Votre question

Probleme Malware Spyware... Virus

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Janvier 2011 18:58:34

bonjour apres un passage sur le net google chrome a enregistrer "memory fixer " sur mon pc.....
Il s'agirait d'un malware mon anti virus avira en a supprimer des parties mais google chrome ne fonctionne plus
pouvez vous m'aider merci

Autres pages sur : probleme malware spyware virus

5 Janvier 2011 19:04:00

Bonsoir
Il est tout neuf ce rogue:

http://forum.malekal.com/memory-fixer-t30773.html


à faire dans l'ordre:


1

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.


    2

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
  • Poste ce rapport.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
    5 Janvier 2011 19:11:34

    bonsoir merci beaucoup d'avoir repondu je m'active tout de suite
    Contenus similaires
    5 Janvier 2011 22:38:28

    voici le dds txt

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by fred at 19:51:48,68 on 05/01/2011
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.1975.693 [GMT 1:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\System32\svchost.exe -k Cognizance
    C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    C:\windows\system32\svchost.exe -k rpcss
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\SLsvc.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\Hpservice.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\windows\system32\AEADISRV.EXE
    C:\Windows\system32\agrsmsvc.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskeng.exe
    C:\windows\system32\rpcnet.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\windows\System32\alg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\windows\system32\conime.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wuauclt.exe
    C:\Users\fred\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
    uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
    uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
    mURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
    mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
    BHO: : {cf69d058-b623-4ae9-8514-256f04e08cd3} - c:\windows\system32\ypgvsaym.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
    BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
    BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
    BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
    TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
    TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [fnvfnfnv] "c:\users\fred\appdata\local\fnvfnfnv.exe" fnvfnfnv
    uRun: [Google Update] "c:\users\fred\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [FEXeTWLLHYgf.exe] c:\programdata\FEXeTWLLHYgf.exe
    uRun: [Akizijiwanomohag] rundll32.exe "c:\users\fred\appdata\local\friapne.dll",Startup
    uRun: [Cx5QHgyo] c:\programdata\Cx5QHgyo.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [<NO NAME>]
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
    mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
    StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Recherche AOL Toolbar - c:\programdata\aol\ietoolbar\resources\fr-fr\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll APSHook.dll
    LSA: Notification Packages = scecli ASWLNPkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.lphant.com//web?src=ffb&q=
    FF - component: c:\program files\offerbox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
    FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
    FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\users\fred\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\fred\appdata\roaming\mozilla\plugins\np-mswmp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: OfferBox: offerboxffx@offerbox.com - c:\program files\offerbox\offerboxffx@offerbox.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

    ============= SERVICES / DRIVERS ===============

    R?2 jtltgtbs;NVIDIA nForce RAID Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-3 11608]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-8-3 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-3 185089]
    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-3 56816]
    R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512]
    R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-7-12 77824]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-7-12 576024]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-6 1153368]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-12 193840]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
    S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
    S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 281088]
    S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-05 17:13:32 -------- d-----w- c:\users\fred\appdata\roaming\OfferBox
    2011-01-05 17:11:35 -------- d-----w- c:\progra~2\Fun4IM
    2011-01-05 17:11:21 -------- d-----w- c:\program files\Windows Searchqu Toolbar
    2011-01-05 17:11:18 -------- d-----w- c:\program files\Fun4IM
    2011-01-05 17:10:38 -------- d-----w- c:\program files\OfferBox
    2011-01-05 15:08:23 423424 ----a-w- c:\progra~2\GnGHPNcKObIR.dll
    2011-01-04 19:07:47 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e3be2e81-2690-4bb5-a8c6-c966cce6d0a3}\mpengine.dll
    2010-12-30 19:41:32 -------- d-----w- c:\users\fred\appdata\roaming\Local
    2010-12-30 19:40:26 -------- d-----w- c:\program files\common files\DivX Shared
    2010-12-22 21:44:58 -------- d-----w- c:\program files\Veetle
    2010-12-20 19:30:01 -------- d-----w- c:\program files\SearchElf_1.2
    2010-12-16 18:37:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-16 18:36:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-12-12 14:58:12 -------- d-----w- c:\program files\Conduit
    2010-12-12 14:57:46 -------- d-----w- c:\program files\ConduitEngine
    2010-12-12 14:57:26 -------- d-----w- c:\program files\BittorrentBar_FR
    2010-12-12 14:57:04 -------- d-----w- c:\program files\BitTorrent

