[Résolu] Infecté par BidVertiser...

[Jack01]

Mon PC portable, windows7 64bits, a choppé bidadviser et les consaaquences qui vont avec sur internet...

J'ai passé hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:42:19, on 08/11/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Users\Clemence\AppData\Local\Temp\{96C78E12-0E6A-478D-A45F-AB47B4310990}\setup.exe

C:\Windows\syswow64\MsiExec.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.1.0.3\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.1.0.3\AVG Secure Search_toolbar.dll

O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKCU\..\Run: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe

O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SC8EA.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: FancyStart daemon.lnk = ?

O4 - Global Startup: SRS Premium Sound.lnk = ?

O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.1.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater13.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.1.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 14794 bytes

 

puis j'ai essayé de lancer combofix comme trouvé dans un autre message (arrêt antivirus avg, BLOCAGE PAREFEU, ...

eN VOICI LE RÉSULTAT :

ComboFix 12-11-09.01 - Clemence 09/11/2012 9:43.1.4 - x64

Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3884.2357 [GMT 1:00]

Lancé depuis: c:\users\Clemence\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\chrome.manifest

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\loader.xul

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js

c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\extensions\ffxtlbr@funmoods.com\install.rdf

c:\windows\msvcr71.dll

c:\windows\SysWow64\muzapp.exe

D:\install.exe

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-10-09 au 2012-11-09 ))))))))))))))))))))))))))))))))))))

.

.

2012-11-09 09:30 . 2012-11-09 09:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-09 09:30 . 2012-11-09 09:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-09 08:08 . 2012-11-09 08:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{246E2ADA-C2A1-4A05-9C32-9389B7436376}\offreg.dll

2012-11-08 20:59 . 2012-11-08 20:59 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-11-08 20:42 . 2012-11-08 20:42 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-08 20:15 . 2012-11-08 20:15 -------- d-----w- c:\users\Clemence\AppData\Local\Macromedia

2012-11-08 19:49 . 2012-10-24 17:50 261600 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-11-08 19:49 . 2012-10-24 17:49 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe

2012-11-08 19:49 . 2012-10-24 17:49 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2012-11-08 19:49 . 2012-10-24 17:49 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-11-08 19:49 . 2012-10-24 17:48 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-11-08 19:49 . 2012-10-24 17:48 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-11-08 19:28 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{246E2ADA-C2A1-4A05-9C32-9389B7436376}\mpengine.dll

2012-11-08 19:28 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-11-01 21:59 . 2012-11-03 12:42 -------- d-----w- c:\users\Clemence\AppData\Roaming\Mp3tag

2012-11-01 21:58 . 2012-11-01 21:58 -------- d-----w- c:\program files (x86)\Mp3tag

2012-10-21 20:06 . 2012-10-28 20:09 -------- d-----w- c:\users\Clemence\AppData\Roaming\Apple Computer

2012-10-21 20:06 . 2012-10-21 20:06 -------- d-----w- c:\users\Clemence\AppData\Local\Apple Computer

2012-10-21 20:06 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-10-21 20:05 . 2012-10-21 20:05 -------- d-----w- c:\program files\iPod

2012-10-21 20:05 . 2012-10-21 20:05 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-21 20:05 . 2012-10-21 20:05 -------- d-----w- c:\program files\iTunes

2012-10-21 20:05 . 2012-10-21 20:05 -------- d-----w- c:\program files (x86)\iTunes

2012-10-21 20:05 . 2012-10-21 20:05 -------- d-----w- c:\programdata\Apple Computer

2012-10-21 20:05 . 2012-10-21 20:05 -------- d-----w- c:\users\Clemence\AppData\Local\Apple

2012-10-21 20:04 . 2012-10-21 20:05 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-10-21 20:04 . 2012-10-21 20:04 -------- d-----w- c:\program files\Common Files\Apple

2012-10-21 20:04 . 2012-10-21 20:04 -------- d-----w- c:\program files (x86)\Bonjour

2012-10-21 20:04 . 2012-10-21 20:04 -------- d-----w- c:\program files\Bonjour

2012-10-21 20:04 . 2012-10-21 20:05 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-10-21 20:04 . 2012-10-21 20:04 -------- d-----w- c:\programdata\Apple

2012-10-18 17:44 . 2012-10-18 17:44 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-10-10 17:40 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 17:40 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-10 17:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 17:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 17:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 17:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 17:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 17:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 17:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 17:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-08 21:00 . 2012-04-12 19:02 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-08 21:00 . 2012-03-23 21:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-10 21:47 . 2012-03-20 06:18 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-05 01:26 . 2012-10-05 01:26 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-03 17:32 . 2012-09-04 17:27 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-10-02 01:30 . 2012-10-02 01:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-21 01:46 . 2012-09-21 01:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 01:46 . 2012-09-21 01:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-21 01:45 . 2012-09-21 01:45 61792 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-09-14 01:05 . 2012-09-14 01:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-09-13 01:11 . 2012-09-13 01:11 151904 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-08-24 18:05 . 2012-09-23 19:52 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-09-23 19:52 1494528 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-09-23 19:52 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-09-23 19:52 9056256 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:03 . 2012-09-23 19:52 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:03 . 2012-09-23 19:52 735744 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:03 . 2012-09-23 19:52 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:02 . 2012-09-23 19:52 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:02 . 2012-09-23 19:52 12295680 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:02 . 2012-09-23 19:52 2453504 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 16:57 . 2012-09-23 19:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 15:59 . 2012-09-23 19:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 15:20 . 2012-09-23 19:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-16 19:54 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-16 19:54 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-16 19:54 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-16 19:54 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 19:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 11:01 . 2012-08-21 11:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 17:38 . 2012-10-10 17:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-10-03 17:32 1759688 ----a-w- c:\program files (x86)\AVG Secure Search\13.1.0.3\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.1.0.3\AVG Secure Search_toolbar.dll" [2012-10-03 1759688]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-29 2429]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-10-03 961992]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-08-11 1597440]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]

"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-10-03 1020512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 1080608]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-11-29 12862]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-29 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]

R2 vToolbarUpdater13.1.0;vToolbarUpdater13.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.1.0\ToolbarUpdater.exe [2012-10-03 711112]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]

R3 RTL2832U_IRHID;Cinergy T Stick Black HID service;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2010-05-07 43840]

R3 RTL2832UBDA;Cinergy T Stick Black BDA service;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-05-25 116728]

R3 RTL2832UUSB;Cinergy T Stick Black USB service;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-05-25 38520]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]

R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2012-06-04 203320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-18 1255736]

R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-08 379520]

R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-11-29 332272]

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-10-03 30568]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]

.

.

Contenu du dossier 'Tâches planifiées'

.

2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:00]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 14:02]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 14:02]

.

2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737793732-257383456-533483445-1002Core.job

- c:\users\Clemence\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 13:05]

.

2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737793732-257383456-533483445-1002UA.job

- c:\users\Clemence\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 13:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-11-29 11:02 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-27 17412200]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.1.0\ViProtocol.dll

FF - ProfilePath - c:\users\Clemence\AppData\Roaming\Mozilla\Firefox\Profiles\pf3rpkps.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={479BD526-3826-4624-B701-09DD542FBABF}&mid=411d18e059e047d1adb6a5b92b5aa523-16d338e075bd0dab98d0e9d6e2ee9efdc8ea1653&lang=fr&ds=AVG&pr=fr&d=2012-10-03 19:32&v=13.1.0.3&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986&tt=100512_1_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 5c01cc900000000000004e5d6073fca1

FF - user.js: extensions.BabylonToolbar_i.hardId - 5c01cc900000000000004e5d6073fca1

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15475

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:08

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=aln

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=aln

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=aln&q=

FF - user.js: extensions.funmoods.id - 5c01cc900000000000004e5d6073fca1

FF - user.js: extensions.funmoods.instlDay - 15475

FF - user.js: extensions.funmoods.vrsn - 1.5.19.3

FF - user.js: extensions.funmoods.vrsni - 1.5.19.3

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.19.316:28

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - aln

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef -

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.admin - false

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-Locked - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2012-11-09 10:56:02

ComboFix-quarantined-files.txt 2012-11-09 09:55

.

Avant-CF: 37 462 183 936 octets libres

Après-CF: 37 417 316 352 octets libres

.

- - End Of File - - EBE1B3B055ABACABFA16935E05E175AB

 

Mais là je ne sais plus quoi faire, bidvertiser est toujours là !

 

Merci de votre aide,

jack

 

Bonsoir Jack01 et bienvenue sur Zébulon !

 

Ne jamais utiliser Combofix sans l'aide d'un Helper Sécurité ! Ton PC pourrait ne pas s'en remettre...

 

Je transfère ton sujet dans la section Analyse & éradication des malwares.

 

Bon we,

Tonton

[bernard53]

Bonjour

Ceci s.t.p

 

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.

 

Téléchargements - Outils de Xplode - AdwCleaner

 

 

 

Lance le, clique sur [suppression]puis patiente le temps du scan.

Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

 

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[s1].txt

 

 

Ensuite passage de MalwaresBytes.

Installe Malewarebytes' Antimalware,

 

Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer

 

Prends bien la version FREE

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case à côté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final.

Enfin passage de Zhpdiag pour analyse du pc.

 

Télécharges << ZHPDiag>> (de Nicolas Coolman)

 

dezzipes le fichier sur ton bureau...

Fais un clic-droit sur l'icône ZHPDiag .exe et choisis "exécuter en tant qu'administrateur".

 

 

L'installation va créer 3 raccourcis (ZHPDiag et ZHPFix et MBRchek) sur ton bureau

 

ET :

 

Si le bouton UAC apparaît dans le panel supérieur cela signifie que votre UAC est activée. L'activation de l'UAC gène l'analyse deZHPDiag sur certains modules (O18,O23,O42,...).

Aussi pour permettre un scan complet de l'outil, vous devez au préalable cliquer sur ce bouton.

Ce qui aura pour conséquence de relancer ZHPDiag avec une désactivation temporaire de l'UAC.

 

A la fin de l'installation ZHPDiag va se lancer....

Cliques sur "Lancer le diagnostic" (image de la loupe) et patiente...

 

 

A la fin du scan le rapport est sauvegardé directement sur ton bureau.

ZHPDiag.txt

 

Mets le rapport ici car il prend bien de la place.

Accueil de Cjoint.com

ou.

Envoyez et partagez vos fichiers

[Jack01]

Bonjour,

 

je n'au pas pu (su) attendre votre réponse... j'ai formaté le disque dur (en externe) puis réinstallé Win7 pro vendredi soir, et après l'install de l'antivirus, j'ai demandé à 'minite' de bosser pour moi la nuit et de me réinstaller tout un tas de logiciels.

Merci tout de même pour le mal que vous vous donné,

Amicalement,

jack

 

PS : pas trouvé où dire que c'est "résolu"

Modifié le 12 novembre 2012 par Jack01

[bernard53]

ok ceci alors

http://forum.zebulon.fr/comment-afficher-son-sujet-comme-resolu-t180253.html

 

Bonne soirée

[Tonton]

Salut bernard53,

 

Je m'en suis occupé.

 

Bonne soirée à toi,

Tonton

[Jack01]

Merci à toi, bonne soirée également,

jack