Se connecter / S'enregistrer
Votre question

Virus / cheval de troie

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Avril 2011 09:22:39

Bonjour

Ma navigation sur internet est très lente, je pense avoir des virus

Je vous communique le rapport hijackthis ci-dessous

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:07:30, on 08/04/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\OfferBox\OfferBox.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Hbijohese] rundll32.exe "C:\Users\Mathieu\AppData\Local\WMPlosrv.dll",Startup
O4 - HKCU\..\Run: [k70ccreloc.exe] C:\Users\Mathieu\AppData\Roaming\9827B977729D27FC30BE0F85C0C2501F\k70ccreloc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Antimalware Doctor.lnk = C:\Users\Mathieu\AppData\Roaming\9827B977729D27FC30BE0F85C0C2501F\k70ccreloc.exe
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Mathieu\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www3.tellmemorecampus.com
O15 - Trusted Zone: http://www3.tellmemorecampus.com (HKLM)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMService - Lxfsi Software - C:\Windows\TEMP\frus\setup.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Commext (commext.exe) - Unknown owner - C:\Windows\system32\commext.exe
O23 - Service: Service Google Update (gupdate1c9e2a1154758ec) (gupdate1c9e2a1154758ec) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10363 bytes


Merci d'avance,

Bonne journée

Autres pages sur : virus cheval troie

9 Avril 2011 20:22:53

Voici:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 20:18:11 le 09/04/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium (X86)
Mathieu@MATHIEUF (FUJITSU SIEMENS AMILO La1703)

============== RECHERCHE ==============


Fichier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Dossier trouvé: C:\Users\Mathieu\AppData\Roaming\OfferBox
Dossier trouvé: C:\Program Files\OfferBox

Clé trouvée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Clé trouvée: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
Clé trouvée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer
Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Clé trouvée: HKU\.DEFAULT\Software\OfferBox
Clé trouvée: HKU\S-1-5-18\Software\OfferBox
Clé trouvée: HKLM\Software\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé trouvée: HKCU\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Valeur trouvée: HKCU\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [2.0.0.2 (fr)] ****

Plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)
Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)
HKLM_MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 (x)
HKLM_MozillaPlugins\@veoh.com/VeohTVPlugin (x)
HKLM_MozillaPlugins\@veoh.com/VeohWebPlayer (x)
HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x)
HKCU_MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21 (x)
Components\jar50.dll (Mozilla Foundation)
Components\jsd3250.dll (Mozilla Foundation)
Components\myspell.dll (Mozilla Foundation)
Components\nsBookmarkTransactionManager.js
Components\nsCloseAllWindows.js
Components\nsDictionary.js
Components\nsPostUpdateWin.js
Components\nsUrlClassifierTable.js
Components\nsXmlRpcClient.js
Components\spellchk.dll (Mozilla Foundation)
Components\xpinstal.dll (Mozilla Foundation)
Extensions\divx@partners.mozilla.com (DivX Settings)
Extensions\talkback@mozilla.org (Talkback)
HKLM_Extensions|{3112ca9c-de6d-4884-a869-9855de68056c} - C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
HKCU_Extensions|web@veoh.com - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
HKCU_Extensions|offerboxffx@offerbox.com - C:\Users\Mathieu\AppData\Roaming\OfferBox\offerboxffx@offerbox.com

-- C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\dnrk2f30.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
User.js - keyword.URL, hxxp://redirecterror.sfr.fr/?q=
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.search.selectedEngine, Live Search
Prefs.js - browser.startup.homepage, hxxp://fr.msn.com/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.8.1.2
Prefs.js - keyword.URL, hxxp://redirecterror.sfr.fr/?q=

