[Fermé] Infecté par Securitytool

Sujet: [Fermé] Infecté par Securitytool Dim 10 Oct 2010 - 18:52

Rappel du premier message :

Bonjour

j'aide mon cousin a désinfecter son ordinateur , il est infecter par le virus de Securitytool , un message qui s'affiche sans cesse je en sais pas par ou commencer

J'attens vos réponse Merci I

Sujet: Re: [Fermé] Infecté par Securitytool Mer 20 Oct 2010 - 19:38

Bonsoir M3ri3m

Il reste encore des traces de quelques logiciels indésirables. Je les ai déjà supprimés 2 ou 3 fois et à chaque fois ils reviennent 5 minutes plus tard. Tu as remarqué que des programmes s'installent ?

Relance Ad-Remover pour le désinstaller.
Puis retélécharge le d'ici : http://www.teamxscript.org/adremoverTelechargement.html
Et relance le (clic droit => exécuter en tant qu'administrateur) en choisissant Scanner.
Une aide en image ici : http://www.teamxscript.org/adremoverScan.html
Poste le rapport s'il te plait.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->

*
*

Sujet: Re: [Fermé] Infecté par Securitytool Mer 20 Oct 2010 - 20:42

Coucou

non j'ai rien remarqué c'est très bizarre

======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 20/10/10 à 13:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 20:38:17 le 20/10/2010, Mode normal

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 (X86)
Hamza@PC-DE-HAMZA (Hewlett-Packard HP Compaq 6830s)

============== RECHERCHE ==============

Dossier trouvé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
Fichier trouvé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml

-- Fichier ouvert: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaultenginename", "Fast Browser Search");
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&...
Ligne trouvée: user_pref("browser.search.order.1", "Fast Browser Search");
Ligne trouvée: user_pref("browser.search.selectedEngine", "Fast Browser Search");
Ligne trouvée: user_pref("keyword.URL", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63...
-- Fichier Fermé --

Clé trouvée: HKCU\Software\SpiderMessenger
Clé trouvée: HKCU\Software\OfferBox

============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.5.5 (fr)] **

-- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\Prefs.js --
browser.search.defaultenginename, Fast Browser Search
browser.search.defaulturl, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
browser.search.selectedEngine, Fast Browser Search
browser.startup.homepage_override.mstone, rv:1.9.1.5
keyword.URL, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD...

========================================

** Internet Explorer Version [7.0.6001.18000] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 20/10/2010 (3348 Octet(s))

Fin à: 20:40:50, 20/10/2010

============== E.O.F ==============

Sujet: Re: [Fermé] Infecté par Securitytool Mer 20 Oct 2010 - 20:52

Ok, relance Ad-remover et choisis l'option de nettoyage, puis poste le rapport s'il te plait.

Enfin, relance OTL puis clique sur le bouton Aucun en haut. Ensuite coche Avec liste blanche dans le cadre en bas à gauche qui s'appelle Registre:Standard, puis clique sur Analyse.

Poste le rapport s'il te plait.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->

*
*

Sujet: Re: [Fermé] Infecté par Securitytool Mer 20 Oct 2010 - 21:13

======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 20/10/10 à 13:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:57:49 le 20/10/2010, Mode normal

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 (X86)
Hamza@PC-DE-HAMZA (Hewlett-Packard HP Compaq 6830s)

============== ACTION(S) ==============

Dossier supprimé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
Fichier supprimé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml

(!) -- Fichiers temporaires supprimés.

-- Fichier ouvert: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\Prefs.js --
-- Fichier Fermé --

Clé supprimée: HKCU\Software\SpiderMessenger
Clé supprimée: HKCU\Software\OfferBox

============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.5.5 (fr)] **

-- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\Prefs.js --
browser.search.defaultenginename, Fast Browser Search
browser.search.defaulturl, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
browser.search.selectedEngine, Fast Browser Search
browser.startup.homepage_override.mstone, rv:1.9.1.5
keyword.URL, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD...

========================================

** Internet Explorer Version [7.0.6001.18000] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 20/10/2010 (2912 Octet(s))
C:\Ad-Report-SCAN[1].txt - 20/10/2010 (3477 Octet(s))

Fin à: 21:00:21, 20/10/2010

============== E.O.F ==============

Sujet: Re: [Fermé] Infecté par Securitytool Mer 20 Oct 2010 - 21:15

OTL logfile created on: 20/10/2010 21:14:04 - Run 5
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 117,41 Gb Free Space | 52,68% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 19:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 10:29:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 10:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/18 12:45:16 | 000,000,000 | ---D | M]

[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions
[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/20 21:10:22 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions
[2009/10/22 12:45:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/18 12:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/18 12:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/10/18 14:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/15 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\fdm_ffext@freedownloadmanager.org
[2010/10/20 21:10:22 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/04/15 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com
[2010/04/15 11:29:38 | 000,002,321 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\durable.xml
[2010/10/20 21:11:07 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/08/23 11:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/23 11:29:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/16 19:55:42 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/24 21:21:51 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/08/24 21:21:51 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/08/24 21:21:51 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/08/24 21:21:51 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/08/24 21:21:51 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

< End of report >

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 8:23

Bonjour M3ri3m

Encore ... je passe peut être à côté de quelque chose.

J'essaie une dernière fois comme ça avant de m'y prendre autrement.

Relance OTL

Dans le cadre Personnalisation qui est en bas, colle le contenu du cadre ci dessous :

Citation:

:OTL
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD}&q="
[2010/10/18 12:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/18 12:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/10/20 21:10:22 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/10/20 21:11:07 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml

:Commands
[emptytemp]

Puis clique sur le bouton Correction en haut.

Laisse OTL tourner, le pc va redémarrer.
Au redémarrage, un nouveau rapport va s'ouvrir, copie/colle son contenu ici svp

Enfin, relance OTL puis clique sur le bouton "Aucun" en haut. Ensuite coche "Avec liste blanche" dans le cadre en bas à gauche qui s'appelle "Registre:Standard", puis clique sur "Analyse".

Poste le rapport s'il te plait.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->

*
*

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 12:27

All processes killed
========== OTL ==========
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "Fast Browser Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD}&q=" removed from keyword.URL
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264} folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com folder moved successfully.
C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Hamza
->Temp folder emptied: 89510 bytes
->Temporary Internet Files folder emptied: 1167577 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91692285 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 11184 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29176 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 89,00 mb

OTL by OldTimer - Version 3.2.15.1 log created on 10212010_121359

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 12:33

OTL logfile created on: 21/10/2010 12:30:22 - Run 6
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 117,56 Gb Free Space | 52,75% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 19:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 10:29:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 10:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/18 12:45:16 | 000,000,000 | ---D | M]

[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions
[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/21 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions
[2009/10/22 12:45:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/21 12:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/21 12:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/10/18 14:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/15 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\fdm_ffext@freedownloadmanager.org
[2010/10/21 12:23:25 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/04/15 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com
[2010/04/15 11:29:38 | 000,002,321 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\durable.xml
[2010/10/21 12:24:01 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/08/23 11:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/23 11:29:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/16 19:55:42 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/24 21:21:51 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/08/24 21:21:51 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/08/24 21:21:51 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/08/24 21:21:51 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/08/24 21:21:51 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

< End of report >

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 19:57

Et bien, une partie est revenue 10 minutes après sa suppression.

1. Désinstalle Firefox s'il te plait.

2. Supprime ces 2 dossiers :
- C:\Program Files\mozilla firefox
- C:\Users\Hamza\AppData\Roaming\mozilla

3. Réinstalle Firefox :
http://download.mozilla.org/?product=firefox-3.6.11&os=win&lang=fr

4. Relance OTL puis clique sur le bouton "Aucun" en haut. Ensuite coche "Avec liste blanche" dans le cadre en bas à gauche qui s'appelle "Registre:Standard", puis clique sur "Analyse".

Poste le rapport s'il te plait.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->

*
*

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 20:08

D'accord

mais c'est quoi le problème je veux dire c'est quoi qui se retelecharge tout le temps ?

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 20:20

OTL logfile created on: 21/10/2010 20:19:14 - Run 7
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 117,54 Gb Free Space | 52,74% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 19:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 20:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 20:18:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/18 12:45:16 | 000,000,000 | ---D | M]

[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions
[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/21 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions
[2009/10/22 12:45:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/21 12:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/21 12:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/10/18 14:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/15 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\fdm_ffext@freedownloadmanager.org
[2010/10/21 12:23:25 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/04/15 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com
[2010/04/15 11:29:38 | 000,002,321 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\durable.xml
[2010/10/21 12:24:01 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/10/21 20:18:14 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/10/12 22:25:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/10/12 22:25:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/12 22:25:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/10/12 22:25:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/10/12 22:25:29 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

< End of report >

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 21:04

"Fast browser search" (entre autre) visible dans ces lignes :

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD}&q="
[2010/10/21 12:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/21 12:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/10/21 12:23:25 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/10/21 12:24:01 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->

*
*

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 21:09

j'ai trouver sa

http://www.commentcamarche.net/forum/affich-14588263-fast-browser-search-impossible-a-supprimer

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 22:04

Oui, je connais déjà ^^

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->

*
*

Sujet: Re: [Fermé] Infecté par Securitytool Jeu 21 Oct 2010 - 22:25

Je te laisse faire alors tu est plus performant que moi =D

j'attens tes ordres =D

Sujet: Re: [Fermé] Infecté par Securitytool Sam 23 Oct 2010 - 19:31

Je vais lui rendre son ordinateur
sauf si tu a une manipulation

Sujet: Re: [Fermé] Infecté par Securitytool Dim 24 Oct 2010 - 16:40

A chaque fois que je fait un analyse bitdefender il m'affiche que j'ai des éléments infecté c'est normal ? pour le moment 7 ...

Sujet: Re: [Fermé] Infecté par Securitytool Dim 24 Oct 2010 - 18:08

Bonjour M3ri3m

Tu as mis à jour Firefox ?

GrosBébé a écrit:

1. Désinstalle Firefox s'il te plait.

2. Supprime ces 2 dossiers :
- C:\Program Files\mozilla firefox
- C:\Users\Hamza\AppData\Roaming\mozilla

3. Réinstalle Firefox :
http://download.mozilla.org/?product=firefox-3.6.11&os=win&lang=fr

4. Relance OTL puis clique sur le bouton "Aucun" en haut. Ensuite coche "Avec liste blanche" dans le cadre en bas à gauche qui s'appelle "Registre:Standard", puis clique sur "Analyse".

Poste le rapport s'il te plait.

A mon avis, Fast browser search sera encore là.

Double clique sur SystemLook pour le lancer
Copie le texte qui se trouve dans l'encadré ci-dessous et colle le dans la fenêtre de texte de SystemLook.
Citation:
:filefind
Fast*

:folderfind
toolbar*

:regfind
Fast Browser Search
fast
alot.com
Clique sur le bouton Look pour lancer le scan
A la fin, poste le rapport qui apparaitra dans le bloc note (le rapport se trouve aussi ici sur ton bureau sous le nom SystemLook.txt

Note: Le scan peut être plus ou moins long.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->

*
*

Sujet: Re: [Fermé] Infecté par Securitytool Lun 25 Oct 2010 - 18:50

OTL logfile created on: 25/10/2010 18:49:42 - Run 8
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 113,26 Gb Free Space | 50,82% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 19:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/25 18:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/25 18:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/18 12:45:16 | 000,000,000 | ---D | M]

[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions
[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/24 18:02:35 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions
[2009/10/22 12:45:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/21 12:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/21 12:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/10/21 20:21:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/15 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\fdm_ffext@freedownloadmanager.org
[2010/10/21 12:23:25 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/04/15 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com
[2010/04/15 11:29:38 | 000,002,321 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\durable.xml
[2010/10/21 12:24:01 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/10/25 18:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/10/12 22:25:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/10/12 22:25:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/12 22:25:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/10/12 22:25:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/10/12 22:25:29 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

< End of report >

Sujet: Re: [Fermé] Infecté par Securitytool Lun 25 Oct 2010 - 18:59

SystemLook 04.09.10 by jpshortstuff
Log created at 18:51 on 25/10/2010 by Hamza
Administrator - Elevation successful

========== filefind ==========

Searching for "Fast*"
C:\Program Files\Ad-Remover\Quarantine\C\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml.vir --a---- 5413 bytes [10:14 18/10/2010] [10:15 18/10/2010] 75093AF1A11B585387BBBACC2CC24923
C:\Program Files\AutoCAD 2008\Help\GettingStarted\Symbol Libraries\Fasteners - Metric.dwg --a---- 76288 bytes [11:50 01/02/2007] [11:50 01/02/2007] 1F88B3B0C81C287A5CDD634725EC9380
C:\Program Files\AutoCAD 2008\Help\GettingStarted\Symbol Libraries\Fasteners - US.dwg --a---- 70624 bytes [01:33 30/03/2006] [01:33 30/03/2006] F9B81D7800B06BB21F66A0873ABF55E7
C:\Program Files\AutoCAD 2008\Sample\DesignCenter\Fasteners - Metric.dwg --a---- 78080 bytes [11:50 01/02/2007] [11:50 01/02/2007] 8FAB87A404322660588501775F379C21
C:\Program Files\AutoCAD 2008\Sample\DesignCenter\Fasteners - US.dwg --a---- 75264 bytes [11:50 01/02/2007] [11:50 01/02/2007] BD35A92AB61DC8862E65F2CE22B66294
C:\Program Files\Google\Google Earth\client\res\fast-food.png --a---- 225 bytes [17:58 01/09/2010] [17:58 01/09/2010] 51A41A9F86A1B3E0A56F81DC2CE42F5F
C:\Program Files\Google\Google Earth\plugin\res\fast-food.png --a---- 225 bytes [17:58 01/09/2010] [17:58 01/09/2010] 51A41A9F86A1B3E0A56F81DC2CE42F5F
C:\Program Files\InterVideo\WinDVD\Skins\WinDVD 5\WinDVD Player\Fast_BackwardDD.BMP --a---- 1760 bytes [04:07 17/06/2008] [21:08 18/08/2003] 7ABBA82ABF9E291B5571FAB08B9A2538
C:\Program Files\InterVideo\WinDVD\Skins\WinDVD 5\WinDVD Player\Fast_BackwardDH.BMP --a---- 1760 bytes [04:07 17/06/2008] [21:08 18/08/2003] 877830A5F0574D19E2E5AD637DF36DED
C:\Program Files\InterVideo\WinDVD\Skins\WinDVD 5\WinDVD Player\Fast_BackwardDU.BMP --a---- 1760 bytes [04:07 17/06/2008] [21:08 18/08/2003] E0103F3E17CFCBA22780BCC3E1AAFDA2
C:\Program Files\InterVideo\WinDVD\Skins\WinDVD 5\WinDVD Player\Fast_BackwardDX.BMP --a---- 1760 bytes [04:07 17/06/2008] [21:08 18/08/2003] 21623F8256AB6201CC3DF5A69F002306
C:\Program Files\InterVideo\WinDVD\Skins\WinDVD 5\WinDVD Player\Fast_ForwardDD.BMP --a---- 1760 bytes [04:07 17/06/2008] [21:08 18/08/2003] 1BFB62C03E2A5BEB634F03AF0DCA00EF
C:\Program Files\InterVideo\WinDVD\Skins\WinDVD 5\WinDVD Player\Fast_ForwardDH.BMP --a---- 1760 bytes [04:07 17/06/2008] [21:08 18/08/2003] 7E6E8E0A7EBE2BC3393E7917E36835DD
C:\Program Files\InterVideo\WinDVD\Skins\WinDVD 5\WinDVD Player\Fast_ForwardDU.BMP --a---- 1760 bytes [04:07 17/06/2008] [21:08 18/08/2003] 9F2C75F794D43C9977EB70406DAFA10D
C:\Program Files\InterVideo\WinDVD\Skins\WinDVD 5\WinDVD Player\Fast_ForwardDX.BMP --a---- 1760 bytes [04:07 17/06/2008] [21:08 18/08/2003] C26365762E7B1F60EBB039226288F1E4
C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt --a---- 599 bytes [16:59 02/11/2009] [16:59 02/11/2009] D29216CE33B401F21659776701BF76EC
C:\Users\Hamza\AppData\Roaming\Mozilla\Firefox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml --a---- 5413 bytes [10:23 21/10/2010] [10:24 21/10/2010] 75093AF1A11B585387BBBACC2CC24923
C:\Users\Hamza\Documents\Document Hamza\Autocad 2008 fra\x86\fr-FR\Acad\Program Files\Root\Help\GettingStarted\Symbol Libraries\Fasteners - Metric.dwg --a---- 76288 bytes [10:53 23/10/2009] [11:50 01/02/2007] 1F88B3B0C81C287A5CDD634725EC9380
C:\Users\Hamza\Documents\Document Hamza\Autocad 2008 fra\x86\fr-FR\Acad\Program Files\Root\Help\GettingStarted\Symbol Libraries\Fasteners - US.dwg --a---- 70624 bytes [10:53 23/10/2009] [01:33 30/03/2006] F9B81D7800B06BB21F66A0873ABF55E7
C:\Users\Hamza\Documents\Document Hamza\Autocad 2008 fra\x86\fr-FR\Acad\Program Files\Root\Sample\DesignCenter\Fasteners - Metric.dwg --a---- 78080 bytes [10:53 23/10/2009] [11:50 01/02/2007] 8FAB87A404322660588501775F379C21
C:\Users\Hamza\Documents\Document Hamza\Autocad 2008 fra\x86\fr-FR\Acad\Program Files\Root\Sample\DesignCenter\Fasteners - US.dwg --a---- 75264 bytes [10:53 23/10/2009] [11:50 01/02/2007] BD35A92AB61DC8862E65F2CE22B66294
C:\Users\Hamza\Documents\Document Hamza\Autocad 2008 fra\x86\Program Files\Root\Express\fastsel.lsp --a---- 13800 bytes [10:53 23/10/2009] [08:03 12/02/2007] 0124999B395A8F7AB8826445D50A8C9C
C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6002.18005_none_b09ea48c5485f42b\fastfat.sys --a---- 142848 bytes [11:34 20/10/2009] [04:13 11/04/2009] 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34\fastprox.dll --a---- 614912 bytes [11:33 20/10/2009] [06:28 11/04/2009] BC5A34B6A14C93BF04E3F4E8EA57090A
C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34\fastprox.tmf --a---- 405119 bytes [11:35 20/10/2009] [04:26 11/04/2009] 3D038593AAF16E36EFF5E769E0907C4A
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6002.18005_none_b09ea48c5485f42b\fastfat.sys --a---- 142848 bytes [07:41 24/10/2009] [04:13 11/04/2009] 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34\fastprox.dll --a---- 614912 bytes [07:41 24/10/2009] [06:28 11/04/2009] BC5A34B6A14C93BF04E3F4E8EA57090A
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34\fastprox.tmf --a---- 405119 bytes [07:42 24/10/2009] [04:26 11/04/2009] 3D038593AAF16E36EFF5E769E0907C4A
C:\Windows\System32\fastopen.exe --a---- 882 bytes [07:09 02/11/2006] [07:09 02/11/2006] 68062C0ECE86AB7801B5B47FDC855A06
C:\Windows\System32\drivers\fastfat.sys --a---- 143360 bytes [02:33 21/01/2008] [02:33 21/01/2008] 3C489390C2E2064563727752AF8EAB9E
C:\Windows\System32\wbem\fastprox.dll --a---- 615424 bytes [12:54 18/10/2009] [04:36 03/03/2009] 52A53BCCCF489D4097191B7B78DFFA58
C:\Windows\System32\wbem\tmf\fastprox.tmf --a---- 405691 bytes [12:54 18/10/2009] [02:15 03/03/2009] 71214061DAFD0F53FBAB2EA362000998
C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6001.18000_none_aeb32b80576428df\fastfat.sys --a---- 143360 bytes [02:33 21/01/2008] [02:33 21/01/2008] 3C489390C2E2064563727752AF8EAB9E
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\fastopen.exe --a---- 882 bytes [07:09 02/11/2006] [07:09 02/11/2006] 68062C0ECE86AB7801B5B47FDC855A06
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\fastopen.exe --a---- 882 bytes [07:09 02/11/2006] [07:09 02/11/2006] 68062C0ECE86AB7801B5B47FDC855A06
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\fastprox.dll --a---- 614400 bytes [02:06 21/01/2008] [02:06 21/01/2008] 584945C76F0B641A0DAC4231C78100A2
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll --a---- 614912 bytes [12:56 18/10/2009] [06:28 11/04/2009] BC5A34B6A14C93BF04E3F4E8EA57090A
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16830_none_f942a8bc7cae6118\fastprox.dll --a---- 614912 bytes [12:54 18/10/2009] [04:16 03/03/2009] 798FD364677DA5278266102371B96F4B
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16830_none_f942a8bc7cae6118\fastprox.tmf --a---- 306422 bytes [12:54 18/10/2009] [01:59 03/03/2009] E045274F3B119F96CE3F4AEB54A2673A
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.21023_none_f9d9ee7395c16438\fastprox.dll --a---- 614912 bytes [12:54 18/10/2009] [04:14 03/03/2009] E51859CEC070BD33455CB78011A4CEB3
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.21023_none_f9d9ee7395c16438\fastprox.tmf --a---- 306422 bytes [12:54 18/10/2009] [01:57 03/03/2009] E5F372244FB2DE8457AEE07E8D05E489
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8\fastprox.dll --a---- 614400 bytes [02:34 21/01/2008] [02:34 21/01/2008] 584945C76F0B641A0DAC4231C78100A2
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8\fastprox.tmf --a---- 306157 bytes [02:34 21/01/2008] [02:34 21/01/2008] 21244BEFC44109BFE55894E86BAA2F47
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a79c76e22\fastprox.dll --a---- 615424 bytes [12:54 18/10/2009] [04:36 03/03/2009] 52A53BCCCF489D4097191B7B78DFFA58
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a79c76e22\fastprox.tmf --a---- 405691 bytes [12:54 18/10/2009] [02:15 03/03/2009] 71214061DAFD0F53FBAB2EA362000998
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.22389_none_fb85772b93130197\fastprox.dll --a---- 615424 bytes [12:54 18/10/2009] [04:28 03/03/2009] C384F1331C5B97F111973C567710D5C0
C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.22389_none_fb85772b93130197\fastprox.tmf --a---- 405691 bytes [12:54 18/10/2009] [02:03 03/03/2009] C26CA2E6F108E24022CDB73A7874BBE2
C:\_OTL\MovedFiles\10122010_215032\C_Program Files\mozilla firefox\searchplugins\fast.png --a---- 3700 bytes [07:43 06/06/2010] [07:43 06/06/2010] 394E92352EADDFF731A21FFF43E7E609
C:\_OTL\MovedFiles\10122010_215032\C_Program Files\mozilla firefox\searchplugins\fast.xml --a---- 1963 bytes [07:43 06/06/2010] [07:43 06/06/2010] 29FA4F39AE914CBB658DC9FDE3112003
C:\_OTL\MovedFiles\10122010_215032\C_Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml --a---- 5462 bytes [23:11 02/11/2009] [23:11 02/11/2009] 581225AFBC580D5ADB165E11FE3A5DAF
C:\_OTL\MovedFiles\10172010_155118\C_Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml --a---- 5413 bytes [20:01 12/10/2010] [20:01 12/10/2010] 487AF3F52E38C93C4C077E983C9ADE6F
C:\_OTL\MovedFiles\10182010_120821\C_Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml --a---- 5413 bytes [16:55 17/10/2010] [16:55 17/10/2010] 79495841F459153C5963949311A7A4A2
C:\_OTL\MovedFiles\10212010_121359\C_Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml --a---- 5413 bytes [19:11 20/10/2010] [19:11 20/10/2010] 75093AF1A11B585387BBBACC2CC24923

========== folderfind ==========

Searching for "toolbar*"
C:\Program Files\Skype\Toolbars d------ [11:37 18/10/2009]
C:\Users\Hamza\AppData\LocalLow\Messenger_Plus_Live_France\Repository\conduit_CT2567681_CT2567681\ToolbarLogin d------ [13:09 16/05/2010]
C:\Users\Hamza\AppData\LocalLow\Messenger_Plus_Live_France\Repository\conduit_CT2567681_CT2567681\ToolbarSettings d------ [13:09 16/05/2010]
C:\Users\Hamza\AppData\Roaming\Mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com d------ [10:23 21/10/2010]
C:\Users\Hamza\AppData\Roaming\Mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com d------ [08:48 15/04/2010]
C:\_OTL\MovedFiles\10172010_155118\C_Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com d------ [14:43 05/09/2010]
C:\_OTL\MovedFiles\10212010_121359\C_Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com d------ [19:10 20/10/2010]

========== regfind ==========

Searching for "Fast Browser Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2099413336-2092307940-2720715696-1004\SOFTWARE\TBSB07183\Toolbar]
"toolbar_version"="Fast Browser Search (My Web Tattoo) 2.1.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TBSB07183.TBSB07183]
@="Fast Browser Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TBSB07183.TBSB07183.3]
@="Fast Browser Search"
[HKEY_USERS\S-1-5-21-2099413336-2092307940-2720715696-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2099413336-2092307940-2720715696-1004\SOFTWARE\TBSB07183\Toolbar]
"toolbar_version"="Fast Browser Search (My Web Tattoo) 2.1.9"

Searching for "fast"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2099413336-2092307940-2720715696-1004\SOFTWARE\TBSB07183\Toolbar]
"toolbar_version"="Fast Browser Search (My Web Tattoo) 2.1.9"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{81F95CF7-A582-402A-AE2F-CEA901D4207E}\{E76BCF9F-AFE3-4509-BF75-F0187BF195C5}]
"Description"="A business news and information tool from Dow Jones. Use Factiva iWorks when you need fast, easy access to high quality, relevant content to enhance your MS Office documents, presentations, and files. Plus, it can significantly improve your use of SmartTags. Factiva iWorks provides authoritative, multi-language business content from the most influential sources such as The Wall Street Journal, The New York Times, Financial Times and the Dow Jones and Reuters newswires. Whether the facts originated in a newspaper, newswire, trade publication, or a media transcript— Factiva iWorks helps you stay productive and informed."
[HKEY_CURRENT_USER\Software\Classes\.fas]
@="AutoCADAutoLISPFastLoadFile"
[HKEY_CURRENT_USER\Software\Classes\AutoCADAutoLISPFastLoadFile]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16386_none_f912915e7cd19314]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16830_none_f942a8bc7cae6118]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.21023_none_f9d9ee7395c16438]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a79c76e22]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.22389_none_fb85772b93130197]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-fat_31bf3856ad364e35_none_fad8532e7eeab583\f256!fastfat.sys]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_none_49d9e76e0a1ef76e\f256!fastopen.exe]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_none_6fe838c0b3fd5282]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_none_6fe838c0b3fd5282\f256!fastprox.dll]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_none_6fe838c0b3fd5282\f256!fastprox.tmf]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_none_6fe838c0b3fd5282]
[HKEY_LOCAL_MACHINE\SOFTWARE\ActivCard\ActivClient\ASPH\AspCards\COSMOPOLIC\CARD2]
"CardModel"="CosmopolIC 32K V4 Fast ATR"
[HKEY_LOCAL_MACHINE\SOFTWARE\ActivCard\ActivClient\ASPH\AspCards\COSMOPOLIC\CARD2]
"Card_Name"="ActivIdentity ActivClient (Oberthur CosmopolIC 32K V4 Fast ATR)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ActivCard\ActivClient\ASPH\AspCards\COSMOPOLIC\CARD5]
"CardModel"="CosmopolIC 64K V5.2 Fast ATR"
[HKEY_LOCAL_MACHINE\SOFTWARE\ActivCard\ActivClient\ASPH\AspCards\COSMOPOLIC\CARD5]
"Card_Name"="ActivIdentity ActivClient (Oberthur CosmopolIC 64K V5.2 Fast ATR)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ActivCard\ActivClient\ASPH\AspCards\COSMOPOLIC\CARD6]
"CardModel"="ID-One Cosmo 64 v5.2D Fast ATR with PIV application"
[HKEY_LOCAL_MACHINE\SOFTWARE\ActivCard\ActivClient\ASPH\AspCards\COSMOPOLIC\CARD6]
"Card_Name"="ActivIdentity ActivClient (Oberthur ID-One Cosmo 64 v5.2D Fast ATR with PIV application)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ActivCard\ActivClient\ASPH\AspCards\COSMOPOLIC\CARD7]
"Card_Name"="ActivIdentity ActivClient (Oberthur ID-One Cosmo 64 v5.2D Fast ATR with PIV application SDK)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ActivCard\ActivClient\ASPH\AspCards\COSMOPOLIC\CARD7]
"CardModel"="ID-One Cosmo 64 v5.2D Fast ATR with PIV application SDK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29B5828C-CAB9-11D2-B35C-00105A1F8177}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7016F8FA-CCDA-11D2-B35C-00105A1F8177}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78103FB7-AED7-4066-8BCD-30BB27B02331}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{865e5e76-ad83-4dca-a109-50dc2113ce9a}]
@="Programs Folder and Fast Items"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D1C559D-84F0-4BB3-A7D5-56A7435A9BA6}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A653086-174F-11D2-B5F9-00104B703EFD}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C71566F2-561E-11D1-AD87-00C04FD8FDFF}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC9072AB-C000-49D8-A5AA-00266C8DBB9B}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD1ABFC8-6C5E-4A8D-B90B-2A3B153B886D}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCF33DF4-B510-439F-832A-16B6B514F2A7}\InprocServer32]
@="%systemroot%\system32\wbem\fastprox.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0BC45C-2438-31A9-BBB6-E2A3B5916419}]
@="System.Runtime.CompilerServices.CallConvFastcall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0BC45C-2438-31A9-BBB6-E2A3B5916419}\InprocServer32]
"Class"="System.Runtime.CompilerServices.CallConvFastcall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0BC45C-2438-31A9-BBB6-E2A3B5916419}\InprocServer32\1.0.5000.0]
"Class"="System.Runtime.CompilerServices.CallConvFastcall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0BC45C-2438-31A9-BBB6-E2A3B5916419}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.CompilerServices.CallConvFastcall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0BC45C-2438-31A9-BBB6-E2A3B5916419}\ProgId]
@="System.Runtime.CompilerServices.CallConvFastcall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B452D17-3C5E-36C4-A12D-5E9276036CF8}]
@="_CallConvFastcall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4EDE9248-7850-40F5-8533-0FD665D2994D}]
@="IMsMpComFastDispatch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B84E2C09-78C9-4AC4-8BD3-524AE1663A2F}]
@="IWICFastMetadataEncoder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.CompilerServices.CallConvFastcall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.CompilerServices.CallConvFastcall]
@="System.Runtime.CompilerServices.CallConvFastcall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TBSB07183.TBSB07183]
@="Fast Browser Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TBSB07183.TBSB07183.3]
@="Fast Browser Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}\13.1]
@="SM Button - Fast graphical button"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ActivIdentity ActivClient (Oberthur CosmopolIC 32K V4 Fast ATR)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ActivIdentity ActivClient (Oberthur CosmopolIC 64K V5.2 Fast ATR)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ActivIdentity ActivClient (Oberthur ID-One Cosmo 64 v5.2D Fast ATR with PIV application SDK)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ActivIdentity ActivClient (Oberthur ID-One Cosmo 64 v5.2D Fast ATR with PIV application)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\ButtonGroup\FFWDElement]
"enabled"="wmpenabled:player.controls.FastForward"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\ButtonGroup\FFWDElement]
"onclick"="player.controls.FastForward()"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\ButtonGroup\REWElement]
"enabled"="wmpenabled:player.controls.FastReverse"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\ButtonGroup\REWElement]
"onclick"="player.controls.FastReverse()"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\FFWDButton]
"enabled"="wmpenabled:player.controls.fastforward"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\FFWDButton]
"onclick"="player.controls.FastForward()"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\REWButton]
"enabled"="wmpenabled:player.controls.fastreverse"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\REWButton]
"onclick"="player.controls.FastReverse()"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_0.0.0.0_none_1f234907c1e6e01e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\193FD3513CF682F498B7E41719012F02]
"7D2F38751006C040002000060BECB6AB"="C:\Program Files\AutoCAD 2008\Help\GettingStarted\Symbol Libraries\Fasteners - US.dwg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AAAE8BA3A5553B41A535143B24BA39E]
"359A2A031BEDA6646B064F93C9C7B6D9"="c?\ProgramData\Roxio\VideoWave10\Templates\Produce\MM_wmv9_320x240_Fast.prx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80FADBBA577C14D4C87AC11FBF1B58E8]
"7D2F38751006C040002000060BECB6AB"="C:\Program Files\AutoCAD 2008\Sample\DesignCenter\Fasteners - US.dwg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7D1FD42D7F980C49A63A5D0FD439522]
"7D2F38751006C040002000060BECB6AB"="C:\Program Files\AutoCAD 2008\Sample\DesignCenter\Fasteners - Metric.dwg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF36C9344993AF34C9C00159E2CB9D84]
"7D2F38751006C040002000060BECB6AB"="C:\Program Files\AutoCAD 2008\Help\GettingStarted\Symbol Libraries\Fasteners - Metric.dwg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6292B0B0A1571B48B8CE9F4A6194F63]
"359A2A031BEDA6646B064F93C9C7B6D9"="c?\ProgramData\Roxio\VideoWave10\Templates\Produce\MM_wmv9_320x180_Fast.prx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64B6C8222E46E40498A8FE800306E34F\Features]
"Program"="2P1,'1XGv8d6Xq&pU9tJn5JJFe~^`9-Ww'1-x`k6KW$*nwwn69^+o!&aK_oye-WYS$2a_8I]1yD%erz8(?7$PsR8IAB,sAjU44XWbtBW6o6'M=dtlD'qNeY1Ix'%+vntB?iJJMf?D8`tZozpTJop5?6!4*x@mA^S'vy1aE~PUA7Ak`ad04'fE`i+8(1tz@QngDn9Ar!oSGSsLdNLF9(dC@L0fSWIZsh6Iq*4?A]mX5%FymOg@F6'm0KdR9L9%4,yqv5atM(V2%i$R=QJDA2p]HD)talTtvYO&?0M&&Sl=uCv]L)hqu)_)@tIQn%0*nmfZG!*%Id84=Bw%40aOk95``J$%jj,P?XFR.Rd4)9Q?w8H,ByF'9dbE9^!s`woZf5O+iw3N?LG8Zeq2~a'xl-x6!LGh@giYl&hIF6VSnFR3&)+A9(Xm{^nCi3cP?2t[ZbIc?4)fhhQEm=(R{ow4@Mno9dwNc%EMR0arwlNOnS`M?*(uRKugd76Mg8vH$d2W@tnlm6_]`uu{=.CDW@xZ?w!WNM}}fEQdYfigfm4r?(P7Ss^1$N1}7o`,qO,b=!4G$6wZu_pL%1$'-r4}@%(_DcNa!JcDL*ZQ]1Y.@r.G$-Df~'amI}4DWq`a9]%7tKi(pd5_T_vp5@&5=^*e$I6'=Hpx-5By,,0E=.039{x8el(AhG_QFJ,C@OAOets`jkXQA8i402]B=A^O=q}FHL[mobG4@xi_83PLuOPE')=gB6q_Kfq9@6pDKo4CRQdZCZ]H%Sk*AduAaqET+-krVCrnJc2t?+gjJscXqoxUzo4mEmJf=Hy*%9if+HDVHj7An9~7?b!Cj=x{ZK6*L4t[7qMx8@Qwp-MAHs)CtxzHQAm*=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{865e5e76-ad83-4dca-a109-50dc2113ce9a}"="Programs Folder and Fast Items"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16386_none_f912915e7cd19314]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16830_none_f942a8bc7cae6118]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.21023_none_f9d9ee7395c16438]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a79c76e22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.22389_none_fb85772b93130197]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-fat_31bf3856ad364e35_none_fad8532e7eeab583\f256!fastfat.sys]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_none_49d9e76e0a1ef76e\f256!fastopen.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_none_6fe838c0b3fd5282]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_none_6fe838c0b3fd5282\f256!fastprox.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_none_6fe838c0b3fd5282\f256!fastprox.tmf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_none_6fe838c0b3fd5282]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\00C]
"Help"="3 L’objet de performance Système inclut des compteurs qui s’appliquent à plusieurs instances d’un composant sur l’ordinateur. 5 L'objet de performances Mémoire inclut les compteurs qui décrivent le comportement de la mémoire réelle et virtuelle de l'ordinateur. La mémoire physique est le montant de mémoire vive sur l'ordinateur. La mémoire virtuelle est l'espace en mémoire physique et sur le disque. La plupart de ces compteurs surveillent le mouvement des pages de code et de données entre le disque et la mémoire physique. Si celui-ci est trop important, indice d'une mémoire insuffisante, cela peut provoquer des délais qui interfèrent avec les processus système. 7 Le % Temps processeur est le pourcentage de temps que le processeur utilise pour exécuter des threads actifs. Il est calculé en mesurant le pourcentage de temps que le processeur passe à exécuter le thread inactif, puis en y soustrayant la valeur de 100 %. (Chaque
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"="AeLookupSvc wercplsupport Themes CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS ProfSvc EapHost winmgmt schedule SessionEnv browser hkmsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPCpl\Controls\4Scrolling\Long Distance Scrolling\Fast]
[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPCpl\Controls\5Pointer Motion\1Edge Motion\Edge motion speed\Fast]
[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPCpl\Controls\5Pointer Motion\Pointer refresh rate\Fast]
[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPCpl\StykControls\2Press to Select\3Pace\Fast]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E]
"Description"="@%SystemRoot%\system32\powrprof.dll,-108,Enable or Disable FastS4 System State."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E]
"FriendlyName"="@%SystemRoot%\system32\powrprof.dll,-109,System FastS4 Support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FASTFAT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FASTFAT\0000]
"Service"="fastfat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FASTFAT\0000\Control]
"ActiveService"="fastfat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat\Enum]
"0"="Root\LEGACY_FASTFAT\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E]
"Description"="@%SystemRoot%\system32\powrprof.dll,-108,Enable or Disable FastS4 System State."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E]
"FriendlyName"="@%SystemRoot%\system32\powrprof.dll,-109,System FastS4 Support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FASTFAT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FASTFAT\0000]
"Service"="fastfat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fastfat]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E]
"Description"="@%SystemRoot%\system32\powrprof.dll,-108,Enable or Disable FastS4 System State."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E]
"FriendlyName"="@%SystemRoot%\system32\powrprof.dll,-109,System FastS4 Support"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTFAT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTFAT\0000]
"Service"="fastfat"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTFAT\0000\Control]
"ActiveService"="fastfat"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastfat]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastfat\Enum]
"0"="Root\LEGACY_FASTFAT\0000"
[HKEY_USERS\S-1-5-21-2099413336-2092307940-2720715696-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2099413336-2092307940-2720715696-1004\SOFTWARE\TBSB07183\Toolbar]
"toolbar_version"="Fast Browser Search (My Web Tattoo) 2.1.9"
[HKEY_USERS\S-1-5-21-2099413336-2092307940-2720715696-1004\Software\Microsoft\Office\12.0\Common\Research\Sources\{81F95CF7-A582-402A-AE2F-CEA901D4207E}\{E76BCF9F-AFE3-4509-BF75-F0187BF195C5}]
"Description"="A business news and information tool from Dow Jones. Use Factiva iWorks when you need fast, easy access to high quality, relevant content to enhance your MS Office documents, presentations, and files. Plus, it can significantly improve your use of SmartTags. Factiva iWorks provides authoritative, multi-language business content from the most influential sources such as The Wall Street Journal, The New York Times, Financial Times and the Dow Jones and Reuters newswires. Whether the facts originated in a newspaper, newswire, trade publication, or a media transcript— Factiva iWorks helps you stay productive and informed."
[HKEY_USERS\S-1-5-21-2099413336-2092307940-2720715696-1004\Software\Classes\.fas]
@="AutoCADAutoLISPFastLoadFile"
[HKEY_USERS\S-1-5-21-2099413336-2092307940-2720715696-1004\Software\Classes\AutoCADAutoLISPFastLoadFile]
[HKEY_USERS\S-1-5-21-2099413336-2092307940-2720715696-1004_Classes\.fas]
@="AutoCADAutoLISPFastLoadFile"
[HKEY_USERS\S-1-5-21-2099413336-2092307940-2720715696-1004_Classes\AutoCADAutoLISPFastLoadFile]

Searching for "alot.com"
No data found.

-= EOF =-

Sujet: Re: [Fermé] Infecté par Securitytool Mer 3 Nov 2010 - 17:42

Suite à l'échange de quelques MP :

Sujet fermé en raison de l'inactivité. Si vous souhaitez réouvrir ce sujet, faites en la demande par MP en indiquant la raison et le lien vers ce sujet. Cela ne s'applique qu'à m3ri3m. Pour les autres, créez votre propre sujet.

__________________________________________________________________________________________________________________
Profitez d'offres promotionnelles et suivez Bibou0007.com sur Facebook -------->

*
*

» Aquariow ferme demain
» [Fermé] Infecté par Securitytool
» [Fermé] infecté avec searchqu.com/410
» [Fermé] Infecté par je sais pas quoi
» [fermé]Infecté ou non ?

[Fermé] Infecté par Securitytool

[Fermé] Infecté par Securitytool

Sujets similaires

Sujets similaires