Sujet Précédent Sujet Suivant

Infection

laurent91130 -  
 Utilisateur anonyme -
Bonjour,
j'ai des problemes pour me connecter,en cliquant sur des liens.
souvent ,lorsque je clique,internet se coupe puis reprend,ce qui fait que je ne peux avoir acces a certains sites.
sans compter les spams de pub dont je n'arrive pas a me defaire....
merci pour votre aide
cordialement

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michon at 2010-01-04 10:23:56
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 186 GB (63%) free of 295 GB
Total RAM: 3325 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:02, on 04/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\SFR\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michon\Desktop\RSIT.exe
C:\Program Files\trend micro\Michon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{1c491116-c175-45e1-a570-6fb14fea8b7b} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www8.agame.com/games/shockwave/r/r-style_supreme/r-style_supreme_jeu_fr.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD0728E6-6908-4387-B76B-836CA23D302C}: NameServer = 86.64.145.147 84.103.237.147
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Service Google Update (gupdate1c9d87378fba237) (gupdate1c9d87378fba237) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice129.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13141 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Maintenance en 1 clic.job
C:\Windows\tasks\User_Feed_Synchronization-{F85E3233-652B-4353-B36B-FD82A186659E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
Automated Content Enhancer - C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll [2009-12-10 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-09-12 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-29 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-26 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
Content Management Wizard - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll [2009-12-11 1323008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
Textual Content Provider - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll [2009-12-09 376832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{1c491116-c175-45e1-a570-6fb14fea8b7b} - PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-07-02 2215960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-29 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4452352]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]
"F-Secure Manager"=C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE [2009-04-06 182936]
"F-Secure TNB"=C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe [2009-04-06 957024]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-12 198160]
"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2009-10-14 104408]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-01 2033432]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-29 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-16 102400]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2009-10-14 292824]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent []

C:\Users\Michon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-02-14 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9612469-fa8b-11dd-a92e-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb0cf908-d1d8-11de-8b05-e5d9022f5fa5}]
shell\AutoRun\command - J:\LaunchU3.exe -a

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-04 10:16:25 ----D---- C:\rsit
2010-01-04 10:16:25 ----D---- C:\Program Files\trend micro
2009-12-30 14:37:53 ----D---- C:\Windows\pss
2009-12-13 10:27:38 ----D---- C:\Program Files\Windows Portable Devices
2009-12-13 10:10:59 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-12-13 10:10:59 ----A---- C:\Windows\system32\UIRibbon.dll
2009-12-13 10:10:59 ----A---- C:\Windows\system32\UIAnimation.dll
2009-12-13 10:10:14 ----A---- C:\Windows\system32\WMPhoto.dll
2009-12-13 10:10:14 ----A---- C:\Windows\system32\cdd.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\xpsservices.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\XpsPrint.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-12-13 10:10:13 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\OpcServices.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\FntCache.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\dxgi.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\dxdiagn.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\dxdiag.exe
2009-12-13 10:10:13 ----A---- C:\Windows\system32\DWrite.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\d3d11.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\d3d10warp.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\d3d10level9.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\d3d10core.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\d3d10_1.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\d3d10.dll
2009-12-13 10:10:13 ----A---- C:\Windows\system32\d2d1.dll
2009-12-13 10:09:40 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-12-13 10:09:40 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-12-13 10:09:40 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-12-13 10:09:37 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\WPDSp.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\wpdshext.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\WpdMtp.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\WpdConns.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\wpd_ci.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-12-13 10:09:35 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-12-13 10:08:43 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-12-13 10:08:43 ----A---- C:\Windows\system32\oleaccrc.dll
2009-12-13 10:08:43 ----A---- C:\Windows\system32\oleacc.dll
2009-12-12 15:21:53 ----D---- C:\Windows\system32\vi-VN
2009-12-12 15:21:53 ----D---- C:\Windows\system32\eu-ES
2009-12-12 15:21:53 ----D---- C:\Windows\system32\ca-ES
2009-12-12 15:07:16 ----A---- C:\Windows\system32\javaws.exe
2009-12-12 15:07:16 ----A---- C:\Windows\system32\javaw.exe
2009-12-12 15:07:16 ----A---- C:\Windows\system32\java.exe
2009-12-12 14:57:32 ----D---- C:\ProgramData\Apple Computer
2009-12-12 14:57:32 ----D---- C:\Program Files\QuickTime
2009-12-12 14:51:23 ----D---- C:\Windows\system32\EventProviders
2009-12-12 13:06:13 ----A---- C:\Windows\PROTOCOL.INI
2009-12-12 13:06:13 ----A---- C:\Windows\AKA2.INI
2009-12-12 13:06:02 ----D---- C:\Program Files\Akakliké 2
2009-12-12 13:05:38 ----A---- C:\Windows\unin040c.exe
2009-12-12 09:25:58 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 09:25:56 ----A---- C:\Windows\system32\httpapi.dll
2009-12-11 18:45:09 ----D---- C:\ProgramData\QuestService
2009-12-11 18:45:09 ----D---- C:\Program Files\QuestService
2009-12-11 18:45:00 ----D---- C:\Program Files\Textual Content Provider
2009-12-11 18:44:50 ----D---- C:\Program Files\Content Management Wizard
2009-12-11 18:44:36 ----D---- C:\Program Files\Internet Today
2009-12-11 18:44:26 ----D---- C:\Program Files\Customized Platform Advancer
2009-12-11 18:44:16 ----D---- C:\Program Files\Automated Content Enhancer
2009-12-11 18:44:08 ----D---- C:\Program Files\Web Search Operator
2009-12-11 18:43:46 ----D---- C:\Program Files\Gameztar Toolbar
2009-12-10 20:07:23 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 20:07:20 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 20:07:19 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 20:07:18 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 20:07:18 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 20:07:18 ----A---- C:\Windows\system32\occache.dll
2009-12-10 20:07:18 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-10 20:07:18 ----A---- C:\Windows\system32\iertutil.dll
2009-12-10 20:07:18 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-10 20:07:17 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-10 20:07:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-10 20:07:17 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-10 20:07:17 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-10 20:07:17 ----A---- C:\Windows\system32\ieui.dll
2009-12-10 20:07:17 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-10 20:07:17 ----A---- C:\Windows\system32\iesetup.dll
2009-12-10 20:07:17 ----A---- C:\Windows\system32\iernonce.dll
2009-12-10 20:07:17 ----A---- C:\Windows\system32\iepeers.dll
2009-12-10 20:07:17 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-10 20:06:53 ----A---- C:\Windows\system32\rastls.dll

======List of files/folders modified in the last 1 months======

2010-01-04 10:23:53 ----D---- C:\Windows\Temp
2010-01-04 10:23:24 ----D---- C:\Windows\Prefetch
2010-01-04 10:16:25 ----RD---- C:\Program Files
2010-01-04 09:57:03 ----D---- C:\Windows
2010-01-04 09:37:33 ----SHD---- C:\System Volume Information
2010-01-04 09:35:34 ----D---- C:\Windows\Tasks
2010-01-03 20:25:43 ----D---- C:\Windows\tracing
2010-01-02 14:50:33 ----D---- C:\Program Files\Electronic Arts
2010-01-02 14:50:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-29 19:45:29 ----D---- C:\Windows\system32\catroot2
2009-12-28 09:34:01 ----D---- C:\Program Files\OpenAL
2009-12-27 19:34:32 ----SHD---- C:\Windows\Installer
2009-12-27 19:34:26 ----D---- C:\Program Files\PC Connectivity Solution
2009-12-27 19:34:21 ----D---- C:\Windows\system32\catroot
2009-12-27 19:34:20 ----D---- C:\Windows\inf
2009-12-27 19:33:50 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-27 19:33:12 ----D---- C:\Windows\System32
2009-12-27 19:32:11 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-27 15:38:08 ----D---- C:\ProgramData\Roxio
2009-12-24 09:50:42 ----D---- C:\ProgramData\avg9
2009-12-24 00:08:53 ----D---- C:\ProgramData\AVG Security Toolbar
2009-12-23 22:50:40 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-21 11:51:16 ----D---- C:\Program Files\Google
2009-12-20 14:29:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-17 20:41:04 ----HD---- C:\ProgramData
2009-12-17 20:41:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-17 13:44:05 ----D---- C:\Users\Michon\AppData\Roaming\EoRezo
2009-12-17 09:33:22 ----D---- C:\Windows\Debug
2009-12-13 11:08:09 ----D---- C:\Windows\Microsoft.NET
2009-12-13 11:08:03 ----RSD---- C:\Windows\assembly
2009-12-13 10:46:35 ----D---- C:\Windows\rescache
2009-12-13 10:33:33 ----D---- C:\Windows\system32\Tasks
2009-12-13 10:27:42 ----D---- C:\Windows\system32\fr-FR
2009-12-13 10:27:39 ----D---- C:\Windows\system32\drivers
2009-12-13 10:27:36 ----D---- C:\Windows\system32\wbem
2009-12-13 10:27:33 ----D---- C:\Windows\system32\zh-HK
2009-12-13 10:27:33 ----D---- C:\Windows\system32\uk-UA
2009-12-13 10:27:33 ----D---- C:\Windows\system32\sl-SI
2009-12-13 10:27:33 ----D---- C:\Windows\system32\pt-PT
2009-12-13 10:27:33 ----D---- C:\Windows\system32\pt-BR
2009-12-13 10:27:33 ----D---- C:\Windows\system32\pl-PL
2009-12-13 10:27:33 ----D---- C:\Windows\system32\nl-NL
2009-12-13 10:27:33 ----D---- C:\Windows\system32\ko-KR
2009-12-13 10:27:33 ----D---- C:\Windows\system32\it-IT
2009-12-13 10:27:33 ----D---- C:\Windows\system32\hu-HU
2009-12-13 10:27:33 ----D---- C:\Windows\system32\hr-HR
2009-12-13 10:27:33 ----D---- C:\Windows\system32\he-IL
2009-12-13 10:27:33 ----D---- C:\Windows\system32\el-GR
2009-12-13 10:27:33 ----D---- C:\Windows\system32\bg-BG
2009-12-13 10:27:32 ----D---- C:\Windows\system32\zh-TW
2009-12-13 10:27:32 ----D---- C:\Windows\system32\zh-CN
2009-12-13 10:27:32 ----D---- C:\Windows\system32\tr-TR
2009-12-13 10:27:32 ----D---- C:\Windows\system32\th-TH
2009-12-13 10:27:32 ----D---- C:\Windows\system32\sv-SE
2009-12-13 10:27:32 ----D---- C:\Windows\system32\sr-Latn-CS
2009-12-13 10:27:32 ----D---- C:\Windows\system32\sk-SK
2009-12-13 10:27:32 ----D---- C:\Windows\system32\ru-RU
2009-12-13 10:27:32 ----D---- C:\Windows\system32\ro-RO
2009-12-13 10:27:32 ----D---- C:\Windows\system32\nb-NO
2009-12-13 10:27:32 ----D---- C:\Windows\system32\lv-LV
2009-12-13 10:27:32 ----D---- C:\Windows\system32\lt-LT
2009-12-13 10:27:32 ----D---- C:\Windows\system32\ja-JP
2009-12-13 10:27:32 ----D---- C:\Windows\system32\fi-FI
2009-12-13 10:27:32 ----D---- C:\Windows\system32\et-EE
2009-12-13 10:27:32 ----D---- C:\Windows\system32\es-ES
2009-12-13 10:27:32 ----D---- C:\Windows\system32\en-US
2009-12-13 10:27:32 ----D---- C:\Windows\system32\de-DE
2009-12-13 10:27:32 ----D---- C:\Windows\system32\da-DK
2009-12-13 10:27:32 ----D---- C:\Windows\system32\cs-CZ
2009-12-13 10:27:32 ----D---- C:\Windows\system32\ar-SA
2009-12-13 10:11:11 ----D---- C:\Windows\winsxs
2009-12-12 16:03:44 ----AD---- C:\ProgramData\TEMP
2009-12-12 15:42:08 ----D---- C:\ProgramData\Adobe
2009-12-12 15:28:46 ----SHD---- C:\Boot
2009-12-12 15:22:27 ----D---- C:\Program Files\Windows Mail
2009-12-12 15:22:27 ----D---- C:\Program Files\Windows Calendar
2009-12-12 15:22:27 ----D---- C:\Program Files\Movie Maker
2009-12-12 15:22:26 ----D---- C:\Program Files\Windows Sidebar
2009-12-12 15:22:26 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-12 15:22:26 ----D---- C:\Program Files\Windows Media Player
2009-12-12 15:22:26 ----D---- C:\Program Files\Windows Journal
2009-12-12 15:22:26 ----D---- C:\Program Files\Windows Collaboration
2009-12-12 15:22:26 ----D---- C:\Program Files\Internet Explorer
2009-12-12 15:22:26 ----D---- C:\Program Files\Common Files\System
2009-12-12 15:22:24 ----D---- C:\Windows\servicing
2009-12-12 15:22:24 ----D---- C:\Windows\ehome
2009-12-12 15:22:24 ----D---- C:\Program Files\Windows Defender
2009-12-12 15:22:21 ----D---- C:\Windows\system32\XPSViewer
2009-12-12 15:22:21 ----D---- C:\Windows\system32\oobe
2009-12-12 15:22:21 ----D---- C:\Windows\system32\migration
2009-12-12 15:22:21 ----D---- C:\Windows\system32\fr
2009-12-12 15:22:21 ----D---- C:\Windows\IME
2009-12-12 15:22:20 ----D---- C:\Windows\system32\AdvancedInstallers
2009-12-12 15:22:13 ----D---- C:\Windows\system32\SLUI
2009-12-12 15:22:13 ----D---- C:\Windows\system32\setup
2009-12-12 15:22:13 ----D---- C:\Windows\system32\manifeststore
2009-12-12 15:22:11 ----D---- C:\Windows\system32\migwiz
2009-12-12 15:22:00 ----RSD---- C:\Windows\Fonts
2009-12-12 15:22:00 ----D---- C:\Windows\AppPatch
2009-12-12 15:21:53 ----D---- C:\Windows\system32\Boot
2009-12-12 15:19:45 ----D---- C:\Windows\system32\RTCOM
2009-12-12 15:08:38 ----D---- C:\Program Files\Common Files\Adobe
2009-12-12 15:07:15 ----D---- C:\Program Files\Java
2009-12-10 15:43:18 ----D---- C:\Windows\system32\config
2009-12-10 15:43:08 ----D---- C:\Windows\system32\spool
2009-12-10 15:43:08 ----D---- C:\Windows\system32\Msdtc
2009-12-10 15:43:08 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-10 15:43:05 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-11-29 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-11-29 28424]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-11-29 360584]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-21 3591168]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-11 1773536]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PLCMP532;PLCMP532 NDIS Protocol Driver; C:\Windows\System32\Drivers\PLCMP532.sys []
S3 PLCND532;PLCND532 NDIS Protocol Driver; C:\Windows\System32\Drivers\PLCND532.sys [2007-08-08 26656]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-21 3591168]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-21 675840]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-29 285392]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE [2009-04-06 117400]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-04-07 233472]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe [2009-04-06 490080]
S2 gupdate1c9d87378fba237;Service Google Update (gupdate1c9d87378fba237); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-19 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-19 183280]
S2 QuestService Service;QuestService Service; C:\ProgramData\QuestService\questservice129.exe [2009-12-04 58744]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-09-02 69120]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-02-14 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------
Configuration: Windows Vista Internet Explorer 7.0

49 réponses

  • 1
  • 2
  • 3
Réponse 1 / 49
Utilisateur anonyme
 
salut

fais ceci , dans cette ordre

désactives l'UAC : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

AD-Remover (créé par C_XX) :

* Rends-toi à cette adresseafin de télécharger AD-Remover (créé par C_XX)
* Clique sur TÉLÉCHARGER et enregistre-le sur ton bureau.
* Double clique sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
* Au menu principal choisi l'option "L" et tape sur [entrée] .
* Laisse travailler l'outil et ne touche à rien ...
* Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

--------------------------------------------------------------------------------------------------

* Télécharge ToolbarSD (de Team IDN) sur ton Bureau
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

0
Réponse 2 / 49
laurent91130
 
merci oxo79
lors de la manip,j'ai un message comme quoi le controle des comptes utilisateur est actif et il ne peut continuer???
0
Réponse 3 / 49
laurent91130
 
ok desole c'est bon pour ca,mais j'ai search and destroy qui bloque maintenant!!
merci
0
Réponse 4 / 49
laurent91130
 
ah ,autre chose!
dois je reactiver l'uac apres la manip?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 49
Utilisateur anonyme
 
désolé

désactives le teatimer de spybot : https://www.commentcamarche.net/telecharger/securite/20939-spybot-search-and-destroy/

je te dirai quand réactiver l'UAC
0
Réponse 6 / 49
laurent91130
 
ci-joint le rapport:

======= RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 03.01.2010 à 17:35
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:44:10, 04/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-MICHON | Utilisateur actuel: Michon

.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Program Files\Automated Content Enhancer
C:\Program Files\Content Management Wizard
C:\Program Files\Customized Platform Advancer
C:\Program Files\Gameztar Toolbar
C:\Program Files\Internet Today
C:\Program Files\QuestService
C:\Program Files\Textual Content Provider
C:\Program Files\Web Search Operator
C:\Users\Michon\AppData\Roaming\EoRezo
C:\Users\Michon\AppData\Local\Textual Content Provider
C:\Users\Michon\AppData\LocalLow\Automated Content Enhancer
C:\Users\Michon\AppData\LocalLow\Customized Platform Advancer
C:\Users\Michon\AppData\LocalLow\Textual Content Provider
C:\ProgramData\QuestService
C:\ProgramData\Trymedia

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\appdatalow\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
HKCU\software\appdatalow\software\Automated Content Enhancer
HKCU\software\appdatalow\software\CMW
HKCU\software\appdatalow\software\Customized Platform Advancer
HKCU\software\appdatalow\software\Media Access Startup
HKCU\software\appdatalow\software\Web Search Operator
HKCU\software\Automated Content Enhancer
HKCU\software\CMW
HKCU\software\EoRezo
HKCU\Software\Microsoft\Explorer\Bars\{B72681C0-A222-4b21-A0E2-53A5A5CA3D411}
HKCU\Software\Microsoft\Explorer\Bars\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKCU\software\microsoft\internet explorer\searchscopes\{342168F8-AE4A-41E8-A6B5-8FB9FECBEF37}
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} ... [b]ERREUR SUPPRESSION !!/b
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}
HKLM\software\appdatalow\software\Automated Content Enhancer
HKLM\software\appdatalow\software\Customized Platform Advancer
HKLM\software\appdatalow\software\Internet Today
HKLM\software\appdatalow\software\Web Search Operator
HKLM\software\Automated Content Enhancer
HKLM\Software\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}
HKLM\Software\Classes\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}
HKLM\Software\Classes\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKLM\software\classes\ExplorerBar.CMW
HKLM\software\classes\ExplorerBar.CMW.1
HKLM\software\classes\ExplorerBar.TCP
HKLM\software\classes\ExplorerBar.TCP.1
HKLM\Software\Classes\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78}
HKLM\Software\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}
HKLM\Software\Classes\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF}
HKLM\Software\Classes\TypeLib\{2A743834-05F4-4ED4-8A1C-41332B10AC0C}
HKLM\Software\Classes\TypeLib\{565DD573-549E-4DA9-8CD7-6AE3DF25339A}
HKLM\Software\Classes\TypeLib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA}
HKLM\Software\Classes\TypeLib\{F5B8C69C-9B45-4A6A-9380-DF225C546AE7}
HKLM\software\EoRezo
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40574696-DB17-4512-A79C-FB6086F15C65}
HKLM\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKLM\software\microsoft\windows\currentversion\uninstall\QuestService
HKLM\Software\Mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}
HKLM\Software\Mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}
HKLM\Software\Mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}
HKLM\software\QuestService
HKLM\software\Trymedia Systems
HKU\s-1-5-21-1307762949-3349353204-2099759575-1000\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18865 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Use Search Asst: no
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: 9b6075b1b160ca01
Start Page Redirect Cache AcceptLangs: fr
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Enable Browser Extensions: yes
Use Search Asst: no
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\All Users\SupportSoft\DellSupportCenter\SYSTEM\data\sprt_job\d63e9168-7ce1-433d-b080-b34ac7b39a94.2\vault\DS\DSCPatch_2_2_08298_2.2.exe
C:\Users\Michon\AppData\Local\SupportSoft\dellsupportcenter\Michon\data\sprt_job\d63e9168-7ce1-433d-b080-b34ac7b39a94.2\vault\DS\DSCPatch_2_2_08298_2.2.exe
C:\Users\Michon\AppData\Local\SupportSoft\dellsupportcenter\Michon\exec\DSCPatch_2_2_08298_2.2.exe
.
===================================
.
7347 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
0 Fichier(s) - C:\Users\Michon\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
0 Fichier(s) - C:\Windows\Prefetch
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
493 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 13:47:06 | 04/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.

merci
0
Réponse 7 / 49
Utilisateur anonyme
 
bien

et le rapport toolsbarSD ?
0
laurent91130
 
desole!
impossible de le telecharger.oups!!
0
Réponse 8 / 49
Utilisateur anonyme
 
ok , on réessaiera plus tard

fait ceci

Malwarebytes' Anti-Malware

* Télécharge Malwarebytes
* Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
* Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
* Lance une analyse complète en cliquant sur "Exécuter un examen complet"
* Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
* L'analyse peut durer un bon moment.....
* Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
* Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
* Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée

les createurs d'infection utilisent les emplacements des fichiers système pour hébérger les infections, d'ou les fichiers . dll ou exe dans ces series d'infections.
MABM est très régulièrement mis à jour pour ne pas supprimer les fichiers légitimes de windows, donc pas de crainte pour ce côté là.

---------------------------------------------------------------------

fait un nouveau rsit (tu n'auras plus que le fichier log.txt , postes-le)
0
Réponse 9 / 49
laurent91130
 
merci pour ta patience
voici le rapport:

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3492
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

04/01/2010 19:27:54
mbam-log-2010-01-04 (19-27-54).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 269953
Temps écoulé: 1 hour(s), 7 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 10 / 49
Utilisateur anonyme
 
bien

relances malwarebytes , onglet quarantaine et supprimes tout

postes un nouveau rsit , stp
0
Réponse 11 / 49
laurent91130
 
et....dois je reactiver l'UAC ?
0
Réponse 12 / 49
laurent91130
 
euh! je dois lancer un nouveau scan complet?
0
Réponse 13 / 49
Utilisateur anonyme
 
non pour L'uac

refais un scan complet , et poste le rapport log.txt
0
Réponse 14 / 49
laurent91130
 
voici le resultat du scan:

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3492
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

04/01/2010 21:24:42
mbam-log-2010-01-04 (21-24-42).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 270261
Temps écoulé: 1 hour(s), 0 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 15 / 49
laurent91130
 
rapport toolbar:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Michon ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:288 Go (Free:181 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:4 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 05/01/2010| 9:55 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 05/01/2010| 9:56 - Option : [1]

-----------\\ Fin du rapport a 9:56:00,86
0
Réponse 16 / 49
mickael595 Messages postés 60 Statut Membre
 
la meilleur solution c de le formater votre pc et votre pc va automatiquement va remarre a zéro bien sur si vous pouvais récupère des dossier perso essai tjr mai c risque question quel été votre antivirus ps si probleme ete resolu atten reponse
0
Réponse 17 / 49
laurent91130
 
bonjour,
j'ai tout remis en configuration d'origine et je me suis debarasse (apparement)de mes problemes!
merci pour votre aide.
cordialement
0
Réponse 18 / 49
Utilisateur anonyme
 
bonjour

tu as reformaté ?
0
Réponse 19 / 49
laurent91130
 
bonsoir oxo79,
non,je n'ai pas reformate l'ordi mais tout fonctionne impec!!
faut il le faire'?
je ne vais pas perdre mes donnees?
0
Réponse 20 / 49
Utilisateur anonyme
 
salut

ne reformates pas , c'est la dernière chose à faire.

j'ai tout remis en configuration d'origine ==> tu as fait quoi exactement ?

peux tu ne faire juste un dernier scan rsit , stp
0
  • 1
  • 2
  • 3

Discussions similaires

Infection
toast3r -
toast3r -

44 réponses
infection
céline0034 -
totobetourne -

12 réponses
infection
gladiator1952 -
gladiator1952 -

6 réponses
problème infection ?
emma -
juju666 -

76 réponses
Avast detecte une menace "infection URL:MAL"
elbreton -
cloclomaz -

36 réponses