========================================

**** Internet Explorer Version [7.0.6000.17037] ****

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKCU_SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} - "Search" (hxxp://www.searchinggate.com/index.php?b=1&t=1&q={searchTerms})
HKLM_Toolbar|{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} (C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll)
HKCU_ElevationPolicy\{2F8FD65A-8DCA-45FD-81AB-1EF34A4839C5} - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
HKCU_ElevationPolicy\{87D3BCDA-C114-46D6-9829-45EE4D258ACF} - C:\Program Files\DivX\DivX Player\DivX Player.exe (DivX, Inc)
HKCU_ElevationPolicy\{B5A027C5-180B-4A2A-B45A-D268F24FA491} - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)
HKCU_ElevationPolicy\{C0BFE6B8-B3F2-49FC-AF65-78405154CC3A} - C:\Program Files\WinRAR\WinRAR.exe (?)
HKCU_ElevationPolicy\{CF744D25-FE95-4697-B1A8-19E1E5BBFDD1} - C:\Windows\System32\Macromed\Flash\FlashUtil9e.exe (x)
HKCU_ElevationPolicy\{D301D9F5-3F10-4F19-8885-AF42F669F742} - C:\Program Files\OpenOffice.org 2.3\program\swriter.exe (?)
HKCU_ElevationPolicy\{EBF3D391-44E0-4424-9BDF-E1AF5EFC17A8} - C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)
HKLM_ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB} - C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services Limited)
HKLM_ElevationPolicy\{87AF076E-D86D-4E87-ADDD-F05804E1F150} - C:\Program Files\VirginMega\DownloadManager\DMFacade.exe (VirginMega)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files\SFR\Kit\9launch.exe (SFR)
HKLM_Extensions\{5067A26B-1337-4436-8AFE-EE169C2DA79F} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre6\bin\ssv.dll)
BHO\{C348BB9A-995C-404A-8185-76325B4BED9F} - "adfavwsqpr Object" (C:\Windows\$XNTUninstall643$\mbdwt.dll)
BHO\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} - "brumavwsqgrm Object" (C:\Windows\$XNTUninstall643$\xgoir.dll)
BHO\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - "OfferBox" (C:\Program Files\OfferBox\OfferBoxBHO.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 09/04/2011 20:18:19 (7770 Octet(s))

Fin à: 20:20:20, 09/04/2011

============== E.O.F ==============
Contenus similaires
9 Avril 2011 23:33:25

Voici le 1er rapport demandé

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 23:27:07 le 09/04/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium (X86)
Mathieu@MATHIEUF (FUJITSU SIEMENS AMILO La1703)

============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.




============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [2.0.0.2 (fr)] ****

Plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)
Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)
HKLM_MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 (x)
HKLM_MozillaPlugins\@veoh.com/VeohTVPlugin (x)
HKLM_MozillaPlugins\@veoh.com/VeohWebPlayer (x)
HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x)
HKCU_MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21 (x)
Components\jar50.dll (Mozilla Foundation)
Components\jsd3250.dll (Mozilla Foundation)
Components\myspell.dll (Mozilla Foundation)
Components\nsBookmarkTransactionManager.js
Components\nsCloseAllWindows.js
Components\nsDictionary.js
Components\nsPostUpdateWin.js
Components\nsUrlClassifierTable.js
Components\nsXmlRpcClient.js
Components\spellchk.dll (Mozilla Foundation)
Components\xpinstal.dll (Mozilla Foundation)
Extensions\divx@partners.mozilla.com (DivX Settings)
Extensions\talkback@mozilla.org (Talkback)
HKLM_Extensions|{3112ca9c-de6d-4884-a869-9855de68056c} - C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
HKCU_Extensions|web@veoh.com - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder

-- C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\dnrk2f30.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
User.js - keyword.URL, hxxp://redirecterror.sfr.fr/?q=
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.search.selectedEngine, Live Search
Prefs.js - browser.startup.homepage, hxxp://fr.msn.com/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.8.1.2
Prefs.js - keyword.URL, hxxp://redirecterror.sfr.fr/?q=

========================================

**** Internet Explorer Version [7.0.6000.17037] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} - "Search" (hxxp://www.searchinggate.com/index.php?b=1&t=1&q={searchTerms})
HKLM_Toolbar|{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} (C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll)
HKCU_ElevationPolicy\{2F8FD65A-8DCA-45FD-81AB-1EF34A4839C5} - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
HKCU_ElevationPolicy\{87D3BCDA-C114-46D6-9829-45EE4D258ACF} - C:\Program Files\DivX\DivX Player\DivX Player.exe (DivX, Inc)
HKCU_ElevationPolicy\{B5A027C5-180B-4A2A-B45A-D268F24FA491} - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)
HKCU_ElevationPolicy\{C0BFE6B8-B3F2-49FC-AF65-78405154CC3A} - C:\Program Files\WinRAR\WinRAR.exe (?)
HKCU_ElevationPolicy\{CF744D25-FE95-4697-B1A8-19E1E5BBFDD1} - C:\Windows\System32\Macromed\Flash\FlashUtil9e.exe (x)
HKCU_ElevationPolicy\{D301D9F5-3F10-4F19-8885-AF42F669F742} - C:\Program Files\OpenOffice.org 2.3\program\swriter.exe (?)
HKCU_ElevationPolicy\{EBF3D391-44E0-4424-9BDF-E1AF5EFC17A8} - C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)
HKLM_ElevationPolicy\{87AF076E-D86D-4E87-ADDD-F05804E1F150} - C:\Program Files\VirginMega\DownloadManager\DMFacade.exe (VirginMega)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files\SFR\Kit\9launch.exe (SFR)
HKLM_Extensions\{5067A26B-1337-4436-8AFE-EE169C2DA79F} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre6\bin\ssv.dll)
BHO\{C348BB9A-995C-404A-8185-76325B4BED9F} - "adfavwsqpr Object" (C:\Windows\$XNTUninstall643$\mbdwt.dll)
BHO\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} - "brumavwsqgrm Object" (C:\Windows\$XNTUninstall643$\xgoir.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 16 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 09/04/2011 23:20:14 (7713 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 09/04/2011 23:27:11 (5590 Octet(s))
C:\Ad-Report-SCAN[1].txt - 09/04/2011 20:18:19 (7908 Octet(s))

Fin à: 23:29:02, 09/04/2011

============== E.O.F ==============
a c 267 8 Sécurité
9 Avril 2011 23:52:04

Ok.
10 Avril 2011 11:41:30

Voici le 2nd rapport demandé:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6320

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

10/04/2011 11:39:32
mbam-log-2011-04-10 (11-39-20).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 148706
Temps écoulé: 12 minute(s), 58 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\Users\Mathieu\AppData\Local\WMPlosrv.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Windows\$xntuninstall643$\mbdwt.dll (Trojan.Agent.Gen) -> No action taken.
c:\Windows\$xntuninstall643$\xgoir.dll (Adware.AdRotator) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{10F31E8B-528B-41C8-B7E2-3534E4D5CBA0} (Trojan.Agent.Gen) -> No action taken.
HKEY_CLASSES_ROOT\chkavwsqhst.chkavwsqhst.1.0 (Trojan.Agent.Gen) -> No action taken.
HKEY_CLASSES_ROOT\chkavwsqhst.chkavwsqhst (Trojan.Agent.Gen) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C348BB9A-995C-404A-8185-76325B4BED9F} (Trojan.Agent.Gen) -> No action taken.
HKEY_CLASSES_ROOT\adfavwsqpr.adfavwsqpr.1.0 (Trojan.Agent.Gen) -> No action taken.
HKEY_CLASSES_ROOT\adfavwsqpr.adfavwsqpr (Trojan.Agent.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C348BB9A-995C-404A-8185-76325B4BED9F} (Trojan.Agent.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C348BB9A-995C-404A-8185-76325B4BED9F} (Trojan.Agent.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\brumavwsqgrm.brumavwsqgrm.1.0 (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\brumavwsqgrm.brumavwsqgrm (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} (Adware.AdRotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} (Adware.AdRotator) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hbijohese (Trojan.Hiloti.Gen) -> Value: Hbijohese -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k70ccreloc.exe (Trojan.FakeAlert) -> Value: k70ccreloc.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Value: bipro -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\Users\Mathieu\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> No action taken.
c:\Windows\$xntuninstall643$ (Adware.AdRotator) -> No action taken.

Fichier(s) infecté(s):
c:\Users\Mathieu\AppData\Local\WMPlosrv.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Windows\Temp\ipsi\setup.exe (Trojan.P2P.Agent) -> No action taken.
c:\Users\Mathieu\local settings\application data\WMPlosrv.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Users\Mathieu\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Users\Mathieu\AppData\Roaming\microsoft\Windows\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Users\Mathieu\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
c:\Windows\System32\gnuhashes.ini (Trojan.Tracur) -> No action taken.
c:\Windows\$xntuninstall643$\mbdwt.dll (Trojan.Agent.Gen) -> No action taken.
c:\Users\Mathieu\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
c:\Users\Mathieu\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
c:\Windows\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> No action taken.
c:\Windows\$xntuninstall643$\xgoir.dll (Adware.AdRotator) -> No action taken.
c:\Windows\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> No action taken.
a c 267 8 Sécurité
10 Avril 2011 12:09:13

Tu as bien supprimé les infections trouvées par Malwarebytes' Anti-Malware ?
10 Avril 2011 12:34:54

Oui mais d'autres sans succès:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6320

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

10/04/2011 12:33:27
mbam-log-2011-04-10 (12-33-27).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 148795
Temps écoulé: 7 minute(s), 25 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\Users\Mathieu\AppData\Local\WMPlosrv.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\Windows\$xntuninstall643$\mbdwt.dll (Adware.AdRotator) -> Delete on reboot.
c:\Windows\$xntuninstall643$\xgoir.dll (Adware.AdRotator) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hbijohese (Trojan.Hiloti.Gen) -> Value: Hbijohese -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\Windows\$xntuninstall643$ (Adware.AdRotator) -> Delete on reboot.

Fichier(s) infecté(s):
c:\Users\Mathieu\AppData\Local\WMPlosrv.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\Users\Mathieu\local settings\application data\WMPlosrv.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\Windows\$xntuninstall643$\mbdwt.dll (Adware.AdRotator) -> Delete on reboot.
c:\Windows\$xntuninstall643$\xgoir.dll (Adware.AdRotator) -> Delete on reboot.
a c 267 8 Sécurité
10 Avril 2011 12:39:25

Ceux-là reviennent ?
11 Avril 2011 08:22:59

on dirait que non
11 Avril 2011 08:36:00

Si j'en ai encore visiblement (nouvelles alertes)
a c 267 8 Sécurité
11 Avril 2011 18:02:25

Quels pubs s'affichent ?

  • Télécharge OTL (par OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prend pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres Bloc-notes vont s'ouvrir : OTL.txt et Extras.txt. Ils se trouvent au même endroit qu'OTL.

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    13 Avril 2011 08:51:28

    J'ai encore beaucoup de notifications de virus...

    et au lieu de tomber sur le site demandé, je tombe sur ebay...
    a c 267 8 Sécurité
    13 Avril 2011 09:22:05

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

  • Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.

  • Réponds Oui au message d'avertissement pour que ComboFix commence l'analyse de ton PC.

  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    18 Avril 2011 08:12:32

    le programme reste malheureusement bloqué et je n'arrive pas à mettre le rapport
    21 Avril 2011 21:17:17

    ç'a l'air de fonctionner merci :) 

    seulement j'ai un message d'erreur avec Run DLL lors de mon arrivée au bureau suite au démarrage de l'ordinateur
    a c 267 8 Sécurité
    21 Avril 2011 21:31:19

    Ah, enfin une bonne nouvelle.

    Peux-tu poster un nouveau rapport OTL ?
    28 Avril 2011 23:57:05

    OTL logfile created on: 28/04/2011 23:37:45 - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mathieu\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
    4,00 Gb Paging File | 2,00 Gb Available in Paging File | 60,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 90,25 Gb Total Space | 31,54 Gb Free Space | 34,95% Space Free | Partition Type: NTFS
    Drive D: | 45,12 Gb Total Space | 4,88 Gb Free Space | 10,81% Space Free | Partition Type: NTFS

    Computer Name: MATHIEUF | User Name: Mathieu | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Mathieu\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
    PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
    PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
    PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
    PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Mathieu\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (CLTNetCnService) -- File not found
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)


    ========== Driver Services (SafeList) ==========

    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
    DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
    DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
    DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
    DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.)
    DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
    DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.fr/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.selectedEngine: "Live Search"
    FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"
    FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

    FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/10/07 19:55:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/18 23:49:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/18 23:49:02 | 000,000,000 | ---D | M]

    [2009/06/03 16:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Extensions
    [2009/06/03 16:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/03/01 00:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\dnrk2f30.default\extensions
    [2009/09/05 09:26:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\dnrk2f30.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/20 14:35:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\dnrk2f30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/06/26 11:35:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\dnrk2f30.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/08/14 20:24:25 | 000,001,775 | ---- | M] () -- C:\Users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\dnrk2f30.default\searchplugins\live-search.xml
    [2010/02/13 12:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2007/10/07 19:56:17 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\mozilla firefox\extensions\divx@partners.mozilla.com
    [2007/10/07 19:56:28 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
    [2009/08/02 17:33:57 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
    [2007/02/22 00:13:26 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
    [2007/02/22 00:13:26 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
    [2007/02/22 00:13:26 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
    [2007/02/22 00:13:26 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
    [2007/02/22 00:13:26 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
    [2006/09/06 20:27:53 | 000,001,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2006/06/03 22:11:43 | 000,001,072 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2006/09/06 22:56:53 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2006/09/13 23:56:35 | 000,001,203 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2006/09/11 21:46:49 | 000,000,664 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    Hosts file not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast5] File not found
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
    O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Hbijohese] File not found
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    O4 - Startup: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: tellmemorecampus.com ([www3] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: tellmemorecampus.com ([www3] http in Sites de confiance)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1... (Facebook Photo Uploader 5 Control)
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} https://www.virginmega.fr/DownloadManager/Release/Prod/... (VirginMega.DMFacade.Interface)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol... (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{4c301e28-c8b8-11dc-bc1a-00a0d1c6c1c2}\Shell\1\Command - "" = F:\.\recycled\info.exe
    O33 - MountPoints2\{4c301e28-c8b8-11dc-bc1a-00a0d1c6c1c2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
    O33 - MountPoints2\{4c301e56-c8b8-11dc-bc1a-00a0d1c6c1c2}\Shell\Auto\command - "" = F:\AdobeR.exe e
    O33 - MountPoints2\{4c301e56-c8b8-11dc-bc1a-00a0d1c6c1c2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\AdobeR.exe e
    O33 - MountPoints2\{6ba8ceaf-7d40-11dc-8c14-00a0d1c6c1c2}\Shell\1\Command - "" = .\recycled\info.exe
    O33 - MountPoints2\{6ba8ceaf-7d40-11dc-8c14-00a0d1c6c1c2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
    O33 - MountPoints2\{b60e5db3-36c3-11e0-831e-00a0d1c6c1c2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b60e5db3-36c3-11e0-831e-00a0d1c6c1c2}\Shell\AutoRun\command - "" = F:\SFR.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/18 23:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/04/18 23:55:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
    [2011/04/18 23:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/04/18 23:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/04/18 23:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/04/18 23:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/04/18 23:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/04/18 23:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/04/18 23:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/04/18 22:10:27 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mathieu\Desktop\TDSSKiller.exe
    [2011/04/14 08:47:46 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/04/13 22:49:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/04/13 22:49:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/04/13 22:49:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/04/13 22:49:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/04/13 22:48:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/04/13 22:48:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/12 08:06:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/04/11 20:39:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mathieu\Desktop\OTL.exe
    [2011/04/09 23:38:11 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\AppData\Roaming\Malwarebytes
    [2011/04/09 23:38:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/04/09 23:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/09 23:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/04/09 23:37:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/04/09 23:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/09 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2011/04/08 08:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2011/04/08 07:40:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\3B2BD791EDC3DC40B13CF4BD3FF56A19
    [2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
    [2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
    [2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/04/28 23:45:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/28 23:27:03 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/28 23:27:03 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/28 23:06:34 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{105477E2-8E1D-448D-9413-82612028D66E}.job
    [2011/04/28 20:28:09 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/28 20:27:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/18 21:31:45 | 001,263,721 | ---- | M] () -- C:\Users\Mathieu\Desktop\tdsskiller.zip
    [2011/04/14 08:42:09 | 004,320,788 | R--- | M] () -- C:\Users\Mathieu\Desktop\ComboFix.exe
    [2011/04/12 22:30:35 | 000,690,832 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2011/04/12 22:30:35 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/04/12 22:30:35 | 000,117,572 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2011/04/12 22:30:35 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/04/12 20:49:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\str.sys
    [2011/04/11 20:39:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mathieu\Desktop\OTL.exe
    [2011/04/10 12:54:53 | 735,524,864 | ---- | M] () -- C:\Users\Mathieu\Desktop\Monsieur Batignol.avi
    [2011/04/09 23:38:01 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/09 20:18:09 | 000,001,682 | ---- | M] () -- C:\Users\Mathieu\Desktop\AD-R.lnk
    [2011/04/08 08:06:50 | 000,001,880 | ---- | M] () -- C:\Users\Mathieu\Desktop\HijackThis.lnk
    [2011/04/08 07:40:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\advdll.dll
    [2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
    [2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
    [2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

    ========== Files Created - No Company Name ==========

    [2011/04/18 21:31:33 | 001,263,721 | ---- | C] () -- C:\Users\Mathieu\Desktop\tdsskiller.zip
    [2011/04/13 22:49:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/04/13 22:49:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/04/13 22:49:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/04/13 22:49:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/04/13 22:49:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/04/13 22:45:45 | 004,320,788 | R--- | C] () -- C:\Users\Mathieu\Desktop\ComboFix.exe
    [2011/04/12 20:49:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\str.sys
    [2011/04/10 12:54:08 | 735,524,864 | ---- | C] () -- C:\Users\Mathieu\Desktop\Monsieur Batignol.avi
    [2011/04/09 23:38:01 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/09 20:18:09 | 000,001,682 | ---- | C] () -- C:\Users\Mathieu\Desktop\AD-R.lnk
    [2011/04/08 08:06:50 | 000,001,880 | ---- | C] () -- C:\Users\Mathieu\Desktop\HijackThis.lnk
    [2011/04/08 07:40:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\advdll.dll
    [2011/03/03 23:25:21 | 000,002,095 | ---- | C] () -- C:\Users\Mathieu\AppData\Local\obafurizevulad.dll
    [2011/03/03 09:12:45 | 000,002,095 | ---- | C] () -- C:\Users\Mathieu\AppData\Local\opijiqigisohunir.dll
    [2010/02/07 15:57:36 | 000,284,160 | ---- | C] () -- C:\Windows\unin040c.exe
    [2009/01/24 13:01:36 | 000,000,292 | ---- | C] () -- C:\Windows\EReg072.dat
    [2008/12/18 00:30:06 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2008/12/18 00:30:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2008/03/22 11:04:49 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
    [2008/03/20 21:30:33 | 000,000,691 | ---- | C] () -- C:\Users\Mathieu\AppData\Roaming\GetValue.vbs
    [2008/03/20 21:30:33 | 000,000,035 | ---- | C] () -- C:\Users\Mathieu\AppData\Roaming\SetValue.bat
    [2008/03/20 17:21:54 | 000,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
    [2008/03/20 17:21:53 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
    [2008/03/20 17:21:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
    [2008/02/02 15:51:41 | 000,000,680 | ---- | C] () -- C:\Users\Mathieu\AppData\Local\d3d9caps.dat
    [2007/10/11 20:16:39 | 000,190,464 | ---- | C] () -- C:\Users\Mathieu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/08/16 00:33:14 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2007/08/10 12:45:48 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
    [2007/08/10 03:35:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007/08/10 03:34:19 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe
    [2007/08/10 03:33:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
    [2006/11/02 17:48:33 | 000,690,832 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2006/11/02 17:48:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2006/11/02 17:48:33 | 000,117,572 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2006/11/02 17:48:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 14:47:37 | 000,254,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2006/11/02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2006/08/11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
    [1997/06/14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2011/04/08 07:44:09 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\9827B977729D27FC30BE0F85C0C2501F
    [2009/08/21 19:55:35 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Amazon
    [2008/01/11 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Argali
    [2009/10/05 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\AVI ReComp
    [2007/10/11 20:10:34 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\InterVideo
    [2010/11/27 12:04:11 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\LimeWire
    [2011/02/12 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\SFR
    [2010/01/11 09:49:19 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Windows Live Writer
    [2011/04/28 08:50:21 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/04/28 23:06:34 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{105477E2-8E1D-448D-9413-82612028D66E}.job

    ========== Purity Check ==========



    < End of report >


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS