009-04-30 13:33:02 ----DC---- C:\logs
2009-04-30 13:32:17 ----DC---- C:\Program Files\AIDA32 - Personal System Information

======List of files/folders modified in the last 3 months======

2009-07-01 17:22:51 ----DC---- C:\Windows\Temp
2009-07-01 17:14:54 ----RDC---- C:\Program Files
2009-07-01 17:13:18 ----DC---- C:\Windows\System32
2009-07-01 17:13:17 ----DC---- C:\Windows\inf
2009-07-01 17:13:17 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-06-30 20:48:04 ----SHD---- C:\System Volume Information
2009-06-28 20:27:54 ----D---- C:\Windows\winsxs
2009-06-28 20:27:53 ----DC---- C:\Program Files\Internet Explorer
2009-06-26 08:42:54 ----DC---- C:\Windows\system32\catroot
2009-06-23 18:43:35 ----SHDC---- C:\Windows\Installer
2009-06-23 18:43:35 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-06-12 12:37:18 ----DC---- C:\Windows\Microsoft.NET
2009-06-11 19:52:49 ----DC---- C:\Windows\ehome
2009-06-11 19:52:46 ----DC---- C:\Windows\system32\migration
2009-06-11 18:16:29 ----DC---- C:\Program Files\Microsoft Works
2009-06-11 18:14:45 ----AC---- C:\Windows\win.ini
2009-06-11 18:10:42 ----DC---- C:\Windows\system32\catroot2
2009-06-10 12:53:24 ----DC---- C:\Windows\system32\drivers
2009-06-06 19:32:49 ----SDC---- C:\Windows\Downloaded Program Files
2009-06-03 15:16:13 ----DC---- C:\ProgramData\WildTangent
2009-06-03 15:15:18 ----DC---- C:\Windows\Tasks
2009-06-03 15:15:18 ----DC---- C:\Windows\system32\Tasks
2009-05-28 11:24:41 ----RSDC---- C:\Windows\assembly
2009-05-26 17:30:06 ----D---- C:\Windows\rescache
2009-05-26 17:12:50 ----DC---- C:\Windows
2009-05-26 17:12:49 ----DC---- C:\Program Files\Apoint2K
2009-05-26 17:10:52 ----DC---- C:\Windows\system32\fr-FR
2009-05-26 17:10:49 ----DC---- C:\Windows\system32\en-US
2009-05-26 17:10:49 ----DC---- C:\Windows\PolicyDefinitions
2009-05-26 17:10:27 ----DC---- C:\Windows\system32\XPSViewer
2009-05-26 17:10:27 ----DC---- C:\Windows\system32\wbem
2009-05-26 16:59:47 ----DC---- C:\Windows\system
2009-05-26 16:27:38 ----DC---- C:\Program Files\CONEXANT
2009-05-26 16:27:08 ----DC---- C:\Windows\twain_32
2009-05-20 17:06:39 ----DC---- C:\Program Files\Common Files
2009-05-20 17:03:05 ----HDC---- C:\ProgramData
2009-05-20 16:32:08 ----DC---- C:\Program Files\CyberLink
2009-05-18 17:29:23 ----DC---- C:\Program Files\Google
2009-05-17 05:39:29 ----DC---- C:\Windows\SMINST
2009-05-14 23:12:35 ----DC---- C:\Windows\system32\config
2009-05-14 23:11:29 ----RSDC---- C:\Windows\Media
2009-05-14 23:11:29 ----RDC---- C:\Windows\Offline Web Pages
2009-05-14 23:11:18 ----DC---- C:\Windows\system32\spool
2009-05-14 23:11:18 ----DC---- C:\Windows\system32\Msdtc
2009-05-14 23:10:58 ----DC---- C:\Windows\registration
2009-05-14 23:06:37 ----DC---- C:\Windows\system32\LogFiles
2009-05-13 18:59:21 ----DC---- C:\Program Files\Windows Mail
2009-05-10 22:25:36 ----SDC---- C:\ProgramData\Microsoft
2009-05-08 12:17:10 ----SHDC---- C:\$RECYCLE.BIN
2009-05-03 13:56:38 ----DC---- C:\Windows\system32\Macromed
2009-05-02 21:51:34 ----DC---- C:\Windows\Prefetch