    ==================== Find3M ====================

    2011-01-05 18:45:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2011-01-05 18:45:55 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2011-01-05 16:33:49 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-21 20:08:42 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-10-21 18:30:50 389632 ----a-w- c:\windows\system32\html.iec
    2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
    2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: FUJITSU_ rev.8909 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x86E72555]<<
    c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86e787b0]; MOV EAX, [0x86e7882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81E80962] -> \Device\Harddisk0\DR0[0x869D04D0]
    3 CLASSPNP[0x8242F8B3] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x869D0C88]
    5 hpdskflt[0x88DC3065] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x855EA650]
    7 acpi[0x8069C6BC] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x85651028]
    \Driver\iaStor[0x86072320] -> IRP_MJ_CREATE -> 0x86E72555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G2____________________8909____#4&1bcdc343&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    error: Read Impossible de satisfaire à la demande en raison d'une erreur de périphérique d'E/S.
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 19:54:50,72 ===============
    5 Janvier 2011 22:39:07

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 5465

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    05/01/2011 22:17:09
    mbam-log-2011-01-05 (22-17-09).txt

    Type d'examen: Examen complet (C:\|D:\|F:\|)
    Elément(s) analysé(s): 324833
    Temps écoulé: 1 heure(s), 48 minute(s), 27 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Akizijiwanomohag (Trojan.Agent) -> Value: Akizijiwanomohag -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
    c:\programdata\gnghpnckobir.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\fred\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\1073662f-56c99884 (Rootkit.TDSS) -> Quarantined and deleted successfully.
    c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1758895.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\fred\downloads\vlc-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Windows\Temp\wsget.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Temp\~nsuobw.tmp\getofferbox.php (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1818472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\fred\AppData\Local\Temp\0.9651489844155005.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    6 Janvier 2011 17:50:32

    desole j'ai mis du temps mais voila les rapports


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by fred at 19:51:48,68 on 05/01/2011
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.1975.693 [GMT 1:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\System32\svchost.exe -k Cognizance
    C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    C:\windows\system32\svchost.exe -k rpcss
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\SLsvc.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\Hpservice.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\windows\system32\AEADISRV.EXE
    C:\Windows\system32\agrsmsvc.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskeng.exe
    C:\windows\system32\rpcnet.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\windows\System32\alg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\windows\system32\conime.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wuauclt.exe
    C:\Users\fred\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
    uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
    uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
    mURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
    mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
    BHO: : {cf69d058-b623-4ae9-8514-256f04e08cd3} - c:\windows\system32\ypgvsaym.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
    BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
    BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
    BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
    TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
    TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [fnvfnfnv] "c:\users\fred\appdata\local\fnvfnfnv.exe" fnvfnfnv
    uRun: [Google Update] "c:\users\fred\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [FEXeTWLLHYgf.exe] c:\programdata\FEXeTWLLHYgf.exe
    uRun: [Akizijiwanomohag] rundll32.exe "c:\users\fred\appdata\local\friapne.dll",Startup
    uRun: [Cx5QHgyo] c:\programdata\Cx5QHgyo.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [<NO NAME>]
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
    mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
    StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Recherche AOL Toolbar - c:\programdata\aol\ietoolbar\resources\fr-fr\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll APSHook.dll
    LSA: Notification Packages = scecli ASWLNPkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.lphant.com//web?src=ffb&q=
    FF - component: c:\program files\offerbox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
    FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
    FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\users\fred\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\fred\appdata\roaming\mozilla\plugins\np-mswmp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: OfferBox: offerboxffx@offerbox.com - c:\program files\offerbox\offerboxffx@offerbox.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

    ============= SERVICES / DRIVERS ===============

    R?2 jtltgtbs;NVIDIA nForce RAID Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-3 11608]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-8-3 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-3 185089]
    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-3 56816]
    R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512]
    R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-7-12 77824]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-7-12 576024]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-6 1153368]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-12 193840]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
    S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
    S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 281088]
    S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-05 17:13:32 -------- d-----w- c:\users\fred\appdata\roaming\OfferBox
    2011-01-05 17:11:35 -------- d-----w- c:\progra~2\Fun4IM
    2011-01-05 17:11:21 -------- d-----w- c:\program files\Windows Searchqu Toolbar
    2011-01-05 17:11:18 -------- d-----w- c:\program files\Fun4IM
    2011-01-05 17:10:38 -------- d-----w- c:\program files\OfferBox
    2011-01-05 15:08:23 423424 ----a-w- c:\progra~2\GnGHPNcKObIR.dll
    2011-01-04 19:07:47 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e3be2e81-2690-4bb5-a8c6-c966cce6d0a3}\mpengine.dll
    2010-12-30 19:41:32 -------- d-----w- c:\users\fred\appdata\roaming\Local
    2010-12-30 19:40:26 -------- d-----w- c:\program files\common files\DivX Shared
    2010-12-22 21:44:58 -------- d-----w- c:\program files\Veetle
    2010-12-20 19:30:01 -------- d-----w- c:\program files\SearchElf_1.2
    2010-12-16 18:37:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-16 18:36:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-12-12 14:58:12 -------- d-----w- c:\program files\Conduit
    2010-12-12 14:57:46 -------- d-----w- c:\program files\ConduitEngine
    2010-12-12 14:57:26 -------- d-----w- c:\program files\BittorrentBar_FR
    2010-12-12 14:57:04 -------- d-----w- c:\program files\BitTorrent

    ==================== Find3M ====================

    2011-01-05 18:45:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2011-01-05 18:45:55 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2011-01-05 16:33:49 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-21 20:08:42 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-10-21 18:30:50 389632 ----a-w- c:\windows\system32\html.iec
    2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
    2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: FUJITSU_ rev.8909 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x86E72555]<<
    c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86e787b0]; MOV EAX, [0x86e7882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81E80962] -> \Device\Harddisk0\DR0[0x869D04D0]
    3 CLASSPNP[0x8242F8B3] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x869D0C88]
    5 hpdskflt[0x88DC3065] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x855EA650]
    7 acpi[0x8069C6BC] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x85651028]
    \Driver\iaStor[0x86072320] -> IRP_MJ_CREATE -> 0x86E72555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G2____________________8909____#4&1bcdc343&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    error: Read Impossible de satisfaire à la demande en raison d'une erreur de périphérique d'E/S.
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 19:54:50,72 ===============





    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 5465

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    05/01/2011 22:17:09
    mbam-log-2011-01-05 (22-17-09).txt

    Type d'examen: Examen complet (C:\|D:\|F:\|)
    Elément(s) analysé(s): 324833
    Temps écoulé: 1 heure(s), 48 minute(s), 27 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Akizijiwanomohag (Trojan.Agent) -> Value: Akizijiwanomohag -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
    c:\programdata\gnghpnckobir.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\fred\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\1073662f-56c99884 (Rootkit.TDSS) -> Quarantined and deleted successfully.
    c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1758895.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\fred\downloads\vlc-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Windows\Temp\wsget.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Temp\~nsuobw.tmp\getofferbox.php (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1818472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\fred\AppData\Local\Temp\0.9651489844155005.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    6 Janvier 2011 20:46:25

    Bonsoir
    Bien infecté... faut arrêter de cliquer n'importe-où. :o 

    Lire: Les toolbars c'est pas obligatoire!

    1

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Scanner.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\


    2


    Télécharge TDSSKiller de Kaspersky sur ton bureau.

  • Décompresse-le en faisant clic-droit dessus -> extraire tout... (clique sur "suivant", "suivant" et "Terminer".)
  • Double clique sur "TDSSKiller.exe" pour lancer l'outil.
    (Utilisateur de Vista/Windows 7 : effectue un clic droit sur TDSSKiller.exe et sélectionne "Exécuter en tant qu'administrateur".)

  • Clique alors sur le bouton "Start Scan".
  • Laisse le scan s'effectuer.

  • Dans la fenêtre de résultat, assures-toi que "Malicious objects" ait le statut "Cure"
  • Pour la partie "Suspicious object" clique sur "Skip" et choisi "Quarantine"
  • Clique enfin sur "Continue"

  • Il te sera surement demandé de redémarrer ton pc, fait-le en cliquant sur "Reboot now"

  • Au redémarrage va chercher le rapport de suppression, il se trouve ici :
    C:\ TDSSKiller.x.x.x.x_date_heure_log.txt

    Poste son contenu dans ta prochaine réponse.
    6 Janvier 2011 21:11:13

    bonsoir oui j'ai de grosse lacune en informatique en tout cas voici les rapports


    2011/01/06 20:57:45.0637 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/06 20:57:45.0637 ================================================================================
    2011/01/06 20:57:45.0637 SystemInfo:
    2011/01/06 20:57:45.0637
    2011/01/06 20:57:45.0637 OS Version: 6.0.6002 ServicePack: 2.0
    2011/01/06 20:57:45.0637 Product type: Workstation
    2011/01/06 20:57:45.0637 ComputerName: PC-DE-FRED
    2011/01/06 20:57:45.0653 UserName: fred
    2011/01/06 20:57:45.0653 Windows directory: C:\windows
    2011/01/06 20:57:45.0653 System windows directory: C:\windows
    2011/01/06 20:57:45.0653 Processor architecture: Intel x86
    2011/01/06 20:57:45.0653 Number of processors: 2
    2011/01/06 20:57:45.0653 Page size: 0x1000
    2011/01/06 20:57:45.0653 Boot type: Normal boot
    2011/01/06 20:57:45.0653 ================================================================================
    2011/01/06 20:57:46.0761 Initialize success
    2011/01/06 20:57:49.0413 ================================================================================
    2011/01/06 20:57:49.0413 Scan started
    2011/01/06 20:57:49.0444 Mode: Manual;
    2011/01/06 20:57:49.0444 ================================================================================
    2011/01/06 20:57:50.0692 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
    2011/01/06 20:57:50.0848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
    2011/01/06 20:57:51.0019 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
    2011/01/06 20:57:51.0191 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
    2011/01/06 20:57:51.0331 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
    2011/01/06 20:57:51.0503 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
    2011/01/06 20:57:51.0581 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
    2011/01/06 20:57:51.0862 AFD (a201207363aa900abf1a388468688570) C:\windows\system32\drivers\afd.sys
    2011/01/06 20:57:52.0033 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
    2011/01/06 20:57:52.0252 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
    2011/01/06 20:57:52.0330 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
    2011/01/06 20:57:52.0501 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
    2011/01/06 20:57:52.0673 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
    2011/01/06 20:57:52.0798 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
    2011/01/06 20:57:53.0344 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
    2011/01/06 20:57:53.0562 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
    2011/01/06 20:57:53.0765 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
    2011/01/06 20:57:53.0905 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
    2011/01/06 20:57:54.0186 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
    2011/01/06 20:57:54.0358 atapi (2d9c903dc76a66813d350a562de40ed9) C:\windows\system32\drivers\atapi.sys
    2011/01/06 20:57:54.0529 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/01/06 20:57:54.0639 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\windows\system32\DRIVERS\avgntflt.sys
    2011/01/06 20:57:54.0810 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\windows\system32\DRIVERS\avipbb.sys
    2011/01/06 20:57:54.0951 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
    2011/01/06 20:57:55.0200 BCM43XX (3f5e7621cdf6867d3d8417d13a098277) C:\windows\system32\DRIVERS\bcmwl6.sys
    2011/01/06 20:57:55.0419 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
    2011/01/06 20:57:55.0637 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
    2011/01/06 20:57:55.0731 bowser (74b442b2be1260b7588c136177ceac66) C:\windows\system32\DRIVERS\bowser.sys
    2011/01/06 20:57:55.0855 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
    2011/01/06 20:57:56.0011 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
    2011/01/06 20:57:56.0136 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
    2011/01/06 20:57:56.0245 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
    2011/01/06 20:57:56.0386 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
    2011/01/06 20:57:56.0495 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
    2011/01/06 20:57:56.0651 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
    2011/01/06 20:57:56.0823 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
    2011/01/06 20:57:56.0979 cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
    2011/01/06 20:57:57.0088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
    2011/01/06 20:57:57.0228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
    2011/01/06 20:57:57.0400 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
    2011/01/06 20:57:57.0525 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
    2011/01/06 20:57:57.0649 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
    2011/01/06 20:57:57.0759 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
    2011/01/06 20:57:57.0899 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
    2011/01/06 20:57:58.0305 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\windows\system32\Drivers\dfsc.sys
    2011/01/06 20:57:58.0710 disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
    2011/01/06 20:57:59.0007 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
    2011/01/06 20:57:59.0287 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\windows\System32\drivers\dxgkrnl.sys
    2011/01/06 20:57:59.0584 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
    2011/01/06 20:57:59.0740 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
    2011/01/06 20:57:59.0974 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
    2011/01/06 20:58:00.0395 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
    2011/01/06 20:58:00.0847 exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
    2011/01/06 20:58:01.0113 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
    2011/01/06 20:58:01.0503 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
    2011/01/06 20:58:01.0659 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
    2011/01/06 20:58:01.0846 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
    2011/01/06 20:58:02.0049 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
    2011/01/06 20:58:02.0251 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
    2011/01/06 20:58:02.0579 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
    2011/01/06 20:58:02.0891 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
    2011/01/06 20:58:03.0063 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/06 20:58:03.0265 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
    2011/01/06 20:58:03.0421 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
    2011/01/06 20:58:03.0624 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
    2011/01/06 20:58:03.0858 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
    2011/01/06 20:58:04.0108 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
    2011/01/06 20:58:04.0295 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
    2011/01/06 20:58:04.0623 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
    2011/01/06 20:58:05.0013 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
    2011/01/06 20:58:05.0309 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
    2011/01/06 20:58:05.0652 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\windows\system32\drivers\HTTP.sys
    2011/01/06 20:58:06.0027 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
    2011/01/06 20:58:06.0151 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
    2011/01/06 20:58:06.0385 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\windows\system32\drivers\iastor.sys
    2011/01/06 20:58:06.0510 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
    2011/01/06 20:58:06.0853 igfx (d97e70e4e243c9660f91c1112e36c73b) C:\windows\system32\DRIVERS\igdkmd32.sys
    2011/01/06 20:58:07.0243 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
    2011/01/06 20:58:07.0399 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
    2011/01/06 20:58:07.0524 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
    2011/01/06 20:58:07.0680 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/06 20:58:07.0899 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
    2011/01/06 20:58:08.0164 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
    2011/01/06 20:58:08.0367 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
    2011/01/06 20:58:08.0616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
    2011/01/06 20:58:08.0725 iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
    2011/01/06 20:58:08.0991 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
    2011/01/06 20:58:09.0193 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
    2011/01/06 20:58:09.0334 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
    2011/01/06 20:58:09.0583 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
    2011/01/06 20:58:09.0849 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
    2011/01/06 20:58:10.0161 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
    2011/01/06 20:58:10.0332 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
    2011/01/06 20:58:10.0457 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
    2011/01/06 20:58:10.0707 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
    2011/01/06 20:58:10.0863 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
    2011/01/06 20:58:11.0128 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
    2011/01/06 20:58:11.0253 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
    2011/01/06 20:58:11.0377 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
    2011/01/06 20:58:11.0533 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
    2011/01/06 20:58:11.0705 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
    2011/01/06 20:58:11.0814 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
    2011/01/06 20:58:12.0033 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
    2011/01/06 20:58:12.0251 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
    2011/01/06 20:58:12.0641 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
    2011/01/06 20:58:12.0813 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
    2011/01/06 20:58:13.0031 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
    2011/01/06 20:58:13.0203 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\windows\system32\DRIVERS\mrxsmb.sys
    2011/01/06 20:58:13.0421 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/06 20:58:13.0686 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/06 20:58:13.0920 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys
    2011/01/06 20:58:14.0123 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
    2011/01/06 20:58:14.0451 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
    2011/01/06 20:58:14.0544 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
    2011/01/06 20:58:14.0700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
    2011/01/06 20:58:14.0934 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
    2011/01/06 20:58:15.0028 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
    2011/01/06 20:58:15.0121 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
    2011/01/06 20:58:15.0465 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
    2011/01/06 20:58:15.0901 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
    2011/01/06 20:58:15.0995 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
    2011/01/06 20:58:16.0276 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
    2011/01/06 20:58:16.0447 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
    2011/01/06 20:58:16.0759 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
    2011/01/06 20:58:16.0884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
    2011/01/06 20:58:17.0009 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
    2011/01/06 20:58:17.0321 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
    2011/01/06 20:58:17.0524 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
    2011/01/06 20:58:17.0773 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
    2011/01/06 20:58:18.0054 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
    2011/01/06 20:58:18.0273 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
    2011/01/06 20:58:18.0397 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
    2011/01/06 20:58:18.0616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
    2011/01/06 20:58:18.0865 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
    2011/01/06 20:58:19.0021 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
    2011/01/06 20:58:19.0115 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
    2011/01/06 20:58:19.0365 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
    2011/01/06 20:58:19.0474 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
    2011/01/06 20:58:19.0817 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\windows\system32\DRIVERS\ohci1394.sys
    2011/01/06 20:58:20.0067 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys
    2011/01/06 20:58:20.0223 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
    2011/01/06 20:58:20.0410 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys
    2011/01/06 20:58:20.0550 pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
    2011/01/06 20:58:20.0691 pciide (fc175f5ddab666d7f4d17449a547626f) C:\windows\system32\drivers\pciide.sys
    2011/01/06 20:58:20.0815 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\windows\system32\DRIVERS\pcmcia.sys
    2011/01/06 20:58:20.0987 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
    2011/01/06 20:58:21.0439 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
    2011/01/06 20:58:21.0549 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys
    2011/01/06 20:58:21.0829 PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
    2011/01/06 20:58:22.0017 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
    2011/01/06 20:58:22.0157 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
    2011/01/06 20:58:22.0360 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
    2011/01/06 20:58:22.0594 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
    2011/01/06 20:58:22.0672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
    2011/01/06 20:58:22.0797 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
    2011/01/06 20:58:22.0906 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
    2011/01/06 20:58:23.0046 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
    2011/01/06 20:58:23.0140 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
    2011/01/06 20:58:23.0265 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
    2011/01/06 20:58:23.0436 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\windows\system32\drivers\rdpdr.sys
    2011/01/06 20:58:23.0530 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
    2011/01/06 20:58:23.0655 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
    2011/01/06 20:58:23.0951 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
    2011/01/06 20:58:24.0076 RsvLock (3beefe509c414f3a6e55e5c7c4024581) C:\windows\system32\drivers\RsvLock.sys
    2011/01/06 20:58:24.0216 RTL8187B (e0ea9f5f94814f8a31f4b40175e1456e) C:\windows\system32\DRIVERS\RTL8187B.sys
    2011/01/06 20:58:24.0450 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys
    2011/01/06 20:58:24.0450 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
    2011/01/06 20:58:24.0466 SafeBoot - detected Locked file (1)
    2011/01/06 20:58:24.0559 SbAlg (52dcde2d1787217e15ffdca1cbf8cce9) C:\windows\system32\drivers\SbAlg.sys
    2011/01/06 20:58:24.0684 SbFsLock (69a5af9ce49a0982e7ae7c7d62bdb2b1) C:\windows\system32\drivers\SbFsLock.sys
    2011/01/06 20:58:24.0809 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
    2011/01/06 20:58:25.0027 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    2011/01/06 20:58:25.0168 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\drivers\serenum.sys
    2011/01/06 20:58:25.0324 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\drivers\serial.sys
    2011/01/06 20:58:25.0449 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
    2011/01/06 20:58:25.0620 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
    2011/01/06 20:58:25.0761 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
    2011/01/06 20:58:25.0839 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
    2011/01/06 20:58:25.0963 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
    2011/01/06 20:58:26.0166 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
    2011/01/06 20:58:26.0307 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
    2011/01/06 20:58:26.0416 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
    2011/01/06 20:58:26.0619 Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
    2011/01/06 20:58:26.0884 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
    2011/01/06 20:58:27.0118 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
    2011/01/06 20:58:27.0243 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\windows\system32\DRIVERS\srv.sys
    2011/01/06 20:58:27.0430 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\windows\system32\DRIVERS\srv2.sys
    2011/01/06 20:58:27.0555 srvnet (faa0d553a49e85008c6bb3781987c574) C:\windows\system32\DRIVERS\srvnet.sys
    2011/01/06 20:58:27.0695 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\windows\system32\DRIVERS\ssmdrv.sys
    2011/01/06 20:58:27.0882 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
    2011/01/06 20:58:28.0038 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
    2011/01/06 20:58:28.0147 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
    2011/01/06 20:58:28.0210 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
    2011/01/06 20:58:28.0350 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
    2011/01/06 20:58:28.0631 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\drivers\tcpip.sys
    2011/01/06 20:58:28.0803 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\DRIVERS\tcpip.sys
    2011/01/06 20:58:28.0927 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
    2011/01/06 20:58:29.0005 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
    2011/01/06 20:58:29.0099 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
    2011/01/06 20:58:29.0208 tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
    2011/01/06 20:58:29.0364 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
    2011/01/06 20:58:29.0520 TPM (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys
    2011/01/06 20:58:29.0676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
    2011/01/06 20:58:29.0817 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
    2011/01/06 20:58:29.0910 tunnel (300db877ac094feab0be7688c3454a9c) C:\windows\system32\DRIVERS\tunnel.sys
    2011/01/06 20:58:30.0051 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
    2011/01/06 20:58:30.0207 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
    2011/01/06 20:58:30.0409 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
    2011/01/06 20:58:30.0550 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
    2011/01/06 20:58:30.0675 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
    2011/01/06 20:58:30.0753 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
    2011/01/06 20:58:30.0862 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
    2011/01/06 20:58:31.0018 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
    2011/01/06 20:58:31.0158 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
    2011/01/06 20:58:31.0267 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
    2011/01/06 20:58:31.0408 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
    2011/01/06 20:58:31.0579 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
    2011/01/06 20:58:31.0689 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys
    2011/01/06 20:58:31.0782 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys
    2011/01/06 20:58:31.0954 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/06 20:58:32.0016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
    2011/01/06 20:58:32.0157 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
    2011/01/06 20:58:32.0344 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
    2011/01/06 20:58:32.0437 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
    2011/01/06 20:58:32.0547 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
    2011/01/06 20:58:32.0703 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
    2011/01/06 20:58:32.0796 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
    2011/01/06 20:58:32.0921 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
    2011/01/06 20:58:33.0093 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
    2011/01/06 20:58:33.0295 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
    2011/01/06 20:58:33.0498 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
    2011/01/06 20:58:33.0685 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
    2011/01/06 20:58:33.0810 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
    2011/01/06 20:58:33.0888 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
    2011/01/06 20:58:34.0060 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
    2011/01/06 20:58:34.0169 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
    2011/01/06 20:58:34.0653 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
    2011/01/06 20:58:34.0902 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\windows\system32\DRIVERS\wpdusb.sys
    2011/01/06 20:58:35.0027 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
    2011/01/06 20:58:35.0230 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
    2011/01/06 20:58:35.0448 yukonwlh (f72d4bffa37e857d195048c498afc61b) C:\windows\system32\DRIVERS\yk60x86.sys
    2011/01/06 20:58:35.0791 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/06 20:58:35.0791 ================================================================================
    2011/01/06 20:58:35.0791 Scan finished
    2011/01/06 20:58:35.0791 ================================================================================
    2011/01/06 20:58:35.0854 Detected object count: 2
    2011/01/06 20:59:44.0478 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys
    2011/01/06 20:59:44.0494 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
    2011/01/06 20:59:44.0494 C:\windows\system32\drivers\SafeBoot.sys - copied to quarantine
    2011/01/06 20:59:44.0494 Locked file(SafeBoot) - User select action: Quarantine
    2011/01/06 20:59:44.0525 \HardDisk0 - will be cured after reboot
    2011/01/06 20:59:44.0525 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/06 20:59:51.0810 Deinitialize success
    6 Janvier 2011 21:12:01

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 03/01/11 à 14:20
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 20:53:20 le 06/01/2011, Mode normal

    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86)
    fred@PC-DE-FRED (Hewlett-Packard HP Compaq 6730s)

    ============== RECHERCHE ==============


    Fichier trouvé: C:\Users\fred\AppData\Local\vlmckbbp.bat
    Fichier trouvé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
    Dossier trouvé: C:\Program Files\Windows Searchqu Toolbar
    Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\conduit
    Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\ConduitEngine
    Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\extensions\engine@conduit.com
    Dossier trouvé: C:\Program Files\AskTBar
    Dossier trouvé: C:\Users\fred\AppData\LocalLow\Conduit
    Dossier trouvé: C:\Program Files\Conduit
    Dossier trouvé: C:\Users\fred\AppData\LocalLow\ConduitEngine
    Dossier trouvé: C:\Program Files\ConduitEngine
    Dossier trouvé: C:\Users\fred\AppData\LocalLow\PriceGong
    Dossier trouvé: C:\Users\fred\AppData\LocalLow\SearchquTB
    Dossier trouvé: C:\Users\fred\AppData\Roaming\OfferBox
    Dossier trouvé: C:\Program Files\OfferBox

    -- Fichier ouvert: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
    Ligne trouvée: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852...
    Ligne trouvée: user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13"...
    Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
    Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
    -- Fichier Fermé --


    Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKLM\Software\Classes\CLSID\{502C038A-DCB8-4C20-9730-FD734ECDB2BA}
    Clé trouvée: HKLM\Software\Classes\CLSID\{7B840956-64ED-11DE-B890-694956D89593}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B840956-64ED-11DE-B890-694956D89593}
    Clé trouvée: HKLM\Software\Classes\CLSID\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
    Clé trouvée: HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
    Clé trouvée: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
    Clé trouvée: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
    Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fnvfnfnv
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2769726
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2849852
    Clé trouvée: HKLM\Software\Conduit
    Clé trouvée: HKLM\Software\conduitEngine
    Clé trouvée: HKCU\Software\fcn
    Clé trouvée: HKCU\Software\AppDataLow\Toolbar
    Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
    Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine
    Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8391CC7-6D4E-4F8F-A27F-FB92252827C6}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

    Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|fnvfnfnv
    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}


    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.13 (en-US)] **

    -- C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
    browser.search.defaultenginename, Lphant Web Search
    browser.search.selectedEngine, Google
    browser.startup.homepage, hxxp://search.conduit.com/?ctid=&SearchSource=13
    browser.startup.homepage_override.mstone, rv:1.9.2.13
    keyword.URL, hxxp://search.lphant.com//web?src=ffb&q=

    ========================================

    ** Internet Explorer Version [7.0.6002.18005] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\windows\system32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Show_ToolBar: yes
    Start Page: hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Enable Browser Extensions: yes
    Local Page: C:\windows\system32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 06/01/2011 (6983 Octet(s))

    Fin à: 20:55:14, 06/01/2011

    ============== E.O.F ==============
    6 Janvier 2011 21:22:22

    Citation :
    bonsoir oui j'ai de grosse lacune en informatique en tout cas voici les rapports

    c'est pas une question de lacune, c'est question d'être prudent sur ce que tu fais sur le net... :D 

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Nettoyer.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\
    6 Janvier 2011 21:39:44

    je croix que tout fonctionne deja mieux
    voici le rapport



    ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 03/01/11 à 14:20
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:24:35 le 06/01/2011, Mode normal

    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86)
    fred@PC-DE-FRED (Hewlett-Packard HP Compaq 6730s)

    ============== ACTION(S) ==============


    Fichier supprimé: C:\Users\fred\AppData\Local\vlmckbbp.bat
    Fichier supprimé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
    Dossier supprimé: C:\Program Files\Windows Searchqu Toolbar
    Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\conduit
    Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\ConduitEngine
    Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\extensions\engine@conduit.com
    Dossier supprimé: C:\Program Files\AskTBar
    Dossier supprimé: C:\Users\fred\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Users\fred\AppData\LocalLow\ConduitEngine
    Dossier supprimé: C:\Program Files\ConduitEngine
    Dossier supprimé: C:\Users\fred\AppData\LocalLow\PriceGong
    Dossier supprimé: C:\Users\fred\AppData\LocalLow\SearchquTB
    Dossier supprimé: C:\Users\fred\AppData\Roaming\OfferBox
    Dossier supprimé: C:\Program Files\OfferBox

    (!) -- Fichiers temporaires supprimés.


    -- Fichier ouvert: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
    Ligne supprimée:
    Ligne supprimée:
    Ligne supprimée: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852...
    Ligne supprimée: user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13"...
    Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
    Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
    -- Fichier Fermé --


    Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{502C038A-DCB8-4C20-9730-FD734ECDB2BA}
    Clé supprimée: HKLM\Software\Classes\CLSID\{7B840956-64ED-11DE-B890-694956D89593}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B840956-64ED-11DE-B890-694956D89593}
    Clé supprimée: HKLM\Software\Classes\CLSID\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
    Clé supprimée: HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
    Clé supprimée: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
    Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fnvfnfnv
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2769726
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2849852
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\conduitEngine
    Clé supprimée: HKCU\Software\fcn
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
    Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8391CC7-6D4E-4F8F-A27F-FB92252827C6}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|fnvfnfnv
    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}


    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.13 (en-US)] **

    -- C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
    browser.search.defaultenginename, Lphant Web Search
    browser.search.selectedEngine, Google
    browser.startup.homepage_override.mstone, rv:1.9.2.13
    keyword.URL, hxxp://search.lphant.com//web?src=ffb&q=

    ========================================

    ** Internet Explorer Version [7.0.6002.18005] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\windows\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Enable Browser Extensions: yes
    Local Page: C:\windows\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 110 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 06/01/2011 (7100 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 06/01/2011 (7112 Octet(s))

    Fin à: 21:27:14, 06/01/2011

    ============== E.O.F ==============
    6 Janvier 2011 21:40:56

    re

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>



    ++++++++++++++++++++++++++++
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS