Probleme de port usb bloques par un virus

Anonyme · Août 22, 2011, 6:09

a tous,

Voici quelques mois que mes ports usb ne fonctionnent plus. J ai un point d exclamation jaune ds le gestionnaire de periph a controleur hote pci vers usb standard etendu.

J ai desinstalle,reinstalle les pilotes mais windows ne parvient pas a les charger.

j ai amene mon ordi chez un technicien qui m a dit que c etait un virus probablement a cause du fait que j utilise avast.

J ai vraiment besoin d aide s il vous plait , quelqu un a t il eja eu le meme souci ??

voici un log d hijack ci dessous et merci par avance a tous ceux qui se penchent sur mon cas

Logfile of random’s system information tool 1.09 (written by random/random)
Run by Damien at 2011-08-22 11:48:13
Microsoft® Windows Vista Édition Intégrale Service Pack 2
System drive C: has 4 GB (10%) free of 40 GB
Total RAM: 1790 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:23, on 2011/8/22
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Program Files\Logitech\Video\LogiTray.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Damien\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Damien\Incomplete\Desktop\Desktop\RSIT.exe
C:\Program Files\trend micro\Damien.exe
C:\Windows\system32\SearchFilterHost.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ???@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AlterGeo Magic Scanner - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll
O2 - BHO: (no name) - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM…\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM…\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM…\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM…\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM…\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM…\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM…\Run: [iTunesHelper] “D:\itunes\iTunesHelper.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM…\Run: [avast] “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Users\Damien\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Google Update] “C:\Users\Damien\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [drm.exe] “C:\Users\Damien\Incomplete\Desktop\Desktop\andrea bocelli\drm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background (User ‘Default user’)
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Setup_VRM.lnk = Damien\AppData\Local\Temp\Rar$EX00.386\Setup_Red(7.3.1001SWTB).EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE…
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: .pps.tv…
O15 - Trusted Zone: .ppstream.com…
O15 - Trusted Zone: .webscache.com…
O15 - ESC Trusted Zone: .update.microsoft.com…
O15 - ESC Trusted Zone: .pps.tv…
O15 - ESC Trusted Zone: .ppstream.com…
O15 - ESC Trusted Zone: *.webscache.com…
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - download.divx.com…
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com…
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - dl.pplive.com…
O17 - HKLM\System\CCS\Services\Tcpip…{FF98DFF8-6196-472E-9493-F3F727523FFC}: NameServer = 202.106.195.68 202.106.46.151
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - (no file)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Bonjour ?? (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: iPod ?? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Windows Firewall (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

–
End of file - 24346 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2980672603-2043158391-821409955-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2980672603-2043158391-821409955-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\v4peajhc.default

prefs.js - “browser.search.useDBForOrder” - true
prefs.js - “extensions.enabledItems” - “{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, firefox@tvunetworks.com:2, 4, 9, 1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, autoproxy@autoproxy.org:0.4b2.2011041023, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, engine@conduit.com:3.2.5.2, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17”

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@adobe.com/FlashPlayer]
“Description”=Adobe® Flash® Player 10.1 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@Apple.com/iTunes,version=]
“Description”=iTunes ???
“Path”=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@Apple.com/iTunes,version=1.0]
“Description”=
“Path”=D:\itunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@java.com/JavaPlugin]
“Description”=Oracle?Next Generation Java?Plug-In
“Path”=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@ma-config.com/HardwareDetection]
“Description”=Détection matériel Ma-Config.com
“Path”=C:\Program Files\ma-config.com\nphardwaredetection.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0]
“Description”=Ag Player Plugin
“Path”=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@microsoft.com/OfficeLive,version=1.3]
“Description”=Office Live Update v1.3
“Path”=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@microsoft.com/WLPG,version=14.0.8117.0416]
“Description”=WLPG Install MIME type
“Path”=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@veetle.com/vbp;version=0.9.16]
“Description”=Veetle Broadcaster Plugin
“Path”=C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@veetle.com/veetleCorePlugin,version=0.9.18]
“Description”=Veetle TV Core
“Path”=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins@veetle.com/veetlePlayerPlugin,version=0.9.18]
“Description”=Veetle TV Player
“Path”=C:\Program Files\Veetle\Player\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins
amazon-france.xml
bing.xml
cnrtl-tlfi-fr.xml
eBay-france.xml
google.xml
wikipedia-fr.xml
yahoo-france.xml

C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\v4peajhc.default\extensions
autoproxy@autoproxy.org
engine@conduit.com
firefox@tvunetworks.com

C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\v4peajhc.default\searchplugins
mailru—.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-05-27 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
AlterGeoBHO Class - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll [2010-08-31 257384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{C93F72A2-2162-4BBA-A07A-F13663C297A6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
“RtHDVCpl”=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-12-23 9972328]
“SMSERIAL”=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2011-04-23 1458176]
“Apoint”=C:\Program Files\Apoint2K\Apoint.exe [2006-09-12 155648]
“ATKMEDIA”=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
“PowerForPhone”=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]
“ASUS Camera ScreenSaver”=C:\Windows\ASScrProlog.exe [2008-03-02 37232]
“ASUS Screen Saver Protector”=C:\Windows\ASScrPro.exe [2008-03-02 33136]
“ZSSnp211”=C:\Windows\ZSSnp211.exe [2007-04-06 57344]
“Domino”=C:\Windows\Domino.exe [2006-08-18 49152]
“AppleSyncNotifier”=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]
“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
“LogitechVideoRepair”=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
“LogitechVideoTray”=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
“StartCCC”=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
“iTunesHelper”=D:\itunes\iTunesHelper.exe [2011-06-07 421160]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-05-27 40368]
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
“avast”=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ehTray.exe”=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
“MsnMsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2010-04-16 3872080]
“BitTorrent DNA”=C:\Users\Damien\Program Files\DNA\btdna.exe [2009-11-14 323392]
“Google Update”=C:\Users\Damien\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
“LogitechSoftwareUpdate”=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
“drm.exe”=C:\Users\Damien\Incomplete\Desktop\Desktop\andrea bocelli\drm.exe [2011-03-11 736064]
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“FlashPlayerUpdate”=C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe [2011-07-22 240288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Setup_VRM.lnk - C:\Users\Damien\AppData\Local\Temp\Rar$EX00.386\Setup_Red(7.3.1001SWTB).EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 233888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveAutoRun”=3
“NoDriveTypeAutoRun”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“BindDirectlyToPropertySetStorage”=0
“NoDriveAutoRun”=3
“NoDriveTypeAutoRun”=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\FlashGet Network\FlashGet Mini\FlashGetMini.exe”=“C:\Program Files\FlashGet Network\FlashGet Mini\FlashGetMini.exe::Enabled:FlashGetMini"
“C:\Program Files\BitTorrent\bittorrent.exe”="C:\Program Files\BitTorrent\bittorrent.exe::Enabled:BitTorrent”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“MSVideo8”=VfWWDM32.dll
“msacm.siren”=sirenacm.dll
“vidc.ffds”=ff_vfw.dll
“vidc.VP60”=vp6vfw.dll
“vidc.VP61”=vp6vfw.dll
“vidc.VP62”=vp6vfw.dll
“wave1”=serwvdrv.dll
“wave4”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“aux3”=wdmaud.drv
“wave3”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux2”=wdmaud.drv
“wave2”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*

======List of files/folders created in the last 1 month======

2011-08-16 01:56:23 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-16 01:56:22 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-16 01:56:15 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-08-16 01:56:14 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-16 01:55:58 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-08-16 01:55:56 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-08-16 01:54:50 ----A---- C:\Windows\avastSS.scr
2011-08-16 01:54:48 ----A---- C:\Windows\system32\aswBoot.exe
2011-08-16 01:53:57 ----D---- C:\ProgramData\AVAST Software
2011-08-16 01:53:57 ----D---- C:\Program Files\AVAST Software
2011-08-13 15:26:11 ----D---- C:\Users\Damien\AppData\Roaming\Malwarebytes
2011-08-13 15:25:58 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-08-13 15:25:55 ----D---- C:\ProgramData\Malwarebytes
2011-08-13 15:25:52 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-13 15:25:51 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2011-08-13 09:03:06 ----RASHD---- C:\Autorun.inf
2011-08-13 09:03:06 ----D---- C:\UsbFix_Upload_Me
2011-08-13 08:52:20 ----A---- C:\UsbFix.txt
2011-08-13 08:52:18 ----D---- C:\UsbFix
2011-08-13 08:35:00 ----N---- C:\FyK.txt
2011-08-13 08:15:50 ----D---- C:\FyK
2011-08-13 05:10:03 ----D---- C:\Program Files\trend micro
2011-08-13 05:10:02 ----D---- C:\rsit
2011-08-10 20:19:14 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 20:19:13 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 20:19:12 ----A---- C:\Windows\system32\jscript.dll
2011-08-10 20:19:12 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 20:19:11 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 20:19:11 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 20:19:11 ----A---- C:\Windows\system32\jscript9.dll
2011-08-10 20:19:10 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 20:19:09 ----A---- C:\Windows\system32\url.dll
2011-08-10 20:19:09 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 20:19:07 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 10:34:31 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 10:34:29 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 10:34:25 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 10:34:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-10 10:34:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 10:34:16 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 month======

2011-08-22 11:50:03 ----D---- C:\Users\Damien\AppData\Roaming\DNA
2011-08-22 11:48:23 ----D---- C:\Windows\Temp
2011-08-22 03:54:52 ----D---- C:\Windows\Prefetch
2011-08-22 03:01:52 ----D---- C:\Users\Damien\AppData\Roaming\Skype
2011-08-22 02:22:42 ----D---- C:\Users\Damien\AppData\Roaming\Media Player Classic
2011-08-22 02:22:42 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-08-22 02:22:20 ----D---- C:\Windows\Minidump
2011-08-22 02:22:20 ----D---- C:\Windows\Debug
2011-08-22 02:22:20 ----D---- C:\Windows
2011-08-21 00:03:15 ----SHD---- C:\System Volume Information
2011-08-19 23:22:21 ----D---- C:\Program Files\Mozilla Firefox
2011-08-18 18:15:23 ----A---- C:\Windows\system32\acovcnt.exe
2011-08-18 18:04:44 ----HD---- C:\ProgramData
2011-08-18 18:04:43 ----HD---- C:\Windows\system32\GroupPolicy
2011-08-18 18:03:26 ----D---- C:\Program Files\DNA
2011-08-16 01:56:23 ----D---- C:\Windows\system32\drivers
2011-08-16 01:55:30 ----SHD---- C:\Windows\Installer
2011-08-16 01:54:48 ----D---- C:\Windows\System32
2011-08-16 01:53:57 ----D---- C:\Program Files
2011-08-16 01:36:01 ----D---- C:\Windows\Branding
2011-08-15 18:17:50 ----D---- C:\Program Files\Games
2011-08-15 18:17:05 ----RD---- C:\Program Files\Skype
2011-08-15 18:16:07 ----D---- C:\Program Files\Mail.Ru
2011-08-15 18:15:36 ----D---- C:\Windows\system32\Tasks
2011-08-15 18:15:18 ----D---- C:\Users\Damien\AppData\Roaming\Mail.Ru
2011-08-13 09:01:56 ----SHD---- C:$Recycle.Bin
2011-08-13 05:26:59 ----D---- C:\Windows\system32\catroot2
2011-08-11 01:22:34 ----D---- C:\Windows\Microsoft.NET
2011-08-11 01:22:33 ----RSD---- C:\Windows\assembly
2011-08-10 22:38:53 ----D---- C:\Windows\winsxs
2011-08-10 20:52:47 ----D---- C:\Windows\system32\catroot
2011-08-10 20:46:51 ----D---- C:\Windows\system32\migration
2011-08-10 20:46:51 ----D---- C:\Program Files\Internet Explorer
2011-08-10 20:46:50 ----D---- C:\Program Files\Windows Mail
2011-08-10 20:17:01 ----A---- C:\Windows\system32\mrt.exe
2011-08-10 20:13:12 ----D---- C:\Windows\inf
2011-08-10 20:13:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-10 20:09:35 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2007-08-10 29752]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2011-04-23 14352]
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2009-04-11 143848]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-09-04 717296]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-05-10 49240]
R2 ASMMAP;ASMMAP; ??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMonFlt;aswMonFlt; ??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 ghaio;ghaio; ??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2011-04-23 43008]
R2 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2011-04-23 46592]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athw.sys [2011-04-23 1606368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 4450816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-12-30 3351208]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-12-30 309352]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2011-04-23 1095936]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 akhci1la;akhci1la; C:\Windows\system32\drivers\akhci1la.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-04-20 704000]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 driverhardwarev2;driverhardwarev2; ??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2010-08-30 14336]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;?? High Definition Audio ??? Microsoft 1.1 UAA ???; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MBAMSwissArmy;MBAMSwissArmy; ??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-06-17 32768]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2006-10-26 27136]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;USB ???(WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 vvftav;vvftav; C:\Windows\system32\drivers\vvftav.sys [2007-08-31 474368]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 ZSMC30x;USB PC Camera Service ZSMC30x; C:\Windows\System32\Drivers\ZS211.sys [2007-08-03 1470592]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 733184]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 Bonjour Service;Bonjour ??; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 iPAHelper.exe;iPAHelper.exe; C:\Program Files\iPod Access for Windows\iPAHelper.exe [2008-08-30 1562381]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R3 iPod Service;iPod ??; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 820520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-04-19 69120]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2011-04-12 311744]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

leminou34 · Août 24, 2011, 12:00

A toi

Je ne suis pas spécialiste du déminage, attendre que quelqu’un te prennes en charge, tu es infecté et le P2P n’arrange pas les choses…

2011N2 · Août 24, 2011, 1:05

Hello,

Bienvenue sur Clubic. On va essayer de résoudre ton problème ensemble. Voici quelques régles ==>

-Ici, les helpers sont volontaires, et nous avons également une vie de famille, du travail, comme tout le monde. En conséquences, sois patient en attendant tes réponses de la part du helper.

-Suis la procédure jusqu’au bout, sinon ça ne servira à rien.

-Ne panique pas, n’hésite pas à poser des questions si tu as des doutes, car c’est beaucoup mieux que de planter ton PC si tu ne sais pas quoi faire.

-Avant d’effectuer des manipulations, lis la procédure jusqu’au bout, afin de ne pas faire d’erreur.

-N’écoute pas les conseils des autres, sauf accord de ma part, ou si ils sont contributeur sécurité (voir leur profil.

-Lors de la désinfection, désactive ton antivirus, afin que la désinfection puisse s’effectuer normalement.

-Si tu es sous Vista/7, éxécute un programme toujours en faisant un clic droit puis ==> Éxécuter en tant qu’administrateur

-Si tu crack (Emule, BiTorrent, etc…) arrête tout de suite, c’est une source d’infection, et la désinfection sera donc inutile.

-N’ouvre pas d’autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre).

Si tu es prêt, c’est partit ==>

On va faire un diagnostic de ton PC pour plus de renseignements ==>

? Télécharge ZHPDiag sur ton bureau :

telechargement.zebulon.fr…

ou :
www.premiumorange.com…

ou :
www.commentcamarche.net…

? Laisse toi guider lors de l’installation, coche “Ajouter une icône sur le bureau” et décoche la case “Exécuter ZHPDiag”.

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag i, [/i]« Exécuter en tant qu’Administrateur »

? Clique sur l’icône représentant une loupe (« Lancer le diagnostic »). http://i64.servimg.com/u/f64/16/34/40/69/th/zhpdia11.png
? Enregistre le rapport sur ton Bureau à l’aide de l’icône représentant une disquette. http://i64.servimg.com/u/f64/16/34/40/69/th/zhpdia15.png
? Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum désinfection :
www.cjoint.com…

=>Si indisponible :

www.cijoint.fr…

ou :
www.toofiles.com…

ou :

pjjoint.malekal.com…

ou :

www.casimages.com…

? Tutoriel zhpdiag, si tu n’as pas tout compris :

www.premiumorange.com…

Si tu as des questions, n’hésite pas à me les poser !

Merci,

Gabriel.

damiencito · Août 24, 2011, 6:31

Salut, j essaie et reviens vers toi.

salut, le voici

cjoint.com…

2011N2 · Août 25, 2011, 12:21

Salut,

Merci

Télécharge ToolbarShooter (de 2011N2) sur ton bureau (Si le programme est bloqué, ignore l’alerte et éxécute le programme).
Double-clique sur l’icône présente sur ton bureau.
Appuye sur 1 i[/i] puis ==> Entrée.
Patiente lors du scan.
À la fin, un rapport s’ouvre, copie/colle son contenu dans la prochaine réponse sur ton forum.
Le rapport est aussi sauvergardé sous [b]C:[/b]

Merci,

Gabriel.

damiencito · Août 28, 2011, 1:49

Salut Gabriel,

J essaie de lancer le programme, mais quand j execute il me dit que ce n est pas une application win32 valide et refuse. Par ailleurs le .exe fait 0 octets

2011N2 · Août 28, 2011, 6:14

Essaye de retélécharger pour voir, il y a peut-être eu un problème…

@+

Gabriel

damiencito · Août 28, 2011, 8:42

Nan, ca veut vraiment pas…essaye 5 fois deja, bizarre

Damien

en fait c est bon maintenant mais une fois que j execute il ne se passe rien du tout.
Edité le 28/08/2011 à 21:24

2011N2 · Août 28, 2011, 10:43

Bon laisse tomber alors^^

Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

www.teamxscript.org…

OU

security-domain.be…

[u]/!\ Ferme toutes applications en cours avant de continuer /![/u]

Double-clique sur l’icône Ad-remover située sur ton Bureau.
Sur la page, clique sur le bouton « Scanner ».
Confirme lancement du scan.
Laisse travailler l’outil.
Accepte de redémarrer le PC à la fin, si il est demandé. Cela est nécessaire pour finaliser le nettoyage.
Poste le rapport dans le forum Désinfection qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-Report-SCAN[1].txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

@+

Gabriel.

damiencito · Août 29, 2011, 9:32

ok, c est bon, fallait juste etre un peu patient voicile rapport.

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: www.teamxscript.org…

C:\Program Files\Ad-Remover\main.exe (SCAN [3]) -> Launched at 15:27:53 on 29/08/2011, Normal boot

Microsoft? Windows Vista? édition Intégrale Service Pack 2 (X86)
Damien@DAMIEN-PC (ASUSTeK Computer Inc. F3U)

============== SEARCH ==============

Folder found: C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default\conduit
Folder found: C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default\ConduitEngine
Folder found: C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default\extensions\engine@conduit.com
Folder found: C:\Users\Damien\AppData\LocalLow\Conduit
Folder found: C:\ProgramData\PopCap Games
Folder found: C:\Program Files\PopCap Games
Folder found: C:\Users\Damien\AppData\LocalLow\PriceGong
Folder found: C:\ProgramData\Trymedia

– File opened: C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default\Prefs.js –
Line found: user_pref(“CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US”, "“0”…
Line found: user_pref(“CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US”, "“0"”)…
Line found: user_pref(“CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg”, "…
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3…
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20…
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20…
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2…
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2…
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2…
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20…
Line found: user_pref(“CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20…
Line found: user_pref(“CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20…
Line found: user_pref(“CommunityToolbar.EngineOwner”, “ConduitEngine”);
Line found: user_pref(“CommunityToolbar.EngineOwnerGuid”, "engine@conduit.com”);
Line found: user_pref(“CommunityToolbar.EngineOwnerToolbarId”, “conduitengine”);
Line found: user_pref(“CommunityToolbar.IsEngineShown”, true);
Line found: user_pref(“CommunityToolbar.IsMyStuffImportedToEngine”, true);
Line found: user_pref(“CommunityToolbar.OriginalEngineOwner”, “ConduitEngine”);
Line found: user_pref(“CommunityToolbar.OriginalEngineOwnerGuid”, "engine@conduit.com”);
Line found: user_pref(“CommunityToolbar.OriginalEngineOwnerToolbarId”, “conduitengine”);
Line found: user_pref(“CommunityToolbar.ToolbarsList”, “ConduitEngine”);
Line found: user_pref(“CommunityToolbar.alert.alertDialogsGetterLastCheckTime”, "Sun Jun 05 2011 23:20:08 GMT+08…
Line found: user_pref(“CommunityToolbar.alert.alertInfoInterval”, 1440);
Line found: user_pref(“CommunityToolbar.alert.alertInfoLastCheckTime”, "Sat Jul 02 2011 06:36:16 GMT+0800 (Chine…
Line found: user_pref(“CommunityToolbar.alert.clientsServerUrl”, “hxxp://alert.client.conduit.com”);
Line found: user_pref(“CommunityToolbar.alert.locale”, “en”);
Line found: user_pref(“CommunityToolbar.alert.loginIntervalMin”, 1440);
Line found: user_pref(“CommunityToolbar.alert.loginLastCheckTime”, “Sat Jul 02 2011 06:36:07 GMT+0800 (Chine)”);
Line found: user_pref(“CommunityToolbar.alert.loginLastUpdateTime”, “1305622559”);
Line found: user_pref(“CommunityToolbar.alert.messageShowTimeSec”, 20);
Line found: user_pref(“CommunityToolbar.alert.servicesServerUrl”, “hxxp://alert.services.conduit.com”);
Line found: user_pref(“CommunityToolbar.alert.showTrayIcon”, false);
Line found: user_pref(“CommunityToolbar.alert.userCloseIntervalMin”, 300);
Line found: user_pref(“CommunityToolbar.alert.userId”, “d7093511-4c6e-48e4-81de-be05982db915”);
Line found: user_pref(“CommunityToolbar.isAlertUrlAddedToFeedItemTable”, true);
Line found: user_pref(“CommunityToolbar.isClickActionAddedToFeedItemTable”, true);
Line found: user_pref(“ConduitEngine.AppTrackingLastCheckTime”, “Sun Jun 26 2011 06:43:37 GMT+0800 (Chine)”);
Line found: user_pref(“ConduitEngine.CTID”, “ConduitEngine”);
Line found: user_pref(“ConduitEngine.DialogsGetterLastCheckTime”, “Wed Jun 29 2011 23:40:36 GMT+0800 (Chine)”);
Line found: user_pref(“ConduitEngine.FirstServerDate”, “12/21/2010 21”);
Line found: user_pref(“ConduitEngine.FirstTime”, true);
Line found: user_pref(“ConduitEngine.FirstTimeFF3”, true);
Line found: user_pref(“ConduitEngine.HasUserGlobalKeys”, true);
Line found: user_pref(“ConduitEngine.Initialize”, true);
Line found: user_pref(“ConduitEngine.InitializeCommonPrefs”, true);
Line found: user_pref(“ConduitEngine.InstalledDate”, “Sun Dec 19 2010 01:15:13 GMT+0800 (Chine)”);
Line found: user_pref(“ConduitEngine.IsMulticommunity”, false);
Line found: user_pref(“ConduitEngine.IsOpenThankYouPage”, false);
Line found: user_pref(“ConduitEngine.IsOpenUninstallPage”, true);
Line found: user_pref(“ConduitEngine.LanguagePackLastCheckTime”, “Sat Jul 02 2011 06:36:09 GMT+0800 (Chine)”);
Line found: user_pref(“ConduitEngine.LastLogin_3.2.5.2”, “Sat May 14 2011 13:51:13 GMT+0800 (Chine)”);
Line found: user_pref(“ConduitEngine.LastLogin_3.3.3.2”, “Sat Jul 02 2011 06:36:09 GMT+0800 (Chine)”);
Line found: user_pref(“ConduitEngine.SearchFromAddressBarIsInit”, true);
Line found: user_pref(“ConduitEngine.SettingsLastCheckTime”, “Sat Jul 02 2011 06:36:09 GMT+0800 (Chine)”);
Line found: user_pref(“ConduitEngine.UserID”, “UN90140245825493079”);
Line found: user_pref(“ConduitEngine.componentAlertEnabled”, true);
Line found: user_pref(“ConduitEngine.engineLocale”, “fr”);
Line found: user_pref(“ConduitEngine.enngineContextMenuLastCheckTime”, "Sat Jul 02 2011 06:36:09 GMT+0800 (Chine…
Line found: user_pref(“ConduitEngine.globalFirstTimeInfoLastCheckTime”, "Sat Jul 02 2011 06:36:09 GMT+0800 (Chin…
Line found: user_pref(“ConduitEngine.initDone”, true);
Line found: user_pref(“ConduitEngine.isAppTrackingManagerOn”, true);
Line found: user_pref(“ConduitEngine.usagesFlag”, 2);
– File closed –

Key found: HKLM\Software\Classes\Conduit.Engine
Key found: HKLM\Software\Classes\Toolbar.CT2790392
Key found: HKLM\Software\Conduit
Key found: HKLM\Software\Trymedia Systems
Key found: HKCU\Software\CMW
Key found: HKCU\Software\PopCap
Key found: HKCU\Software\AppDataLow\Software\Hotbar
Key found: HKCU\Software\AppDataLow\Software\PriceGong
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{1A6EECD3-1EAD-4FAC-A2A9-5398AAD75B56}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [6.0 (fr)] ****

Searchplugins\bing.xml ( www.bing.com…)
Components\browsercomps.dll (Mozilla Foundation)
HKCU_Extensions|{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a} - C:\Users\Damien\Program Files\DNA

– C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default –
Extensions\autoproxy@autoproxy.org (AutoProxy)
Extensions\engine@conduit.com (Conduit Engine )
Extensions\firefox@tvunetworks.com (TVU Web Player)
Searchplugins\mailru—.xml (?)
Prefs.js - browser.download.lastDir, C:\Users\Damien\Downloads
Prefs.js - browser.startup.homepage_override.buildID, 20110811165603
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0

========================================

**** Google Chrome Version [13.0.782.215] ****

Extension\icmlaeflemplmjndnaapfdbbnpncnbda (C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx) (?)

– C:\Users\Damien\AppData\Local\Google\Chrome\User Data\Default –
Preferences - default_search_provider: “Google” (Enabled: ) (?)

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - www.microsoft.com…
HKCU_Main|Default_Search_URL - www.microsoft.com…
HKCU_Main|Search bar - go.microsoft.com…
HKCU_Main|Search Page - go.microsoft.com…
HKCU_Main|Start Page - fr.msn.com…
HKLM_Main|Default_Page_URL - www.microsoft.com…
HKLM_Main|Default_Search_URL - www.microsoft.com…
HKLM_Main|Search bar - search.msn.com…
HKLM_Main|Search Page - go.microsoft.com…
HKLM_Main|Start Page - fr.msn.com…
HKCU_SearchScopes{1A6EECD3-1EAD-4FAC-A2A9-5398AAD75B56} - “???” (hxxp://www.baidu.com/s?tn=jobcrazydg&ie=utf-8&word={searchTerms})
HKCU_SearchScopes{4327FABE-3C21-4689-8DBE-D226CF777FE9} - “IESearch” (hxxp://www.iesearch.com/s/?&q={searchTerms})
HKCU_SearchScopes{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} - “Private Search” (hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms})
HKCU_SearchScopes{E88E0043-C9D4-4e33-8555-FEE4F5B63060} - “mail.ru: ??? ? ???” (hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb)
HKLM_SearchScopes{4327FABE-3C21-4689-8DBE-D226CF777FE9} - “IESearch” (hxxp://www.iesearch.com/s/?&q={searchTerms})
HKCU_Toolbar\WebBrowser|{88C7F2AA-F93F-432C-8F0E-B7D85967A527} (x)
HKCU_Toolbar\WebBrowser|{91397D20-1446-11D4-8AF4-0040CA1127B6} (x)
HKCU_Toolbar\WebBrowser|{09900DE8-1DCA-443F-9243-26FF581438AF} (x)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
HKCU_ElevationPolicy{1A84286C-B9A7-4CB6-AB1A-A81E9E0B05E5} - C:\Program Files\Veetle\VLCBroadcast\lbclient.exe (?)
HKCU_ElevationPolicy{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy{9892B4FC-9A00-4AE3-B4B3-69768C95E585} - C:\Program Files\eMule\emule.exe (x)
HKCU_ElevationPolicy{AD6C7CB1-6324-401E-94F4-A09BDC10C866} - C:\Program Files\Veetle\VLCBroadcast\vlc_encoder.exe (?)
HKCU_ElevationPolicy{B301D1F2-85AD-47C3-BF4B-A7588618EB8B} - C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (x)
HKCU_ElevationPolicy{DD88F8C6-5829-4C54-BD8B-F5CD3BF39778} - C:\Program Files\WinRAR\WinRAR.exe (?)
HKCU_ElevationPolicy{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKCU_ElevationPolicy{F6406B2D-39A7-4566-A174-E19DDD818A95} - C:\Users\Damien\AppData\Local\Yahoo!\BrowserPlus\2.4.21\BrowserPlusCore.exe (x)
HKLM_ElevationPolicy{0C5365B7-358F-402d-A440-F1270AEF1175} - C:\ProgramData\EmailNotifier\EmailNotifier.exe (x)
HKLM_ElevationPolicy{0D6D1305-024C-4380-8348-000F7DF1893B} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (x)
HKLM_ElevationPolicy{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy{9EC8A041-8BD6-4f3e-9FA5-F25893A6E04F} - C:\ProgramData\Megaupload\Megauper.exe (x)
HKLM_ElevationPolicy{CA7DFF65-E473-4fff-ADF0-FC1E50CDFC82} - C:\Program Files\PPLive\PPVA\PPLiveVA.exe (x)
HKLM_ElevationPolicy{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy{F3D3F29A-D6C8-4716-B280-395D3D2A7B6C} - C:\Program Files\Yandex\YandexBarIE\yndhelper.exe (x)
BHO{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - “Adobe PDF Reader Link Helper” (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll)
BHO{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO{8984B388-A5BB-4DF7-B274-77B879E179DB} (?)
BHO{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - “avast! WebRep” (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
BHO{9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - “AlterGeoBHO Class” (C:\Program Files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll)
BHO{C93F72A2-2162-4BBA-A07A-F13663C297A6} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 3 File(s)

C:\Ad-Report-SCAN[1].txt - 29/08/2011 15:20:08 (7294 Byte(s))
C:\Ad-Report-SCAN[2].txt - 29/08/2011 15:26:21 (7294 Byte(s))
C:\Ad-Report-SCAN[3].txt - 29/08/2011 15:28:03 (13107 Byte(s))

End at: 15:42:30, 29/08/2011

============== E.O.F ==============
Edité le 29/08/2011 à 09:50

2011N2 · Août 29, 2011, 12:52

[u]/!\ Ferme toutes applications en cours avant de continuer /![/u]

Double-clique sur l’icône Ad-remover située sur ton Bureau.
Sur la page, clique sur le bouton « Nettoyer ». http://i64.servimg.com/u/f64/16/34/40/69/ad-r_n10.png
Confirme lancement du nettoyage.
Laisse travailler l’outil.
Accepte de redémarrer le PC à la fin, si il est demandé. Cela est nécessaire pour finaliser le nettoyage.
Poste le rapport dans le forum Désinfection qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-Report-CLEAN[1].txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

@+

Gabriel.

damiencito · Août 29, 2011, 11:11

et voila !!! t en penses quoi?

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: www.teamxscript.org…

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 04:43:06 on 30/08/2011, Normal boot

Microsoft? Windows Vista? édition Intégrale Service Pack 2 (X86)
Damien@DAMIEN-PC (ASUSTeK Computer Inc. F3U)

============== ACTION(S) ==============

Folder deleted: C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default\conduit
Folder deleted: C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default\ConduitEngine
Folder deleted: C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default\extensions\engine@conduit.com
Folder deleted: C:\Users\Damien\AppData\LocalLow\Conduit
Folder deleted: C:\ProgramData\PopCap Games
Folder deleted: C:\Program Files\PopCap Games
Folder deleted: C:\Users\Damien\AppData\LocalLow\PriceGong
Folder deleted: C:\ProgramData\Trymedia

(!) – Temporary files deleted.

– File opened: C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default\Prefs.js –
Line deleted: user_pref(“CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US”, "“0”…
Line deleted: user_pref(“CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US”, "“0"”)…
Line deleted: user_pref(“CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg”, "…
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3…
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20…
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20…
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2…
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2…
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2…
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20…
Line deleted: user_pref(“CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20…
Line deleted: user_pref(“CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20…
Line deleted: user_pref(“CommunityToolbar.EngineOwner”, “ConduitEngine”);
Line deleted: user_pref(“CommunityToolbar.EngineOwnerGuid”, "engine@conduit.com”);
Line deleted: user_pref(“CommunityToolbar.EngineOwnerToolbarId”, “conduitengine”);
Line deleted: user_pref(“CommunityToolbar.IsEngineShown”, true);
Line deleted: user_pref(“CommunityToolbar.IsMyStuffImportedToEngine”, true);
Line deleted: user_pref(“CommunityToolbar.OriginalEngineOwner”, “ConduitEngine”);
Line deleted: user_pref(“CommunityToolbar.OriginalEngineOwnerGuid”, "engine@conduit.com”);
Line deleted: user_pref(“CommunityToolbar.OriginalEngineOwnerToolbarId”, “conduitengine”);
Line deleted: user_pref(“CommunityToolbar.ToolbarsList”, “ConduitEngine”);
Line deleted: user_pref(“CommunityToolbar.alert.alertDialogsGetterLastCheckTime”, "Sun Jun 05 2011 23:20:08 GMT+08…
Line deleted: user_pref(“CommunityToolbar.alert.alertInfoInterval”, 1440);
Line deleted: user_pref(“CommunityToolbar.alert.alertInfoLastCheckTime”, "Sat Jul 02 2011 06:36:16 GMT+0800 (Chine…
Line deleted: user_pref(“CommunityToolbar.alert.clientsServerUrl”, “hxxp://alert.client.conduit.com”);
Line deleted: user_pref(“CommunityToolbar.alert.locale”, “en”);
Line deleted: user_pref(“CommunityToolbar.alert.loginIntervalMin”, 1440);
Line deleted: user_pref(“CommunityToolbar.alert.loginLastCheckTime”, “Sat Jul 02 2011 06:36:07 GMT+0800 (Chine)”);
Line deleted: user_pref(“CommunityToolbar.alert.loginLastUpdateTime”, “1305622559”);
Line deleted: user_pref(“CommunityToolbar.alert.messageShowTimeSec”, 20);
Line deleted: user_pref(“CommunityToolbar.alert.servicesServerUrl”, “hxxp://alert.services.conduit.com”);
Line deleted: user_pref(“CommunityToolbar.alert.showTrayIcon”, false);
Line deleted: user_pref(“CommunityToolbar.alert.userCloseIntervalMin”, 300);
Line deleted: user_pref(“CommunityToolbar.alert.userId”, “d7093511-4c6e-48e4-81de-be05982db915”);
Line deleted: user_pref(“CommunityToolbar.isAlertUrlAddedToFeedItemTable”, true);
Line deleted: user_pref(“CommunityToolbar.isClickActionAddedToFeedItemTable”, true);
Line deleted: user_pref(“ConduitEngine.AppTrackingLastCheckTime”, “Sun Jun 26 2011 06:43:37 GMT+0800 (Chine)”);
Line deleted: user_pref(“ConduitEngine.CTID”, “ConduitEngine”);
Line deleted: user_pref(“ConduitEngine.DialogsGetterLastCheckTime”, “Wed Jun 29 2011 23:40:36 GMT+0800 (Chine)”);
Line deleted: user_pref(“ConduitEngine.FirstServerDate”, “12/21/2010 21”);
Line deleted: user_pref(“ConduitEngine.FirstTime”, true);
Line deleted: user_pref(“ConduitEngine.FirstTimeFF3”, true);
Line deleted: user_pref(“ConduitEngine.HasUserGlobalKeys”, true);
Line deleted: user_pref(“ConduitEngine.Initialize”, true);
Line deleted: user_pref(“ConduitEngine.InitializeCommonPrefs”, true);
Line deleted: user_pref(“ConduitEngine.InstalledDate”, “Sun Dec 19 2010 01:15:13 GMT+0800 (Chine)”);
Line deleted: user_pref(“ConduitEngine.IsMulticommunity”, false);
Line deleted: user_pref(“ConduitEngine.IsOpenThankYouPage”, false);
Line deleted: user_pref(“ConduitEngine.IsOpenUninstallPage”, true);
Line deleted: user_pref(“ConduitEngine.LanguagePackLastCheckTime”, “Sat Jul 02 2011 06:36:09 GMT+0800 (Chine)”);
Line deleted: user_pref(“ConduitEngine.LastLogin_3.2.5.2”, “Sat May 14 2011 13:51:13 GMT+0800 (Chine)”);
Line deleted: user_pref(“ConduitEngine.LastLogin_3.3.3.2”, “Sat Jul 02 2011 06:36:09 GMT+0800 (Chine)”);
Line deleted: user_pref(“ConduitEngine.SearchFromAddressBarIsInit”, true);
Line deleted: user_pref(“ConduitEngine.SettingsLastCheckTime”, “Sat Jul 02 2011 06:36:09 GMT+0800 (Chine)”);
Line deleted: user_pref(“ConduitEngine.UserID”, “UN90140245825493079”);
Line deleted: user_pref(“ConduitEngine.componentAlertEnabled”, true);
Line deleted: user_pref(“ConduitEngine.engineLocale”, “fr”);
Line deleted: user_pref(“ConduitEngine.enngineContextMenuLastCheckTime”, "Sat Jul 02 2011 06:36:09 GMT+0800 (Chine…
Line deleted: user_pref(“ConduitEngine.globalFirstTimeInfoLastCheckTime”, "Sat Jul 02 2011 06:36:09 GMT+0800 (Chin…
Line deleted: user_pref(“ConduitEngine.initDone”, true);
Line deleted: user_pref(“ConduitEngine.isAppTrackingManagerOn”, true);
Line deleted: user_pref(“ConduitEngine.usagesFlag”, 2);
– File closed –

Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT2790392
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\Trymedia Systems
Key deleted: HKCU\Software\CMW
Key deleted: HKCU\Software\PopCap
Key deleted: HKCU\Software\AppDataLow\Software\Hotbar
Key deleted: HKCU\Software\AppDataLow\Software\PriceGong
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{1A6EECD3-1EAD-4FAC-A2A9-5398AAD75B56}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [6.0 (fr)] ****

Searchplugins\bing.xml ( www.bing.com…)
Components\browsercomps.dll (Mozilla Foundation)
HKCU_Extensions|{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a} - C:\Users\Damien\Program Files\DNA

– C:\Users\Damien\AppData\Roaming\Mozilla\FireFox\Profiles\v4peajhc.default –
Extensions\autoproxy@autoproxy.org (AutoProxy)
Extensions\firefox@tvunetworks.com (TVU Web Player)
Searchplugins\mailru—.xml (?)
Prefs.js - browser.download.lastDir, C:\Users\Damien\Downloads
Prefs.js - browser.startup.homepage_override.buildID, 20110811165603
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0

========================================

**** Google Chrome Version [13.0.782.215] ****

Extension\icmlaeflemplmjndnaapfdbbnpncnbda (C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx) (?)

– C:\Users\Damien\AppData\Local\Google\Chrome\User Data\Default –
Preferences - default_search_provider: “Google” (Enabled: ) (?)

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - www.microsoft.com…
HKCU_Main|Default_Search_URL - www.microsoft.com…
HKCU_Main|Search bar - go.microsoft.com…
HKCU_Main|Start Page - fr.msn.com…
HKLM_Main|Default_Page_URL - go.microsoft.com…
HKLM_Main|Default_Search_URL - www.microsoft.com…
HKLM_Main|Search bar - search.msn.com…
HKLM_Main|Search Page - www.microsoft.com…
HKLM_Main|Start Page - fr.msn.com…
HKCU_SearchScopes{4327FABE-3C21-4689-8DBE-D226CF777FE9} - “IESearch” (hxxp://www.iesearch.com/s/?&q={searchTerms})
HKCU_SearchScopes{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} - “Private Search” (hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms})
HKCU_SearchScopes{E88E0043-C9D4-4e33-8555-FEE4F5B63060} - “mail.ru: ??? ? ???” (hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb)
HKLM_SearchScopes{4327FABE-3C21-4689-8DBE-D226CF777FE9} - “IESearch” (hxxp://www.iesearch.com/s/?&q={searchTerms})
HKCU_Toolbar\WebBrowser|{88C7F2AA-F93F-432C-8F0E-B7D85967A527} (x)
HKCU_Toolbar\WebBrowser|{91397D20-1446-11D4-8AF4-0040CA1127B6} (x)
HKCU_Toolbar\WebBrowser|{09900DE8-1DCA-443F-9243-26FF581438AF} (x)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
HKCU_ElevationPolicy{1A84286C-B9A7-4CB6-AB1A-A81E9E0B05E5} - C:\Program Files\Veetle\VLCBroadcast\lbclient.exe (?)
HKCU_ElevationPolicy{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy{9892B4FC-9A00-4AE3-B4B3-69768C95E585} - C:\Program Files\eMule\emule.exe (x)
HKCU_ElevationPolicy{AD6C7CB1-6324-401E-94F4-A09BDC10C866} - C:\Program Files\Veetle\VLCBroadcast\vlc_encoder.exe (?)
HKCU_ElevationPolicy{B301D1F2-85AD-47C3-BF4B-A7588618EB8B} - C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (x)
HKCU_ElevationPolicy{DD88F8C6-5829-4C54-BD8B-F5CD3BF39778} - C:\Program Files\WinRAR\WinRAR.exe (?)
HKCU_ElevationPolicy{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKCU_ElevationPolicy{F6406B2D-39A7-4566-A174-E19DDD818A95} - C:\Users\Damien\AppData\Local\Yahoo!\BrowserPlus\2.4.21\BrowserPlusCore.exe (x)
HKLM_ElevationPolicy{0C5365B7-358F-402d-A440-F1270AEF1175} - C:\ProgramData\EmailNotifier\EmailNotifier.exe (x)
HKLM_ElevationPolicy{0D6D1305-024C-4380-8348-000F7DF1893B} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (x)
HKLM_ElevationPolicy{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy{9EC8A041-8BD6-4f3e-9FA5-F25893A6E04F} - C:\ProgramData\Megaupload\Megauper.exe (x)
HKLM_ElevationPolicy{CA7DFF65-E473-4fff-ADF0-FC1E50CDFC82} - C:\Program Files\PPLive\PPVA\PPLiveVA.exe (x)
HKLM_ElevationPolicy{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy{F3D3F29A-D6C8-4716-B280-395D3D2A7B6C} - C:\Program Files\Yandex\YandexBarIE\yndhelper.exe (x)
BHO{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - “Adobe PDF Reader Link Helper” (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll)
BHO{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO{8984B388-A5BB-4DF7-B274-77B879E179DB} (?)
BHO{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - “avast! WebRep” (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
BHO{9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - “AlterGeoBHO Class” (C:\Program Files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll)
BHO{C93F72A2-2162-4BBA-A07A-F13663C297A6} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 155 File(s)
C:\Program Files\Ad-Remover\Backup: 18 File(s)

C:\Ad-Report-CLEAN[1].txt - 30/08/2011 04:43:11 (12920 Byte(s))
C:\Ad-Report-SCAN[1].txt - 29/08/2011 15:20:08 (7294 Byte(s))
C:\Ad-Report-SCAN[2].txt - 29/08/2011 15:26:21 (7294 Byte(s))
C:\Ad-Report-SCAN[3].txt - 29/08/2011 15:28:03 (13246 Byte(s))

End at: 04:44:39, 30/08/2011

============== E.O.F ==============

2011N2 · Août 31, 2011, 10:41

Bien

Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau : www.teamxscript.org… Si ton antivirus affiche une alerte, ignore la et désactive l’antivirus temporairement.
Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc…) sans les ouvrir
Double clique sur le raccourci UsbFix sur ton Bureau, l’installation se fera automatiquement.
Clique sur “Recherche”. http://i64.servimg.com/u/f64/16/34/40/69/usbfix10.png
Laisse travailler l’outil.
À la fin du scan, un rapport va s’afficher : post-le dans ta prochaine réponse sur le forum (il est aussi sauvegardé a la racine du disque dur).

Si tu as des questions, n’hésite pas à me les poser !

@+

Gabriel.

damiencito · Septembre 1, 2011, 8:52

saluuut et voila

############################## | UsbFix 7.055 | [Research]

User: Damien (Administrator) # DAMIEN-PC [ASUSTeK Computer Inc. F3U]
Updated 06/08/2011 by El Desaparecido
Started at 02:39:28 | 02/09/2011
Website: www.teamxscript.org…
Submit your sample: www.teamxscript.org…
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: AMD Turion™ 64 Mobile Technology MK-38
Microsoft? Windows Vista? édition Intégrale (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 9.0.8112.16421

Windows Firewall: Enabled
RAM -> 1790 Mb
C:\ (%systemdrive%) -> Fixed drive # 39 Gb (4 Mb free - 9%) [] # NTFS
D:\ -> Fixed drive # 73 Gb (15 Mb free - 21%) [ff7disc1] # NTFS
E:\ -> CD-ROM
G:\ -> CD-ROM

################## | Files # Infected Folders |

################## | Registry |

################## | Mountpoints2 |

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

2011N2 · Septembre 1, 2011, 8:56

OK.

ATTENTION ! Plusieurs heures de scan sont probables !

Télécharge Malwarebytes’ Anti-Malware : www.malwarebytes.org…

Si problème essaie avec celui-ci : www.commentcamarche.net…

. Enregistre-le sur ton bureau.
. Double clique sur le fichier téléchargé pour lancer le processus d’installation.
. Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, accepte.
. Dans l’onglet “mise à jour”, cliques sur le bouton Recherche de mise à jour. http://i64.servimg.com/u/f64/16/34/40/69/mbam13.png
Fais le plusieurs fois jusqu’à ce qu’il te dise que tu as la dernière version de base de données.

. Une fois la mise à jour terminée :
. Rends-toi dans l’onglet “Recherche”
. Sélectionne Exécuter un Examen complet. http://i64.servimg.com/u/f64/16/34/40/69/mbam_s10.png
. Sélectionne Tous les disques si proposé.
. Clique sur Rechercher.
. Le scan démarre. Patiente.
. A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement ou autre. Clique sur “Afficher les résultats” pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats.
. Sélectionnes tout (ou laisse coché) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
. Redemarre le pc si il le fait pas lui même.
. Une fois redémarré double-clique sur Malwarebytes’ AntiMalware.
. Rends toi dans l’onglet “rapport/log”. http://i64.servimg.com/u/f64/16/34/40/69/mbam_r10.png
. Tu cliques dessus pour l’afficher une fois affiché.
. Tu cliques sur Edition en haut du boc notes,et puis sur Sélectionner tout. http://i64.servimg.com/u/f64/16/34/40/69/rappor10.png
. Tu recliques sur Edition et puis sur Copier et tu reviens sur le forum et dans ta réponse, colle le rapport.

Si tu as besoin d’aide regarde ce tutoriel :

www.malekal.com…

Si tu as des questions, n’hésite pas à me les poser !

@+

Gabriel.

damiencito · Septembre 1, 2011, 9:33

ok c est aprti, il semble que le test va etre long, je poste le log des demain. Bonne soiree a toi !!

2011N2 · Septembre 1, 2011, 11:04

Pas de soucis, à demain

Bonne soirée à toi aussi, merci

Gabriel.

damiencito · Septembre 2, 2011, 9:06

Voici le premier :

Malwarebytes’ Anti-Malware 1.51.1.1800

Version de la base de donn?s: 7532

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2011/9/1 1:00:49
mbam-log-2011-09-01 (01-00-49).txt

Type d’examen: Examen rapide
El?ent(s) analys?s): 1
Temps ?oul? 11 minute(s)

Processus m?oire infect?s): 0
Module(s) m?oire infect?s): 0
Cl?s) du Registre infect?(s): 0
Valeur(s) du Registre infect?(s): 0
El?ent(s) de donn?s du Registre infect?s): 0
Dossier(s) infect?s): 0
Fichier(s) infect?s): 0

Processus m?oire infect?s):
(Aucun ??ent nuisible d?ect?

Module(s) m?oire infect?s):
(Aucun ??ent nuisible d?ect?

Cl?s) du Registre infect?(s):
(Aucun ??ent nuisible d?ect?

Valeur(s) du Registre infect?(s):
(Aucun ??ent nuisible d?ect?

El?ent(s) de donn?s du Registre infect?s):
(Aucun ??ent nuisible d?ect?

Dossier(s) infect?s):
(Aucun ??ent nuisible d?ect?

Fichier(s) infect?s)

Et le second apres avoir supprime :

Malwarebytes’ Anti-Malware 1.51.1.1800

Version de la base de donn?s: 7631

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2011/9/2 9:57:01
mbam-log-2011-09-02 (09-57-01).txt

Type d’examen: Examen complet (C:|D:|E:|F:|G:|)
El?ent(s) analys?s): 354476
Temps ?oul? 2 jour(s), 29 heure(s), 25 minute(s)

Processus m?oire infect?s): 0
Module(s) m?oire infect?s): 0
Cl?s) du Registre infect?(s): 0
Valeur(s) du Registre infect?(s): 0
El?ent(s) de donn?s du Registre infect?s): 0
Dossier(s) infect?s): 0
Fichier(s) infect?s): 1

Processus m?oire infect?s):
(Aucun ??ent nuisible d?ect?

Module(s) m?oire infect?s):
(Aucun ??ent nuisible d?ect?

Cl?s) du Registre infect?(s):
(Aucun ??ent nuisible d?ect?

Valeur(s) du Registre infect?(s):
(Aucun ??ent nuisible d?ect?

El?ent(s) de donn?s du Registre infect?s):
(Aucun ??ent nuisible d?ect?

Dossier(s) infect?s):
(Aucun ??ent nuisible d?ect?

Fichier(s) infect?s):
c:\Users\Damien\downloads\xvidsetup.exe (Adware.Hotbar) -> Quaran

2011N2 · Septembre 2, 2011, 11:07

Ok. Refais moi un nouveau ZHPdiag STP

Merci,

Gabriel.

damiencito · Septembre 2, 2011, 11:25

salut, le voici

www.toofiles.com…