2009-05-02 09:46:46 ----RDC---- C:\Users
2009-05-02 09:32:54 ----RSDC---- C:\Windows\Fonts
2009-05-02 09:32:07 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-05-01 20:29:08 ----DC---- C:\Program Files\Hp
2009-05-01 17:56:38 ----DC---- C:\Windows\Debug
2009-05-01 17:41:20 ----DC---- C:\ProgramData\Adobe
2009-05-01 17:34:27 ----DC---- C:\Program Files\Java
2009-05-01 17:27:46 ----DC---- C:\Windows\IME
2009-05-01 17:27:37 ----DC---- C:\Windows\ShellNew
2009-05-01 17:23:32 ----DC---- C:\Windows\Help
2009-05-01 16:53:26 ----DC---- C:\ProgramData\CyberLink
2009-05-01 16:15:33 ----DC---- C:\Program Files\Windows Media Player
2009-05-01 16:15:31 ----DC---- C:\Windows\system32\manifeststore
2009-05-01 16:15:31 ----DC---- C:\Windows\AppPatch
2009-05-01 15:59:38 ----DC---- C:\ProgramData\F-Secure
2009-05-01 10:35:08 ----DC---- C:\Windows\system32\WDI
2009-04-30 21:31:31 ----DC---- C:\Windows\Speech
2009-04-30 18:58:43 ----DC---- C:\Program Files\Microsoft Office
2009-04-30 18:57:43 ----DC---- C:\Program Files\Common Files\System
2009-04-30 18:40:10 ----DC---- C:\Program Files\Windows Sidebar
2009-04-30 18:40:10 ----DC---- C:\Program Files\Windows NT
2009-04-30 18:40:05 ----RDC---- C:\Program Files\Online Services
2009-04-30 18:39:58 ----DC---- C:\Program Files\Hewlett-Packard
2009-04-30 18:33:21 ----DC---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;Nero InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2008-06-12 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\Windows\system32\drivers\InCDRm.sys [2008-06-12 38312]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-10-29 162088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 735232]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-26 201728]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-05-26 40160]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-03-27 1810992]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R4 InCDfs;Nero InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2008-06-12 118952]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 Ltn_stk7070P;PCTV based TV tuner device; C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver; C:\Windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-01-19 131000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2007-12-05 144688]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-06-12 1553192]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-07-30 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 slave;Bosco - Module Esclave; C:\Program Files\Bosco\slave.exe [2009-05-07 54272]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S1 InCDrec;Nero InCD File System Recognizer; C:\Windows\system32\drivers\InCDRec.sys [2008-06-12 16936]
S2 gupdate1c9cb4957e9dd91;Google Update Service (gupdate1c9cb4957e9dd91); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-02 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-07-30 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
Configuration: Windows Vista
Firefox 3.5

18 réponses

  1. Utilisateur anonyme
     
    Bonjour

    Effectivement tu es infecté

    • Télécharge:https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
    • !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
    • Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider
    • Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
    • Choisis l'option 1 ( "recherche") et tapes "entrée" .
    • Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ...
    • ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
    • Tuto :[ https://sites.google.com/site/toolbarsd/aideenimages toolbarSD]

    0
  2. AZERTY
     
    D'abord merci de m'accorder un peu de temps voici le rapport demandé

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
    BIOS : Default System BIOS
    USER : Manu ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:100 Go (Free:73 Go)
    D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
    E:\ (CD or DVD)
    F:\ (USB) - FAT - Total:960 Mo (Free:0 Go)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 01/07/2009|17:42 )

    [ UAC => 0 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskBarDis
    C:\Program Files\AskBarDis\bar
    C:\Program Files\AskBarDis\unins000.dat
    C:\Program Files\AskBarDis\unins000.exe
    C:\Program Files\AskBarDis\bar\bin
    C:\Program Files\AskBarDis\bar\Settings
    C:\Program Files\AskBarDis\bar\bin\askBar.dll
    C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
    C:\Program Files\AskBarDis\bar\bin\psvince.dll
    C:\Program Files\AskBarDis\bar\Settings\config.dat
    C:\Program Files\AskBarDis\bar\Settings\config.dat.bak

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.ask.com/?o=101677&l=dis"
    "Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF"
    "Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\Windows\\System32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 01/07/2009|17:43 - Option : [1]

    -----------\\ Fin du rapport a 17:43:30,10
    0
  3. Utilisateur anonyme
     
    Attention.Même si ton pc fonctionne mieux il reste des infections a traiter.
    • Nettoyage avec ToolBar S&D :
    • !! Déconnectes toi et fermes toute tes applications en cours le temps de la
    manipe !!
    • Relances Toolbar-S&D en double-cliquant sur le raccourci.
    • Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
    • Note : Ne touches à rien lors de la suppression !!
    • Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
    • Accompagné d'un nouveau rapport hijackthis pour analyse ...
    0
  4. AZERTY
     
    Voici le rapport àprès désinfection et merci encore:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
    BIOS : Default System BIOS
    USER : Manu ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:100 Go (Free:73 Go)
    D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
    E:\ (CD or DVD)
    F:\ (USB) - FAT - Total:960 Mo (Free:0 Go)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 01/07/2009|18:01 )

    [ UAC => 1 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskBarDis\bar
    Supprime! - C:\Program Files\AskBarDis\unins000.dat
    Supprime! - C:\Program Files\AskBarDis\unins000.exe
    Supprime! - C:\Program Files\AskBarDis

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.ask.com/?o=101677&l=dis"
    "Default_Page_URL"="http://ie.redirect.hp.com/..."
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Page_URL"="http://ie.redirect.hp.com/..."
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\Windows\\System32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 01/07/2009|17:43 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 01/07/2009|18:03 - Option : [2]

    -----------\\ Fin du rapport a 18:03:19,30
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Dis moi si tu utilises le programme" bosco"?
    0
  7. AZERTY
     
    OUI j'ai eu besoin d'utilisé bosco à certain moment

    Le nouveau rapport RSIT

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Manu at 2009-07-01 18:12:52
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 75 GB (73%) free of 103 GB
    Total RAM: 2037 MB (51% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:13:15, on 01/07/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Manu\Downloads\RSIT.exe
    C:\Program Files\trend micro\Manu.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=101677&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1c9cb4957e9dd91) (gupdate1c9cb4957e9dd91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  8. Utilisateur anonyme
     
    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    /!\ Désactive tous tes logiciels de protection /!\

    • Télécharge combofix(de sUBs) sur ton Bureau.
    • Double-clique sur ComboFix.exe afin de le lancer.
    • Il va te demander d'installer la console de récupération : accepte.
    • Ne touche à rien pendant le scan.
    • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
    0
  9. AZERTY
     
    Voici le rapport de combofix

    ComboFix 09-06-30.03 - Manu 02/07/2009 8:23.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1046 [GMT 2:00]
    Lancé depuis: c:\users\Manu\Downloads\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Exécution préalable -------
    .
    c:\users\Manu\AppData\Local\MICROS~1\Windows\TEMPOR~1\tmpFE32.tmp
    c:\users\Manu\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpFE32.tmp
    c:\windows\system32\KBL.LOG
    D:\Desktop.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-02 au 2009-07-02 ))))))))))))))))))))))))))))))))))))
    .

    2009-07-01 15:42 . 2009-07-01 16:03 -------- dc----w- C:\ToolBar SD
    2009-07-01 15:14 . 2009-07-01 16:12 -------- dc----w- c:\program files\trend micro
    2009-07-01 15:14 . 2009-07-01 15:18 -------- dc----w- C:\rsit
    2009-06-06 19:28 . 2009-06-06 19:34 -------- dc----w- c:\program files\UrbanTerror
    2009-06-03 13:12 . 2009-06-03 13:12 -------- dc----w- c:\users\Manu\AppData\Roaming\WildTangent

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-01 16:39 . 2009-05-01 13:03 -------- dc----w- c:\program files\Mozilla Firefox 3.1 Beta 3
    2009-07-01 15:59 . 2009-05-01 09:39 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-01 15:13 . 2008-03-07 10:12 677554 -c--a-w- c:\windows\system32\perfh00C.dat
    2009-07-01 15:13 . 2008-03-07 10:12 126862 -c--a-w- c:\windows\system32\perfc00C.dat
    2009-06-30 18:53 . 2009-05-02 09:11 -------- dc----w- c:\users\Manu\AppData\Roaming\FrostWire
    2009-06-23 16:43 . 2008-03-07 01:36 -------- dc-h--w- c:\program files\InstallShield Installation Information
    2009-06-17 09:27 . 2009-05-01 09:39 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 09:27 . 2009-05-01 09:39 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-11 16:16 . 2008-03-07 02:07 -------- dc----w- c:\program files\Microsoft Works
    2009-06-10 10:53 . 2009-05-01 14:29 -------- dc----w- c:\progra~2\Spybot - Search & Destroy
    2009-06-03 13:16 . 2008-08-28 14:41 -------- dc----w- c:\progra~2\WildTangent
    2009-05-26 15:12 . 2008-08-28 14:22 -------- dc----w- c:\program files\Apoint2K
    2009-05-26 15:00 . 2009-05-26 15:00 -------- dc----w- c:\program files\Microsoft Silverlight
    2009-05-26 14:27 . 2008-08-28 14:13 -------- dc----w- c:\program files\CONEXANT
    2009-05-20 15:28 . 2009-05-20 15:28 680 -c--a-w- c:\users\Manu\AppData\Local\d3d9caps.dat
    2009-05-20 15:06 . 2009-05-20 15:06 -------- dc----w- c:\program files\Common Files\LightScribe
    2009-05-20 15:04 . 2009-05-02 15:27 -------- dc----w- c:\program files\Common Files\Ahead
    2009-05-20 15:03 . 2009-05-20 15:03 -------- dc----w- c:\progra~2\Nero
    2009-05-20 14:32 . 2008-03-07 02:34 -------- dc----w- c:\program files\CyberLink
    2009-05-18 18:21 . 2009-05-18 18:21 -------- dc----w- c:\users\Manu\AppData\Roaming\muvee Technologies
    2009-05-18 15:29 . 2008-11-26 19:50 -------- dc----w- c:\program files\Google
    2009-05-17 03:28 . 2009-05-17 03:01 -------- dc----w- c:\program files\vLite
    2009-05-16 18:54 . 2009-05-16 18:54 -------- dc----w- c:\progra~2\LightScribe
    2009-05-13 16:59 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
    2009-05-09 05:50 . 2009-06-11 16:09 915456 -c--a-w- c:\windows\system32\wininet.dll
    2009-05-09 05:34 . 2009-06-11 16:09 71680 -c--a-w- c:\windows\system32\iesetup.dll
    2009-05-09 05:12 . 2009-05-09 05:11 -------- dc----w- c:\users\Manu\AppData\Roaming\Hide IP NG
    2009-05-09 05:11 . 2009-05-09 05:11 676500 -c--a-w- c:\users\Manu\AppData\Roaming\Hide IP NG\hideipng-update.exe
    2009-05-08 11:15 . 2009-05-08 11:15 -------- dc----w- c:\program files\AnalogX
    2009-05-08 09:10 . 2009-05-08 09:10 -------- dc----w- c:\users\Manu\AppData\Roaming\vlc
    2009-05-08 09:03 . 2009-05-08 09:03 -------- dc----w- c:\program files\VideoLAN
    2009-05-08 08:44 . 2009-05-07 20:50 -------- dc----w- c:\program files\Bosco
    2009-05-07 21:14 . 2009-05-07 21:14 2840 -c--a-w- c:\windows\system32\master.dat
    2009-05-06 11:47 . 2009-05-02 15:37 -------- dc----w- c:\users\Manu\AppData\Roaming\Ahead
    2009-05-02 11:39 . 2009-05-02 09:15 4506256 -c--a-w- c:\users\Manu\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
    2009-05-02 08:25 . 2009-05-01 16:41 113768 -c--a-w- c:\users\Manu\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-01 15:55 . 2009-05-01 15:55 1772 -c--a-w- c:\users\Manu\cc_20090501_175512.reg
    2009-05-01 15:55 . 2009-05-01 15:54 213066 -c--a-w- c:\users\Manu\cc_20090501_175446.reg
    2009-05-01 15:34 . 2009-05-01 15:35 410984 -c--a-w- c:\windows\system32\deploytk.dll
    2009-04-30 12:37 . 2009-06-11 16:09 293376 -c--a-w- c:\windows\system32\psisdecd.dll
    2009-04-30 12:37 . 2009-06-11 16:09 428544 -c--a-w- c:\windows\system32\EncDec.dll
    2009-04-23 12:43 . 2009-06-11 16:09 784896 -c--a-w- c:\windows\system32\rpcrt4.dll
    2009-04-23 12:42 . 2009-06-11 16:09 636928 -c--a-w- c:\windows\system32\localspl.dll
    2009-04-21 11:55 . 2009-06-11 16:09 2033152 -c--a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]
    "SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
    "HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-07-30 1647912]
    "SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-10-10 2782536]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
    "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-06-12 1629480]
    "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-06-12 1057064]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2987362739-3616797374-261659195-1002]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{DC9FE3DB-6BE8-4D95-9D7E-4F9EAEE750D9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{06A686F4-75BC-4259-B286-C0B71492019B}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{80323D2D-86FD-4A68-B2E5-6A5ED3F36C3C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{79F4A570-A64F-4420-953E-F5ED533A517D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{C452534D-20AE-4A68-9772-9D3FA7EEE5A7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{4F6CBA60-9E29-4F74-BF24-69743659BEC2}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
    "{C4D1C0D5-8E7E-466C-B774-CEB260858C38}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
    "{AE19856A-724E-450B-A342-4F0FE22FAC98}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
    "{779D3740-621D-4BDB-B91C-07B2647E43C7}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
    "{E69CEF41-3F6E-46D4-A2A1-B78B3BCAC5AC}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{C0F8A603-918A-461A-8D85-04688862F929}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{83A48EE4-088B-4D77-B209-2FD4BF6272B7}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "{FE9CF701-A8C8-4711-83AA-F307631908AF}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "TCP Query User{7C3A8056-1115-47E6-8CAB-98AFFD40F522}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "UDP Query User{A474F558-5277-4C95-972F-C4F9F85AE2E7}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "TCP Query User{177970F5-C45D-4225-A6D0-784D82DC59B3}c:\\users\\manu\\downloads\\superscan4.exe"= UDP:c:\users\manu\downloads\superscan4.exe:superscan4.exe
    "UDP Query User{765962FF-E9F7-4621-812D-0F66C0FB5089}c:\\users\\manu\\downloads\\superscan4.exe"= TCP:c:\users\manu\downloads\superscan4.exe:superscan4.exe
    "{3E3D4243-0A95-4187-83B3-9332BCBE1018}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
    "{3B6E54A6-B0D0-45EE-BC8D-4D49BAB60EC1}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
    "TCP Query User{03E29038-FB3E-4858-915A-64964FC63EE9}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= UDP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
    "UDP Query User{3A81A6EB-27F9-44EC-B812-50D569A207CA}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= TCP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
    "TCP Query User{9C5E7B16-8AB8-47E0-BFC6-8E3E8E0DC452}c:\\program files\\urbanterror\\iourbanterror.exe"= UDP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
    "UDP Query User{7CEE108D-2A11-4650-873F-5D72772A77E3}c:\\program files\\urbanterror\\iourbanterror.exe"= TCP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
    "TCP Query User{62C7D33C-6CBD-424C-933B-F1E5264181F0}c:\\program files\\urbanterror\\iourbanterror.exe"= UDP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
    "UDP Query User{08940F7E-912B-4339-B246-5196F1F1FF5B}c:\\program files\\urbanterror\\iourbanterror.exe"= TCP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 16:22 108289]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [01/05/2009 16:29 1153368]
    S2 gupdate1c9cb4957e9dd91;Google Update Service (gupdate1c9cb4957e9dd91);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2009 19:13 133104]
    S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
    S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\System32\drivers\Ltn_stk7070P.sys [23/05/2009 12:33 466048]
    S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\System32\drivers\Ltn_stkrc.sys [23/05/2009 12:35 13440]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [17/10/2008 18:44 28224]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.ask.com/?o=101677&l=dis
    mWindow Title =
    uInternet Settings,ProxyServer = socks=
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: mappy.com
    Trusted Zone: orange.fr
    Trusted Zone: voila.fr\rw.search.ke
    Trusted Zone: weborama.fr\orange
    FF - ProfilePath - c:\users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\50ff129o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-02 08:31
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(2408)
    c:\program files\OrangeHSS\Launcher\Inactivity.Dll
    .
    Heure de fin: 2009-07-02 8:36
    ComboFix-quarantined-files.txt 2009-07-02 06:36

    Avant-CF: 78 780 514 304 octets libres
    Après-CF: 78 760 316 928 octets libres

    261 --- E O F --- 2009-06-30 18:48
    0
  10. Utilisateur anonyme
     
    Nouvelle mise a jour de firefox.Télécharge ici:http://www.mozilla-europe.org/fr/firefox/
    Firefox 3.5 beaucoup plus sécurisé.
    -------------------------------------------
    Télécharge MSNFix
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le et double clic sur le fichier MSNFix.bat.
    - Exécute l'option R.
    --Si l'infection est détectée, exécute l'option N
    - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

    0
  11. Utilisateur anonyme
     
    Essais de la faire en mode sans echec.
    Redémarre en mode sans échec
    (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
    Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
    0
  12. AZERTY
     
    Le problem ces que le scan se lance et puis plus rien ne se fait même après une heur j'ai lancé le même logiciel sur mon pc de burreau et en 5 min c'était torché
    0
  13. AZERTY
     
    PS
    le portable et sous vista

    et le pc de burreau de sous xp
    0
  14. Utilisateur anonyme
     
    Pour l'instant on laisse de coté msnfix et fait ce qui suit.
    • Télécharge :https://www.superantispyware.com/
    • Choisis "enregistrer" et enregistre-le sur ton bureau.
    • Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.
    • Créé une icône sur le bureau.
    • Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.
    • Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    • Sous Configuration and Preferences, clique sur le bouton "Preferences"
    • Clique sur l'onglet "Scanning Control "
    • Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining
    • Laisse les autres lignes décochées.
    • Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.
    • Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".
    • Dans la colonne de gauche, coche C:\Fixed Drive.
    • Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"
    • Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.
    • A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.
    • Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".
    • Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.
    • Pour recopier les informations sur le forum, fais ceci :
    • après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
    • Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
    • Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.
    • Le rapport va s'ouvrir dans ton éditeur de texte par défaut.
    • Copie son contenu dans ta réponse.
    • Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
    https://www.malekal.com/?s=SUPERAntiSpyware

    0
  15. AZERTY
     
    Voici le rapport ce qui est de la quarantaine ces fait

    SUPERAntiSpyware Scan Log
    https://www.superantispyware.com/

    Generated 07/02/2009 at 11:50 PM

    Application Version : 4.26.1006

    Core Rules Database Version : 3967
    Trace Rules Database Version: 1894

    Scan type : Complete Scan
    Total Scan Time : 02:22:00

    Memory items scanned : 782
    Memory threats detected : 0
    Registry items scanned : 8415
    Registry threats detected : 0
    File items scanned : 84273
    File threats detected : 5

    Adware.Tracking Cookie
    C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@msnportal.112.2o7[2].txt
    C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@atdmt[3].txt
    C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@serving-sys[2].txt
    C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@xiti[1].txt
    C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@bs.serving-sys[1].txt
    0
  16. Utilisateur anonyme
     
    • Télécharger sur le bureau : Yoog fix
    • Double cliquez sur l'icône, une fenêtre d'avertissement d'usage apparaît cliquez sur OK si vous êtes d'accord.
    • Yoog_Fix se lance tapez 1 et validez par Entrée lorsque celui-ci vous demande votre choix .
    • Le logiciel commence à rechercher des traces de l'infection .
    • Une fois la recherche terminée, une fenêtre s'affiche et vous demande d'appuyer sur une touche quelconque du clavier pour continuer la procédure, suivez cette recommandation .
    • Le rapport s'ouvre, le but est maintenant de le poster dans un message sur le forum. Pour copier-coller le texte, utilisez le menu Edition / Sélectionner tout (ou CTRL + A) .
    • Pour mettre le texte en mémoire, copiez le toujours via le menu Edition / Copier (ou CTRL + C).
    • Collez ensuite le rapport sur le Forum pour que l'on vous indique la marche à suivre pour vous débarrasser de Yoog search.
    0
  17. AZERTY
     
    Voici le rapport
    Yoog_Fix 3.0.0 de Batch_Man | Manu (Administrateur)
    Debut a 21:57 le 03/07/2009
    Microsoft® Windows Vista(6.0.6001)

    Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
    Ram : 2037,3 Mo
    Normal boot

    UAC : OFF
    Lancé de "C:\Users\Manu\Desktop\Yoog_Fix.bat"

    C:\ [Fixed] - NTFS - (Total:103010 Mo/Free:3793 Mo)
    D:\ [Fixed] - NTFS - (Total:11460 Mo/Free:2411 Mo)
    E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

    Option [1] 2 3 Recherche / Suppression

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]

    ------------[Suspects]

    Aucun fichier suspect trouvé

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»» [Recherche: Analyse de Firefox]

    ------------[Analyse de Firefox]

    Mozilla Firefox 3.5 (fr)
    Répertoire d'installation : C:\Program Files\Mozilla Firefox 3.1 Beta 3
    Path: C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\50ff129o.default

    ------------[Extensions Firefox]

    [Manu] foxmarks@kei.com = Xmarks
    [Manu] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
    [Manu] {635abd67-4fe9-1b23-4f01-e679fa7484c1} = Yahoo! Toolbar
    [Manu] {E9A1DEE0-C623-4439-8932-001E7D17607D} = Ask Toolbar for Firefox

    {20a82645-c095-46ed-80e3-08825760534b} = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ------------[Mozilla Plugins]

    Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
    ProductName = Adobe© Flash© Player Plugin
    Vendor = Adobe Systems Incorporated
    Version = 10.0.22.87

    Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
    ProductName = Adobe Shockwave Player
    Vendor = Adobe Systems Inc.
    Version = 1150596

    GeckoVersion = 1.7.5
    Path = c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll
    ProductName = Ag Player
    Vendor = Microsoft
    Version = 2.0

    GeckoVersion = 1.7.2
    Path = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    ProductName = Windows Presentation Foundation
    Vendor = Microsoft Corp.
    Version = 3.5

    Path = C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    ProductName = Google Update
    Vendor = Google
    Version = 8

    Path = C:\Program Files\VideoLAN\VLC\npvlc.dll
    Vendor = VideoLAN
    Version = 0.9.9

    Path = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    XPTPath = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
    ProductName = Viewpoint Media Player
    Vendor = Viewpoint Corporation

    ------------[Plugins de recherche]

    ------------[Listing de dossiers]

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]

    Internet Explorer : 8.0.6001.18783

    L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr/
    L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    L1 = HKLM\..\Main.Window Title =
    L1 = HKCU\..\Main.Start Page = https://www.ask.com/?o=101677&l=dis
    L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L1 = HKU\S-1-5-21-2987362739-3616797374-261659195-1002\..\Main.Start Page = https://www.ask.com/?o=101677&l=dis
    L1 = HKU\S-1-5-21-2987362739-3616797374-261659195-1002\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
    L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
    L2 = HKCU\..\Internet Settings.ProxyServer = socks=

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    NoAdd-ons = res://ieframe.dll/noaddon.htm
    NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
    SecurityRisk = res://ieframe.dll/securityatrisk.htm
    Tabs = res://ieframe.dll/tabswelcome.htm
    NavigationFailure = res://ieframe.dll/navcancl.htm
    DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
    NavigationCanceled = res://ieframe.dll/navcancl.htm
    OfflineInformation = res://ieframe.dll/offcancl.htm
    Home = 0x10e
    blank = res://mshtml.dll/blank.htm
    PostNotCached = res://ieframe.dll/repost.htm
    InPrivate = res://ieframe.dll/inprivate.htm

    --------[Browser Helper Object]

    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=AcroIEHelperStub
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408},@SANS NOM=NCO 2.0 IE BHO
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=(valeur non d‚finie)
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=(valeur non d‚finie)

    --------[SearchScopes]

    [HKEY_USERS\S-1-5-21-2987362739-3616797374-261659195-1002\..\SearchScopes],@DefaultScope=Yahoo!
    [HKEY_USERS\S-1-5-21-2987362739-3616797374-261659195-1002\..\SearchScopes\Yahoo!],@DisplayName=Yahoo! Search
    [HKEY_USERS\S-1-5-21-2987362739-3616797374-261659195-1002\..\SearchScopes\{2F6C80C2-7EEF-4EF4-AACA-7CAC368E30E5}],@DisplayName=Kelkoo
    [HKEY_USERS\S-1-5-21-2987362739-3616797374-261659195-1002\..\SearchScopes\{D799181A-90EF-43F5-8619-5785C84E2914}],@DisplayName=AOL Recherche
    [HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope=Yahoo!
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={EA383AB2-5729-438D-B516-36E44C5EEDAD}
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F6C80C2-7EEF-4EF4-AACA-7CAC368E30E5}],@DisplayName=Kelkoo
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA383AB2-5729-438D-B516-36E44C5EEDAD}],@DisplayName=AOL Recherche
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Yahoo!],@DisplayName=Yahoo! Search
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F6C80C2-7EEF-4EF4-AACA-7CAC368E30E5}],@DisplayName=Kelkoo
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D799181A-90EF-43F5-8619-5785C84E2914}],@DisplayName=AOL Recherche

    --------[Extensions]

    --------[Clé Run]

    ------------[Autres infections]

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»[Autres rapports]

    [03/07/2009 22:00] C:\Yoog_Fix\Logs\Rapport_03_07_2009_n3.txt - (Choix 1 : Recherche / Suppression)

    -------------------------->>

    Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_03_07_2009_3.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
    Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html

    Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com

    +--------------[Fin à 22h 00min]
    0
  18. Utilisateur anonyme
     
    • \ !/Utilisateurs de Vista, il est nécessaire de désactiver l'UAC (contrôle des comptes utilisateurs) comme expliqué : ici

    Maintenant retentes msnfix en désactivant l'uac.

    Télécharge MSNFix
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le et double clic sur le fichier MSNFix.bat.
    - Exécute l'option R.
    --Si l'infection est détectée, exécute l'option N
    - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
    0