gazouz33

Membres

Afficher le profil Afficher son activité

Compteur de contenus
40
Inscription
le 25 avril 2008
Dernière visite
le 18 février 2019

À propos de gazouz33

Date de naissance 16/07/1970

Profile Information

Sexe
Male
Localisation
Algérie

Autres informations

Mes langues
français

gazouz33's Achievements

Member (4/12)

Réputation sur la communauté

[résolu]Impossible de voir la MAJ avira en manual update

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

En effet, le problème est réglé après avoir téléchargé la bonne MAJ. Merci pour votre aide
- le 10 avril 2010
- 8 réponses
[résolu]Impossible de voir la MAJ avira en manual update

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

Aucune suggestion ???
- le 7 avril 2010
- 8 réponses
[résolu]Impossible de voir la MAJ avira en manual update

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

Non ça n'a rien donné. La MAJ est toujours invisible et MBAM n'a rien détecté
- le 5 avril 2010
- 8 réponses
[résolu]Impossible de voir la MAJ avira en manual update

gazouz33 a posté un sujet dans Analyses et éradication malwares

Bonjour. Voici mon problème ou mes problèmes. En faisant une mise à jour d'avira après avoir téléchargé le fichier de base de définition .zip, je ne peux pas le voir or, quand j'y accède avec windows je le trouve bien à sa place. J'ai pensé à une version obsolète du zip et j'ai retéléchargé le fichier zip mais il reste invisible. en deuxième lieu, MBAM n'arrête pas de bloquer des IP même quand je suis hors connexion voici un écran vous pourrez voir que le zip est bien là mais avira ne le "voit" pas je poste aussi un rapport Hijack et merci pour votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:40:21, on 04/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\xltCertPropUI.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Borland\InterBase\bin\ibguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\xltCCam.exe C:\Program Files\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Documents and Settings\ADEL\Mes documents\Downloads\Programs\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adserver.adtech.de/adlink|224|24050...ws.autoplus.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [xltCertPropUI] C:\WINDOWS\system32\xltCertPropUI.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100 O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe O23 - Service: Axalto Smart Card CAM Service (xltCCam) - Axalto Inc. - C:\WINDOWS\system32\xltCCam.exe -- End of file - 6693 bytes
- le 4 avril 2010
- 8 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

Merci pour tout surtout pour votre attention mais avant de vous laisser à vos occupations j'aimerai quand même vous poser quelques question 1- Dois je changer d'AV puisque avira (que je met à jour quotidiennement et je scan tous les 4 o 5 jours) apparemment n'a rien vu de cette infection ? 2- Comment faire pour télécharger une nouvelle base de définition de MBAM ? Merci infiniment EDIT: MBAM continue d'afficher le même message mais l'IP a changé
- le 7 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

Cette fois il a mis près de 10 mn pour afficher le compte-rendu est ce normal ? ComboFix 10-02-06.03 - ADEL1 07/02/2010 18:26:51.6.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1507 [GMT 0:00] Lancé depuis: c:\documents and settings\ADEL1\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\ADEL1\Bureau\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 )))))))))))))))))))))))))))))))))))) . 2010-02-06 18:35 . 2010-02-07 16:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\abelhadigital.com 2010-02-05 19:13 . 2010-02-07 16:39 -------- d-----w- C:\Temp 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\documents and settings\ADEL1\Application Data\LogProtect 2010-02-05 17:58 . 2010-02-07 16:41 -------- d-----w- c:\program files\LogProtect 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- c:\program files\trend micro 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- C:\rsit 2010-02-04 20:53 . 2010-02-04 20:55 -------- d-----w- c:\documents and settings\ADEL1\vw 2010-02-04 20:53 . 2010-02-04 20:53 -------- d-----w- c:\documents and settings\ADEL1\Visual IP Trace 2010-02-02 21:51 . 2010-02-02 21:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! 2010-02-02 15:17 . 2010-02-02 15:17 -------- d-----w- c:\documents and settings\ADEL1\Application Data\TeamViewer 2010-02-02 15:17 . 2010-02-05 17:19 -------- d-----w- c:\program files\TeamViewer 2010-02-02 12:19 . 2010-02-02 12:45 -------- d-----w- c:\program files\JDownloader 2010-01-30 16:50 . 2010-02-02 12:12 -------- d-----w- C:\Mes Sites Web 2010-01-30 16:49 . 2010-01-30 16:49 -------- d-----w- c:\program files\WinHTTrack 2010-01-25 21:58 . 2010-01-25 21:58 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Eggiz 2010-01-25 13:59 . 2010-01-25 13:59 -------- d-----w- c:\program files\Eggiz 2010-01-18 10:21 . 2010-01-18 10:21 -------- d-----w- C:\spoolerlogs 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SDI 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\ADEL1\Application Data\SDI 2010-01-15 15:36 . 2010-01-15 15:36 -------- d-----w- c:\program files\AF Software 2010-01-15 15:17 . 2010-01-15 15:17 -------- d-----w- c:\program files\Makayama 2010-01-15 14:59 . 2010-01-15 14:59 -------- d-----w- c:\program files\Abitec 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\program files\Microsoft Windows Script 2010-01-14 13:50 . 2010-01-14 13:55 -------- d-----w- c:\program files\Fma 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FMA 2010-01-14 13:26 . 2010-01-14 13:26 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Globe7 2010-01-14 13:03 . 2010-01-14 13:03 -------- d-----w- c:\program files\PowerQuest 2010-01-14 12:34 . 2010-01-14 12:36 -------- d-----w- c:\program files\WebCopier 2010-01-11 11:38 . 2010-01-11 11:45 2452037 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_87\mpcstar_setup.exe 2010-01-11 11:37 . 2010-01-11 11:37 1157 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_86\mpcstar_setup.exe 2010-01-11 10:32 . 2010-01-11 10:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield 2010-01-11 10:31 . 2010-01-11 10:32 -------- d-----w- c:\program files\Fichiers communs\Jasc Software Inc 2010-01-11 10:31 . 2010-01-11 10:31 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Jasc Software Inc 2010-01-11 10:30 . 2010-01-11 10:31 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-10 12:13 . 2010-01-10 12:13 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Identities 2010-01-10 11:24 . 2010-01-10 11:24 -------- d-s---w- c:\documents and settings\ADEL1\UserData . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-07 18:08 . 2002-09-07 00:00 71686 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-07 18:08 . 2002-09-07 00:00 458886 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-07 17:58 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\DMCache 2010-02-07 16:41 . 2009-06-21 12:00 -------- d-----w- c:\program files\ooVoo 2010-02-06 18:34 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\IDM 2010-02-03 20:57 . 2010-02-02 12:31 0 ----a-w- c:\documents and settings\ADEL1\errorlog.tmp 2010-02-02 21:51 . 2009-06-02 15:08 -------- d-----w- c:\program files\Yahoo! 2010-02-02 13:58 . 2010-01-05 12:07 -------- d-----w- c:\documents and settings\ADEL1\Application Data\uTorrent 2010-01-27 14:41 . 2009-12-09 14:27 1 ----a-w- c:\documents and settings\ADEL1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-21 20:34 . 2009-12-28 12:49 88880 ----a-w- c:\documents and settings\ADEL1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-17 13:01 . 2010-01-06 10:56 -------- d-----w- c:\program files\BitComet 2010-01-14 13:04 . 2009-04-17 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-11 10:31 . 2009-04-17 19:43 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-07 10:59 . 2009-05-10 10:48 -------- d-----w- c:\program files\Internet Download Manager 2010-01-06 13:27 . 2010-01-06 13:27 198064 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 10:56 . 2010-01-06 10:56 1036288 ----a-w- c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-06 10:28 . 2010-01-06 10:26 -------- d-----w- c:\program files\freebird 2010-01-05 12:07 . 2010-01-05 12:07 -------- d-----w- c:\program files\uTorrent 2010-01-05 11:55 . 2010-01-05 11:54 -------- d-----w- c:\documents and settings\ADEL1\Application Data\ooVoo Details 2010-01-05 11:24 . 2010-01-05 11:24 305 ----a-w- c:\windows\system32\secushr.dat 2010-01-05 11:23 . 2010-01-05 11:23 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FlashGet 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-04 14:22 . 2010-01-04 14:21 -------- d-----w- c:\program files\Fichiers communs\Motorola Shared 2010-01-04 14:21 . 2010-01-04 12:04 -------- d-----w- c:\program files\Motorola 2010-01-04 12:19 . 2010-01-04 12:19 40960 ----a-r- c:\documents and settings\ADEL1\Application Data\Microsoft\Installer\{86EB9B75-C7F8-4D7D-A032-6C5858757525}\ARPPRODUCTICON.exe 2010-01-04 09:47 . 2010-01-04 09:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software 2010-01-04 09:42 . 2010-01-04 09:42 -------- d-----w- c:\program files\Avanquest update 2010-01-04 09:42 . 2010-01-04 09:41 -------- d-----w- c:\program files\Motorola Phone Tools 2010-01-04 09:41 . 2010-01-04 09:41 25600 ----a-w- c:\documents and settings\ADEL1\usbsermptxp.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\documents and settings\ADEL1\usbsermpt.sys 2010-01-03 10:40 . 2009-07-01 10:36 -------- d-----w- c:\program files\Bit Che 2010-01-03 10:40 . 2010-01-03 10:40 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Convivea 2009-12-29 10:11 . 2009-06-23 14:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Malwarebytes 2009-12-28 13:38 . 2009-04-17 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-12-26 19:28 . 2009-12-26 01:22 -------- d-----w- c:\program files\Ontrack 2009-12-20 13:59 . 2009-05-13 10:15 -------- d-----w- c:\program files\FLV Player 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-20 10:25 . 2009-04-17 12:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-12-16 15:55 . 2009-12-09 12:26 586106 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-12-16 15:54 . 2009-12-09 12:26 369014 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-12-16 15:54 . 2009-12-09 12:26 237943 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2009-12-16 15:39 . 2009-12-16 15:39 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Ahead 2009-12-16 15:17 . 2009-12-16 15:17 -------- d-----w- c:\program files\XviD 2009-12-14 22:10 . 2009-12-14 22:10 -------- d-----w- c:\documents and settings\ADEL1\Application Data\vlc 2009-12-10 14:43 . 2009-12-09 12:26 127348 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2009-12-10 14:43 . 2009-12-09 12:26 180598 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2009-12-09 14:07 . 2009-12-09 14:04 77040 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_8\win2k_xp14363.exe 2009-12-09 13:48 . 2009-12-09 13:48 0 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_4\win2k_xp14363.exe 2009-12-09 13:19 . 2009-12-09 13:19 181680 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc02\components\idmmzcc.dll 2009-12-09 13:01 . 2009-12-09 11:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-09 12:32 . 2009-12-09 12:22 133192 ----a-w- c:\windows\hpwins13.dat 2009-12-09 12:29 . 2009-12-09 12:29 0 ----a-w- c:\windows\nsreg.dat 2009-12-09 11:28 . 2009-12-09 11:28 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-07 11:51 . 2009-04-21 09:41 1 ----a-w- c:\documents and settings\ADEL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-07 10:30 . 2009-12-09 12:26 2183544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2009-12-01 13:49 . 2009-07-01 12:33 64 ----a-w- c:\documents and settings\ADEL\errorlog.tmp 2009-11-30 20:30 . 2009-12-09 12:26 479605 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2009-11-20 12:05 . 2009-12-09 12:26 246132 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll . ((((((((((((((((((((((((((((( SnapShot@2010-02-07_16.32.33 ))))))))))))))))))))))))))))))))))))))))) . - 2002-09-07 00:00 . 2010-02-07 12:16 58930 c:\windows\system32\perfc009.dat + 2002-09-07 00:00 . 2010-02-07 18:08 58930 c:\windows\system32\perfc009.dat + 2002-09-07 00:00 . 2010-02-07 18:08 392630 c:\windows\system32\perfh009.dat - 2002-09-07 00:00 . 2010-02-07 12:16 392630 c:\windows\system32\perfh009.dat + 2004-08-04 03:14 . 2008-04-13 12:20 361344 c:\windows\system32\dllcache\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032] "SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-12-01 1066240] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "42890:TCP"= 42890:TCP:utor "42890:UDP"= 42890:UDP:utor "443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo "10984:TCP"= 10984:TCP:BitComet 10984 TCP "10984:UDP"= 10984:UDP:BitComet 10984 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/06/2009 14:57 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2009 18:46 269648] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [04/01/2010 14:22 91392] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/12/2009 13:38 19160] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [04/01/2010 14:22 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [04/01/2010 14:22 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [04/01/2010 14:22 42752] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm Trusted Zone: chat-land.org Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\ FF - component: c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-07 18:32 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):e9,9f,41,50,df,39,34,a1,f5,47,7c,a5,dd,87,85,2b,8c,5c,1c,f2,40, bc,24,af,49,25,84,8e,e6,ad,7c,7c,14,0d,88,d5,76,f7,f8,74,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a131821-1a88-43ff-a385-7946cc3ea724}] @Denied: (Full) (Everyone) "Model"=dword:00000005 "Therad"=dword:0000001b [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):7d,f6,21,d2,33,72,32,f9,42,f4,f8,9c,7b,e1,d2,3e,d5,4c,fe,69,16, b8,f8,ff,b7,72,3e,b4,0a,a1,8a,05,f6,71,95,8c,ef,16,78,a7,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0c97009-4299-4455-bab4-d28d0e73f920}] @Denied: (Full) (Everyone) "Model"=dword:00000023 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(980) c:\windows\system32\athgina.dll - - - - - - - > 'explorer.exe'(2876) c:\windows\system32\eappprxy.dll c:\program files\Internet Download Manager\IDMIECC.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Internet Download Manager\idmmkb.dll c:\program files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Motorola\MotoConnectService\MotoConnect.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-02-07 18:35:50 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-07 18:35 ComboFix2.txt 2010-02-07 18:08 ComboFix3.txt 2010-02-07 16:35 ComboFix4.txt 2010-01-13 20:33 ComboFix5.txt 2010-02-07 18:26 Avant-CF: 35 127 562 240 octets libres Après-CF: 35 093 577 728 octets libres - - End Of File - - E52EC76C6C7613C4C07D8A8A51C6252D
- le 7 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

Désolé pour la bourde voici le rapport combofix ComboFix 10-02-06.03 - ADEL1 07/02/2010 17:59:15.5.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1499 [GMT 0:00] Lancé depuis: c:\documents and settings\ADEL1\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\ADEL1\Bureau\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\documents and settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\searchplugins\cherche.xml" "c:\documents and settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\searchplugins\cherche.xml" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\searchplugins\cherche.xml c:\documents and settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\searchplugins\cherche.xml . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 )))))))))))))))))))))))))))))))))))) . 2010-02-06 18:35 . 2010-02-07 16:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\abelhadigital.com 2010-02-05 19:13 . 2010-02-07 16:39 -------- d-----w- C:\Temp 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\documents and settings\ADEL1\Application Data\LogProtect 2010-02-05 17:58 . 2010-02-07 16:41 -------- d-----w- c:\program files\LogProtect 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- c:\program files\trend micro 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- C:\rsit 2010-02-04 20:53 . 2010-02-04 20:55 -------- d-----w- c:\documents and settings\ADEL1\vw 2010-02-04 20:53 . 2010-02-04 20:53 -------- d-----w- c:\documents and settings\ADEL1\Visual IP Trace 2010-02-02 21:51 . 2010-02-02 21:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! 2010-02-02 15:17 . 2010-02-02 15:17 -------- d-----w- c:\documents and settings\ADEL1\Application Data\TeamViewer 2010-02-02 15:17 . 2010-02-05 17:19 -------- d-----w- c:\program files\TeamViewer 2010-02-02 12:19 . 2010-02-02 12:45 -------- d-----w- c:\program files\JDownloader 2010-01-30 16:50 . 2010-02-02 12:12 -------- d-----w- C:\Mes Sites Web 2010-01-30 16:49 . 2010-01-30 16:49 -------- d-----w- c:\program files\WinHTTrack 2010-01-25 21:58 . 2010-01-25 21:58 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Eggiz 2010-01-25 13:59 . 2010-01-25 13:59 -------- d-----w- c:\program files\Eggiz 2010-01-18 10:21 . 2010-01-18 10:21 -------- d-----w- C:\spoolerlogs 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SDI 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\ADEL1\Application Data\SDI 2010-01-15 15:36 . 2010-01-15 15:36 -------- d-----w- c:\program files\AF Software 2010-01-15 15:17 . 2010-01-15 15:17 -------- d-----w- c:\program files\Makayama 2010-01-15 14:59 . 2010-01-15 14:59 -------- d-----w- c:\program files\Abitec 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\program files\Microsoft Windows Script 2010-01-14 13:50 . 2010-01-14 13:55 -------- d-----w- c:\program files\Fma 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FMA 2010-01-14 13:26 . 2010-01-14 13:26 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Globe7 2010-01-14 13:03 . 2010-01-14 13:03 -------- d-----w- c:\program files\PowerQuest 2010-01-14 12:34 . 2010-01-14 12:36 -------- d-----w- c:\program files\WebCopier 2010-01-11 11:38 . 2010-01-11 11:45 2452037 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_87\mpcstar_setup.exe 2010-01-11 11:37 . 2010-01-11 11:37 1157 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_86\mpcstar_setup.exe 2010-01-11 10:32 . 2010-01-11 10:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield 2010-01-11 10:31 . 2010-01-11 10:32 -------- d-----w- c:\program files\Fichiers communs\Jasc Software Inc 2010-01-11 10:31 . 2010-01-11 10:31 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Jasc Software Inc 2010-01-11 10:30 . 2010-01-11 10:31 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-10 12:13 . 2010-01-10 12:13 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Identities 2010-01-10 11:24 . 2010-01-10 11:24 -------- d-s---w- c:\documents and settings\ADEL1\UserData . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-07 17:58 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\DMCache 2010-02-07 16:41 . 2009-06-21 12:00 -------- d-----w- c:\program files\ooVoo 2010-02-07 16:36 . 2002-09-07 00:00 71686 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-07 16:36 . 2002-09-07 00:00 458886 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-06 18:34 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\IDM 2010-02-03 20:57 . 2010-02-02 12:31 0 ----a-w- c:\documents and settings\ADEL1\errorlog.tmp 2010-02-02 21:51 . 2009-06-02 15:08 -------- d-----w- c:\program files\Yahoo! 2010-02-02 13:58 . 2010-01-05 12:07 -------- d-----w- c:\documents and settings\ADEL1\Application Data\uTorrent 2010-01-27 14:41 . 2009-12-09 14:27 1 ----a-w- c:\documents and settings\ADEL1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-21 20:34 . 2009-12-28 12:49 88880 ----a-w- c:\documents and settings\ADEL1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-17 13:01 . 2010-01-06 10:56 -------- d-----w- c:\program files\BitComet 2010-01-14 13:04 . 2009-04-17 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-11 10:31 . 2009-04-17 19:43 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-07 10:59 . 2009-05-10 10:48 -------- d-----w- c:\program files\Internet Download Manager 2010-01-06 13:27 . 2010-01-06 13:27 198064 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 10:56 . 2010-01-06 10:56 1036288 ----a-w- c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-06 10:28 . 2010-01-06 10:26 -------- d-----w- c:\program files\freebird 2010-01-05 12:07 . 2010-01-05 12:07 -------- d-----w- c:\program files\uTorrent 2010-01-05 11:55 . 2010-01-05 11:54 -------- d-----w- c:\documents and settings\ADEL1\Application Data\ooVoo Details 2010-01-05 11:24 . 2010-01-05 11:24 305 ----a-w- c:\windows\system32\secushr.dat 2010-01-05 11:23 . 2010-01-05 11:23 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FlashGet 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-04 14:22 . 2010-01-04 14:21 -------- d-----w- c:\program files\Fichiers communs\Motorola Shared 2010-01-04 14:21 . 2010-01-04 12:04 -------- d-----w- c:\program files\Motorola 2010-01-04 12:19 . 2010-01-04 12:19 40960 ----a-r- c:\documents and settings\ADEL1\Application Data\Microsoft\Installer\{86EB9B75-C7F8-4D7D-A032-6C5858757525}\ARPPRODUCTICON.exe 2010-01-04 09:47 . 2010-01-04 09:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software 2010-01-04 09:42 . 2010-01-04 09:42 -------- d-----w- c:\program files\Avanquest update 2010-01-04 09:42 . 2010-01-04 09:41 -------- d-----w- c:\program files\Motorola Phone Tools 2010-01-04 09:41 . 2010-01-04 09:41 25600 ----a-w- c:\documents and settings\ADEL1\usbsermptxp.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\documents and settings\ADEL1\usbsermpt.sys 2010-01-03 10:40 . 2009-07-01 10:36 -------- d-----w- c:\program files\Bit Che 2010-01-03 10:40 . 2010-01-03 10:40 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Convivea 2009-12-29 10:11 . 2009-06-23 14:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Malwarebytes 2009-12-28 13:38 . 2009-04-17 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-12-26 19:28 . 2009-12-26 01:22 -------- d-----w- c:\program files\Ontrack 2009-12-20 13:59 . 2009-05-13 10:15 -------- d-----w- c:\program files\FLV Player 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-20 10:25 . 2009-04-17 12:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-12-16 15:55 . 2009-12-09 12:26 586106 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-12-16 15:54 . 2009-12-09 12:26 369014 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-12-16 15:54 . 2009-12-09 12:26 237943 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2009-12-16 15:39 . 2009-12-16 15:39 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Ahead 2009-12-16 15:17 . 2009-12-16 15:17 -------- d-----w- c:\program files\XviD 2009-12-14 22:10 . 2009-12-14 22:10 -------- d-----w- c:\documents and settings\ADEL1\Application Data\vlc 2009-12-10 14:43 . 2009-12-09 12:26 127348 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2009-12-10 14:43 . 2009-12-09 12:26 180598 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2009-12-09 14:07 . 2009-12-09 14:04 77040 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_8\win2k_xp14363.exe 2009-12-09 13:48 . 2009-12-09 13:48 0 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_4\win2k_xp14363.exe 2009-12-09 13:19 . 2009-12-09 13:19 181680 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc02\components\idmmzcc.dll 2009-12-09 13:01 . 2009-12-09 11:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-09 12:32 . 2009-12-09 12:22 133192 ----a-w- c:\windows\hpwins13.dat 2009-12-09 12:29 . 2009-12-09 12:29 0 ----a-w- c:\windows\nsreg.dat 2009-12-09 11:28 . 2009-12-09 11:28 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-07 11:51 . 2009-04-21 09:41 1 ----a-w- c:\documents and settings\ADEL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-07 10:30 . 2009-12-09 12:26 2183544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2009-12-01 13:49 . 2009-07-01 12:33 64 ----a-w- c:\documents and settings\ADEL\errorlog.tmp 2009-11-30 20:30 . 2009-12-09 12:26 479605 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2009-11-20 12:05 . 2009-12-09 12:26 246132 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll . ------- Sigcheck ------- [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2010-02-07_16.32.33 ))))))))))))))))))))))))))))))))))))))))) . - 2002-09-07 00:00 . 2010-02-07 12:16 58930 c:\windows\system32\perfc009.dat + 2002-09-07 00:00 . 2010-02-07 16:36 58930 c:\windows\system32\perfc009.dat + 2002-09-07 00:00 . 2010-02-07 16:36 392630 c:\windows\system32\perfh009.dat - 2002-09-07 00:00 . 2010-02-07 12:16 392630 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032] "SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-12-01 1066240] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "42890:TCP"= 42890:TCP:utor "42890:UDP"= 42890:UDP:utor "443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo "10984:TCP"= 10984:TCP:BitComet 10984 TCP "10984:UDP"= 10984:UDP:BitComet 10984 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/06/2009 14:57 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2009 18:46 269648] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [04/01/2010 14:22 91392] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/12/2009 13:38 19160] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [04/01/2010 14:22 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [04/01/2010 14:22 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [04/01/2010 14:22 42752] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm Trusted Zone: chat-land.org Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cherche.us/ FF - component: c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-07 18:05 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):e9,9f,41,50,df,39,34,a1,f5,47,7c,a5,dd,87,85,2b,8c,5c,1c,f2,40, bc,24,af,49,25,84,8e,e6,ad,7c,7c,14,0d,88,d5,76,f7,f8,74,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a131821-1a88-43ff-a385-7946cc3ea724}] @Denied: (Full) (Everyone) "Model"=dword:00000005 "Therad"=dword:0000001b [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):7d,f6,21,d2,33,72,32,f9,42,f4,f8,9c,7b,e1,d2,3e,d5,4c,fe,69,16, b8,f8,ff,b7,72,3e,b4,0a,a1,8a,05,f6,71,95,8c,ef,16,78,a7,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0c97009-4299-4455-bab4-d28d0e73f920}] @Denied: (Full) (Everyone) "Model"=dword:00000023 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(980) c:\windows\system32\athgina.dll - - - - - - - > 'explorer.exe'(2404) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE . ************************************************************************** . Heure de fin: 2010-02-07 18:08:19 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-07 18:08 ComboFix2.txt 2010-02-07 16:35 ComboFix3.txt 2010-01-13 20:33 ComboFix4.txt 2010-01-10 13:40 ComboFix5.txt 2010-02-07 17:42 Avant-CF: 35 137 912 832 octets libres Après-CF: 35 118 702 592 octets libres - - End Of File - - E89783E998C202A1B9966028B8E56E9B
- le 7 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

j'ai téléchargé de lien et il c'est un fichier html pas txt comme sur l'exemple j'ai quand même suivi vos instruction mais apparemment il y a une erreur de script qui arrête le processus. voici une image : ça reste comme cela et combofix se ferme quand j'appuie sur ok Merci de m'éclairer
- le 7 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

OK voici le compte rendu combofix : ComboFix 10-02-06.03 - ADEL1 07/02/2010 16:25:45.4.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1583 [GMT 0:00] Lancé depuis: c:\documents and settings\ADEL1\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ADEL1\x.exe C:\khq c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\WanPacket.dll c:\windows\system32\winrar32.exe c:\windows\system32\wpcap.dll D:\khq E:\khq I:\khq . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 )))))))))))))))))))))))))))))))))))) . 2010-02-07 12:24 . 2010-02-07 12:26 -------- d-----w- c:\program files\Vibe Streamer 2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\abelhadigital.com 2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\documents and settings\ADEL1\Application Data\abelhadigital.com 2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\program files\HostsMan 2010-02-05 19:13 . 2010-02-07 16:27 -------- d-----w- C:\Temp 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\documents and settings\ADEL1\Application Data\LogProtect 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\program files\LogProtect 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- c:\program files\trend micro 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- C:\rsit 2010-02-04 20:53 . 2010-02-04 20:55 -------- d-----w- c:\documents and settings\ADEL1\vw 2010-02-04 20:53 . 2010-02-04 20:53 -------- d-----w- c:\documents and settings\ADEL1\Visual IP Trace 2010-02-02 21:51 . 2010-02-02 21:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! 2010-02-02 15:17 . 2010-02-02 15:17 -------- d-----w- c:\documents and settings\ADEL1\Application Data\TeamViewer 2010-02-02 15:17 . 2010-02-05 17:19 -------- d-----w- c:\program files\TeamViewer 2010-02-02 12:19 . 2010-02-02 12:45 -------- d-----w- c:\program files\JDownloader 2010-01-30 16:50 . 2010-02-02 12:12 -------- d-----w- C:\Mes Sites Web 2010-01-30 16:49 . 2010-01-30 16:49 -------- d-----w- c:\program files\WinHTTrack 2010-01-25 21:58 . 2010-01-25 21:58 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Eggiz 2010-01-25 13:59 . 2010-01-25 13:59 -------- d-----w- c:\program files\Eggiz 2010-01-18 10:21 . 2010-01-18 10:21 -------- d-----w- C:\spoolerlogs 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SDI 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\ADEL1\Application Data\SDI 2010-01-15 15:36 . 2010-01-15 15:36 -------- d-----w- c:\program files\AF Software 2010-01-15 15:17 . 2010-01-15 15:17 -------- d-----w- c:\program files\Makayama 2010-01-15 14:59 . 2010-01-15 14:59 -------- d-----w- c:\program files\Abitec 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\program files\Microsoft Windows Script 2010-01-14 13:50 . 2010-01-14 13:55 -------- d-----w- c:\program files\Fma 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FMA 2010-01-14 13:26 . 2010-01-14 13:26 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Globe7 2010-01-14 13:03 . 2010-01-14 13:03 -------- d-----w- c:\program files\PowerQuest 2010-01-14 12:34 . 2010-01-14 12:36 -------- d-----w- c:\program files\WebCopier 2010-01-11 11:38 . 2010-01-11 11:45 2452037 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_87\mpcstar_setup.exe 2010-01-11 11:37 . 2010-01-11 11:37 1157 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_86\mpcstar_setup.exe 2010-01-11 10:32 . 2010-01-11 10:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield 2010-01-11 10:31 . 2010-01-11 10:32 -------- d-----w- c:\program files\Fichiers communs\Jasc Software Inc 2010-01-11 10:31 . 2010-01-11 10:31 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Jasc Software Inc 2010-01-11 10:30 . 2010-01-11 10:31 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-10 12:13 . 2010-01-10 12:13 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Identities 2010-01-10 11:24 . 2010-01-10 11:24 -------- d-s---w- c:\documents and settings\ADEL1\UserData . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-07 16:24 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\DMCache 2010-02-07 12:16 . 2002-09-07 00:00 71686 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-07 12:16 . 2002-09-07 00:00 458886 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-06 18:34 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\IDM 2010-02-03 20:57 . 2010-02-02 12:31 0 ----a-w- c:\documents and settings\ADEL1\errorlog.tmp 2010-02-02 21:51 . 2009-06-02 15:08 -------- d-----w- c:\program files\Yahoo! 2010-02-02 13:58 . 2010-01-05 12:07 -------- d-----w- c:\documents and settings\ADEL1\Application Data\uTorrent 2010-01-27 14:41 . 2009-12-09 14:27 1 ----a-w- c:\documents and settings\ADEL1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-21 20:34 . 2009-12-28 12:49 88880 ----a-w- c:\documents and settings\ADEL1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-17 13:01 . 2010-01-06 10:56 -------- d-----w- c:\program files\BitComet 2010-01-14 13:04 . 2009-04-17 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-11 10:31 . 2009-04-17 19:43 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-07 10:59 . 2009-05-10 10:48 -------- d-----w- c:\program files\Internet Download Manager 2010-01-06 13:27 . 2010-01-06 13:27 198064 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 10:56 . 2010-01-06 10:56 1036288 ----a-w- c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-06 10:28 . 2010-01-06 10:26 -------- d-----w- c:\program files\freebird 2010-01-05 12:07 . 2010-01-05 12:07 -------- d-----w- c:\program files\uTorrent 2010-01-05 11:55 . 2010-01-05 11:54 -------- d-----w- c:\documents and settings\ADEL1\Application Data\ooVoo Details 2010-01-05 11:54 . 2009-06-21 12:00 -------- d-----w- c:\program files\ooVoo 2010-01-05 11:24 . 2010-01-05 11:24 305 ----a-w- c:\windows\system32\secushr.dat 2010-01-05 11:23 . 2010-01-05 11:23 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FlashGet 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-04 14:22 . 2010-01-04 14:21 -------- d-----w- c:\program files\Fichiers communs\Motorola Shared 2010-01-04 14:21 . 2010-01-04 12:04 -------- d-----w- c:\program files\Motorola 2010-01-04 12:19 . 2010-01-04 12:19 40960 ----a-r- c:\documents and settings\ADEL1\Application Data\Microsoft\Installer\{86EB9B75-C7F8-4D7D-A032-6C5858757525}\ARPPRODUCTICON.exe 2010-01-04 09:47 . 2010-01-04 09:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software 2010-01-04 09:42 . 2010-01-04 09:42 -------- d-----w- c:\program files\Avanquest update 2010-01-04 09:42 . 2010-01-04 09:41 -------- d-----w- c:\program files\Motorola Phone Tools 2010-01-04 09:41 . 2010-01-04 09:41 25600 ----a-w- c:\documents and settings\ADEL1\usbsermptxp.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\documents and settings\ADEL1\usbsermpt.sys 2010-01-03 10:40 . 2009-07-01 10:36 -------- d-----w- c:\program files\Bit Che 2010-01-03 10:40 . 2010-01-03 10:40 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Convivea 2009-12-29 10:11 . 2009-06-23 14:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Malwarebytes 2009-12-28 13:38 . 2009-04-17 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-12-26 19:28 . 2009-12-26 01:22 -------- d-----w- c:\program files\Ontrack 2009-12-20 13:59 . 2009-05-13 10:15 -------- d-----w- c:\program files\FLV Player 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-20 10:25 . 2009-04-17 12:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-12-16 15:55 . 2009-12-09 12:26 586106 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-12-16 15:54 . 2009-12-09 12:26 369014 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-12-16 15:54 . 2009-12-09 12:26 237943 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2009-12-16 15:39 . 2009-12-16 15:39 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Ahead 2009-12-16 15:17 . 2009-12-16 15:17 -------- d-----w- c:\program files\XviD 2009-12-14 22:10 . 2009-12-14 22:10 -------- d-----w- c:\documents and settings\ADEL1\Application Data\vlc 2009-12-10 14:43 . 2009-12-09 12:26 127348 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2009-12-10 14:43 . 2009-12-09 12:26 180598 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2009-12-09 14:07 . 2009-12-09 14:04 77040 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_8\win2k_xp14363.exe 2009-12-09 13:48 . 2009-12-09 13:48 0 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_4\win2k_xp14363.exe 2009-12-09 13:19 . 2009-12-09 13:19 181680 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc02\components\idmmzcc.dll 2009-12-09 13:01 . 2009-12-09 11:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-09 12:32 . 2009-12-09 12:22 133192 ----a-w- c:\windows\hpwins13.dat 2009-12-09 12:29 . 2009-12-09 12:29 0 ----a-w- c:\windows\nsreg.dat 2009-12-09 11:28 . 2009-12-09 11:28 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-07 11:51 . 2009-04-21 09:41 1 ----a-w- c:\documents and settings\ADEL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-07 10:30 . 2009-12-09 12:26 2183544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2009-12-01 13:49 . 2009-07-01 12:33 64 ----a-w- c:\documents and settings\ADEL\errorlog.tmp 2009-11-30 20:30 . 2009-12-09 12:26 479605 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2009-11-20 12:05 . 2009-12-09 12:26 246132 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll . ------- Sigcheck ------- [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032] "SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-12-01 1066240] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "LogProtect"="c:\program files\LogProtect\LogProtect.exe" [2010-01-07 3910144] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\ooVoo\\ooVoo.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "42890:TCP"= 42890:TCP:utor "42890:UDP"= 42890:UDP:utor "443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo "10984:TCP"= 10984:TCP:BitComet 10984 TCP "10984:UDP"= 10984:UDP:BitComet 10984 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/06/2009 14:57 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2009 18:46 269648] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [04/01/2010 14:22 91392] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/12/2009 13:38 19160] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [04/01/2010 14:22 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [04/01/2010 14:22 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [04/01/2010 14:22 42752] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm Trusted Zone: chat-land.org Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\ FF - prefs.js: browser.search.selectedEngine - WikipÃ©dia (fr) FF - prefs.js: browser.startup.homepage - hxxp://www.cherche.us/ FF - prefs.js: keyword.URL - hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q= FF - component: c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-07 16:32 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):e9,9f,41,50,df,39,34,a1,f5,47,7c,a5,dd,87,85,2b,8c,5c,1c,f2,40, bc,24,af,49,25,84,8e,e6,ad,7c,7c,14,0d,88,d5,76,f7,f8,74,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a131821-1a88-43ff-a385-7946cc3ea724}] @Denied: (Full) (Everyone) "Model"=dword:00000005 "Therad"=dword:0000001b [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):7d,f6,21,d2,33,72,32,f9,42,f4,f8,9c,7b,e1,d2,3e,d5,4c,fe,69,16, b8,f8,ff,b7,72,3e,b4,0a,a1,8a,05,f6,71,95,8c,ef,16,78,a7,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0c97009-4299-4455-bab4-d28d0e73f920}] @Denied: (Full) (Everyone) "Model"=dword:00000023 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(980) c:\windows\system32\athgina.dll - - - - - - - > 'explorer.exe'(2664) c:\program files\LogProtect\DllHookM.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\wscntfy.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe . ************************************************************************** . Heure de fin: 2010-02-07 16:35:33 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-07 16:35 ComboFix2.txt 2010-01-13 20:33 ComboFix3.txt 2010-01-10 13:40 ComboFix4.txt 2010-01-06 10:02 Avant-CF: 35 087 040 512 octets libres Après-CF: 35 145 084 928 octets libres - - End Of File - - C4BFE2B96A249BEC00A453DFE1B83474
- le 7 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

FoxScan Version 1.1.1 Par Loup blanc - Zebulon.fr Scan lancé le 07/02/2010 à 12:15 Microsoft Windows XP Professionnel Service Pack 3 [version 5.1.2600] Mozilla Firefox version : 3.6 (fr) Dossier d'installation : C:\Program Files\Mozilla Firefox ================================================================================ = ---------- Compte utilisateur : ADEL ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\ Pages de démarrage prefs.js : "http://www.cherche.us/"'>http://www.cherche.us/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : Java Console Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ Etat : actif Nom : Java Quick Starter Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\ Etat : actif Nom : Xmarks Dossier : C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\extensions\[email protected]\ Etat : actif Nom : Solid State ION Dossier : C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\extensions\[email protected]\ Etat : actif Nom : FlashGot Dossier : C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : "http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=" keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\searchplugins\cherche.xml Template : http://google.cherche.us/Result.php?client ================================================================================ = ---------- Compte utilisateur : ADEL1 [session en cours] ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\ Pages de démarrage prefs.js : "http://www.cherche.us/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : Java Console Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ Etat : actif Nom : Xmarks Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\[email protected]\ Etat : actif Nom : TV5 - Dictionnaires Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\{b055c535-4a3a-11db-9659-00e08161166f}\ Etat : actif Nom : BitComet Video Downloader Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\ Etat : actif Nom : BitComet è§†é¢‘ä¸‹è½½å™¨ Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\ Etat : actif Nom : Chickenfoot Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : "WikipÃ©dia (fr keyword.URL : "http://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=" keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\searchplugins\cherche.xml Template : http://www.cherche.us/Result.php?client ================================================================================ = ---------- Section commune ================================================================================ = //////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\ browserdirprovider.dll brwsrcmp.dll ------------------------------------------------------ //////////// Plugins de recherche \\\\\\\\\\\\\ --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml Template : http://www.amazon.fr/exec/obidos/external-search/ C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml Template : http://www.cnrtl.fr/lexicographie/{searchTerms} C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml Template : http://rover.ebay.com/rover/1/709-47295-17703-3/4 C:\Program Files\Mozilla Firefox\searchplugins\google.xml Template : http://www.google.com/search C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml Template : http://fr.wikipedia.org/wiki/Special:Recherche C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml Template : http://fr.search.yahoo.com/search ------------------------------------------------------ //////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection] "Description"="Détection de sa configuration" "Vendor"="CybelSoft" "Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3] "Description"="Yahoo Messenger State Plugin" "Vendor"="Yahoo" "Path"="C:\Program Files\Yahoo!\Shared\npYState.dll" ------------------------------------------------------ //////////// Recherche additionnelles... \\\\\\\\\\\\\ ==== Extension supplémentaire ==== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6\extensions] =========================== Fin du rapport ===========================
- le 7 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

OK c'est fait voici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50:46, on 06/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Conexant\SmartAudio\SmAudio.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\LogProtect\LogProtect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ADEL1\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [smAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [LogProtect] C:\Program Files\LogProtect\LogProtect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O15 - Trusted Zone: http://software.kuaiche.com O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- End of file - 6525 bytes
- le 6 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:24:03, on 06/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Conexant\SmartAudio\SmAudio.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ADEL1\Mes documents\Downloads\Programs\BarreFinal401.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\ADEL1\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [smAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [LogProtect] C:\Program Files\LogProtect\LogProtect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\ADEL1\scriptjava.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O15 - Trusted Zone: http://software.kuaiche.com O20 - AppInit_DLLs: € O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- End of file - 7903 bytes
- le 6 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a répondu à un(e) sujet de gazouz33 dans Analyses et éradication malwares

voici le rapport log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by ADEL1 at 2010-02-05 12:24:41 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 34 GB (56%) free of 60 GB Total RAM: 2038 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:00, on 05/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Conexant\SmartAudio\SmAudio.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ADEL1\Mes documents\Downloads\Programs\BarreFinal401.exe C:\Documents and Settings\ADEL1\Mes documents\Downloads\Programs\RSIT.exe C:\Program Files\trend micro\ADEL1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file) O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [smAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\ADEL1\scriptjava.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O15 - Trusted Zone: http://software.kuaiche.com O20 - AppInit_DLLs: CLKERN.DLL,€ O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- End of file - 8119 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D}] VIPTToolbarManager Class - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll [2005-04-25 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - Visual IP Trace - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll [2005-04-25 32768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-09-11 172032] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032] "SmAudio"=C:\Program Files\Conexant\SmartAudio\SmAudio.exe [2007-07-24 3495240] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176] "mumservice"=C:\Program Files\Motorola\Software Update\mumservice.exe [2009-12-01 1066240] ""= [] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="CLKERN.DLL,€" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-09-11 217088] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Motorola\RSD Lite\SDL.exe"="C:\Program Files\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL" "C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu" "C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81da71fe-0b33-11df-8a55-002268ca5b9c}] shell\AutoRun\command - G:\dmrhfs.exe shell\explore\command - G:\dmrhfs.exe shell\open\command - G:\dmrhfs.exe ======List of files/folders created in the last 1 months====== 2010-02-05 12:24:42 ----D---- C:\Program Files\trend micro 2010-02-05 12:24:41 ----D---- C:\rsit 2010-02-04 20:53:51 ----D---- C:\Program Files\Visual IP Trace 2009 2010-02-03 20:22:44 ----D---- C:\Program Files\Cracklock 2010-02-02 21:51:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! 2010-02-02 21:51:31 ----A---- C:\YServer.txt 2010-02-02 15:17:31 ----D---- C:\Documents and Settings\ADEL1\Application Data\TeamViewer 2010-02-02 15:17:21 ----D---- C:\Program Files\TeamViewer 2010-02-02 12:19:56 ----D---- C:\Program Files\JDownloader 2010-01-30 16:50:00 ----D---- C:\Mes Sites Web 2010-01-30 16:49:13 ----D---- C:\Program Files\WinHTTrack 2010-01-29 15:53:47 ----A---- C:\WINDOWS\system32\winrar32.exe 2010-01-25 13:59:27 ----D---- C:\Program Files\Eggiz 2010-01-23 13:48:49 ----N---- C:\wepkey speedtouch.txt 2010-01-21 20:39:02 ----A---- C:\wepkeys_djaweb.txt 2010-01-18 10:21:34 ----D---- C:\spoolerlogs 2010-01-15 15:49:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SDI 2010-01-15 15:49:32 ----D---- C:\Documents and Settings\ADEL1\Application Data\SDI 2010-01-15 15:36:41 ----D---- C:\Program Files\AF Software 2010-01-15 15:17:51 ----N---- C:\WINDOWS\system32\wpcap.dll 2010-01-15 15:17:51 ----N---- C:\WINDOWS\system32\WanPacket.dll 2010-01-15 15:17:51 ----N---- C:\WINDOWS\system32\Packet.dll 2010-01-15 15:17:51 ----D---- C:\Program Files\Makayama 2010-01-15 14:59:42 ----D---- C:\Program Files\Abitec 2010-01-14 13:50:22 ----D---- C:\Program Files\Microsoft Windows Script 2010-01-14 13:50:17 ----D---- C:\Program Files\Fma 2010-01-14 13:50:17 ----D---- C:\Documents and Settings\ADEL1\Application Data\FMA 2010-01-14 13:26:04 ----D---- C:\Documents and Settings\ADEL1\Application Data\Globe7 2010-01-14 13:03:45 ----D---- C:\Program Files\PowerQuest 2010-01-14 12:34:15 ----D---- C:\Program Files\WebCopier 2010-01-13 20:40:32 ----SHD---- C:\RECYCLER 2010-01-13 20:33:24 ----D---- C:\WINDOWS\temp 2010-01-13 20:33:22 ----A---- C:\ComboFix.txt 2010-01-13 20:28:26 ----D---- C:\ComboFix 2010-01-13 20:24:45 ----A---- C:\wepkeys.txt 2010-01-11 10:32:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield 2010-01-11 10:31:15 ----D---- C:\Program Files\Fichiers communs\Jasc Software Inc 2010-01-11 10:31:15 ----D---- C:\Documents and Settings\ADEL1\Application Data\Jasc Software Inc 2010-01-11 10:30:33 ----D---- C:\Program Files\Jasc Software Inc 2010-01-07 13:31:34 ----A---- C:\WINDOWS\WD.INI 2010-01-07 13:31:05 ----D---- C:\CIM10 2010-01-07 13:31:03 ----D---- C:\HSF 2010-01-06 10:56:33 ----D---- C:\Downloads 2010-01-06 10:56:11 ----D---- C:\Program Files\BitComet 2010-01-06 10:26:39 ----D---- C:\Program Files\freebird 2010-01-06 09:55:08 ----A---- C:\WINDOWS\zip.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\SWSC.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\SWREG.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\sed.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\PEV.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\NIRCMD.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\MBR.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\grep.exe 2010-01-06 09:55:01 ----D---- C:\WINDOWS\ERDNT 2010-01-06 09:54:34 ----AD---- C:\Qoobox ======List of files/folders modified in the last 1 months====== 2010-02-05 12:24:47 ----D---- C:\WINDOWS\Prefetch 2010-02-05 12:24:42 ----RD---- C:\Program Files 2010-02-05 12:21:51 ----D---- C:\Program Files\Mozilla Firefox 2010-02-05 12:21:32 ----D---- C:\WINDOWS\system32 2010-02-04 20:54:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-02-04 20:52:14 ----D---- C:\Documents and Settings\ADEL1\Application Data\DMCache 2010-02-04 20:50:04 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-03 21:45:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-02 21:51:09 ----D---- C:\Program Files\Yahoo! 2010-02-02 13:58:44 ----D---- C:\Documents and Settings\ADEL1\Application Data\uTorrent 2010-01-30 20:46:16 ----D---- C:\Documents and Settings\ADEL1\Application Data\IDM 2010-01-27 12:55:42 ----D---- C:\WINDOWS 2010-01-25 22:11:11 ----A---- C:\WINDOWS\NeroDigital.ini 2010-01-19 20:02:48 ----RSD---- C:\WINDOWS\Fonts 2010-01-16 12:48:39 ----ASH---- C:\boot.ini 2010-01-16 00:20:36 ----SHD---- C:\WINDOWS\Installer 2010-01-16 00:20:36 ----D---- C:\Config.Msi 2010-01-15 15:17:51 ----D---- C:\WINDOWS\system32\drivers 2010-01-15 15:07:27 ----D---- C:\WINDOWS\system32\appmgmt 2010-01-15 14:33:32 ----SHD---- C:\System Volume Information 2010-01-15 14:33:32 ----D---- C:\WINDOWS\system32\Restore 2010-01-14 13:50:24 ----HD---- C:\WINDOWS\inf 2010-01-14 13:04:01 ----HD---- C:\Program Files\InstallShield Installation Information 2010-01-13 20:31:18 ----A---- C:\WINDOWS\system.ini 2010-01-11 10:31:40 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-11 10:31:39 ----D---- C:\Program Files\Fichiers communs\InstallShield 2010-01-11 10:31:15 ----D---- C:\Program Files\Fichiers communs 2010-01-10 13:38:00 ----D---- C:\WINDOWS\AppPatch 2010-01-10 12:13:29 ----SD---- C:\Documents and Settings\ADEL1\Application Data\Microsoft 2010-01-07 13:31:27 ----A---- C:\WINDOWS\win.ini 2010-01-07 10:59:26 ----D---- C:\Program Files\Internet Download Manager 2010-01-06 10:07:29 ----RSD---- C:\WINDOWS\assembly 2010-01-06 10:07:29 ----D---- C:\WINDOWS\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-13 225664] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-29 56816] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-06-27 1315776] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-12-18 732160] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-07 12288] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520] R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2009-06-19 19712] S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320] S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2009-05-08 42752] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-10-27 23936] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512] S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2010-01-04 22768] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2008-07-07 467029] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-29 185089] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-09 91392] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- et le rapport info.txt info.txt logfile of random's system information tool 1.06 2010-02-05 12:25:02 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002} Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x040c -removeonly Avanquest update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x40c Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bit Che-->"C:\Program Files\Bit Che\unins000.exe" BitComet 1.17-->C:\Program Files\BitComet\uninst.exe Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -I*.INF Easy WiFi Radar PRO 1.0.0-->C:\PROGRA~1\Makayama\EASYWI~1\Setup.exe /remove /q0 EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036 HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -ITE1HER5m.inf HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HP Officejet K7100 Series Toolbox-->MsiExec.exe /X{C9F9BEAE-3963-41D3-B970-CA60C6A71179} HP Officejet K7100 Series-->C:\Program Files\HP\Digital Imaging\{297A3C8E-6650-4311-B7B9-C1516FBBEEF7}\setup\hpzscr01.exe -datfile hpwscr13.dat -forcereboot HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} JDownloader-->C:\Program Files\JDownloader\uninstall.exe Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Meteo Fusion 1.5.9.11-->"C:\Program Files\Eggiz\Meteo Fusion\unins000.exe" MicroBest Cracklock 3.8.4-->"C:\Program Files\Cracklock\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Motorola Phone Tools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x40c -removeonly Motorola Software Update-->MsiExec.exe /I{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914} Motorola USB Drivers v2.9-->MsiExec.exe /X{86EB9B75-C7F8-4D7D-A032-6C5858757525} Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801036} ooVoo-->"C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x040c -removeonly OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33} PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} RSDLite-->MsiExec.exe /I{FBEA1DA0-5289-4B11-983C-3D9FA03E670F} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SIW version 2009-03-17-->"C:\Program Files\SIW\unins000.exe" SmartAudio-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801 TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe Visual IP Trace-->"C:\Program Files\Visual IP Trace 2009\Uninstall.exe" "C:\Program Files\Visual IP Trace 2009" Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.43-9-->"C:\Program Files\WinHTTrack\unins000.exe" XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe" Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: PC-ADEL Event Code: 7036 Message: Le service WEP/WPA-PMK key recovery service est entré dans l'état : en cours d'exécution. Record Number: 1202 Source Name: Service Control Manager Time Written: 20100113202445.000000+000 Event Type: Informations User: Computer Name: PC-ADEL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Pilote de filtre de trafic IP. Record Number: 1201 Source Name: Service Control Manager Time Written: 20100113202252.000000+000 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: PC-ADEL Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté. Record Number: 1200 Source Name: Service Control Manager Time Written: 20100113202246.000000+000 Event Type: Informations User: Computer Name: PC-ADEL Event Code: 7036 Message: Le service hpqwmiex est entré dans l'état : en cours d'exécution. Record Number: 1199 Source Name: Service Control Manager Time Written: 20100113202241.000000+000 Event Type: Informations User: Computer Name: PC-ADEL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service hpqwmiex. Record Number: 1198 Source Name: Service Control Manager Time Written: 20100113202241.000000+000 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20091209112736.000000+000 Event Type: Informations User: Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20091209112730.000000+000 Event Type: Informations User: Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20091209112541.000000+000 Event Type: Informations User: Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20091209112455.000000+000 Event Type: Informations User: Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20091209112454.000000+000 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF---------------
- le 5 février 2010
- 19 réponses
MBAM bloque IP (c'est une attaque ?)

gazouz33 a posté un sujet dans Analyses et éradication malwares

Bonjour Depuis quelque temps, malwarebytes antimalware (MBAM) n'arrête pas de me signaler qu'il a bloqué l'accès à une IP malveillante même quand je n'ai aucune activité sur le net (je ne surf pas, je je n'ai aucun page ouverte, je ne télécharge pas). J'ai fait un scan de Avira antivir, aucun fichier infecté, j'ai fait un examen complet de MBAM et il n'a rien trouvé. Quelqu'un purrait il me dire à quoi je suis confronté et quelle est la solution ? voici un screen et l'adresse IP (qui est toujours la même qui proviendrait de Hollande d'après un site de trace IP). merci
- le 4 février 2010
- 19 réponses
[Résolu] Fichier AVI "cassé"

gazouz33 a répondu à un(e) sujet de le concombre masqué dans Software

Ayant galèré aussi avant de pouvoir réparer un AVI cassé, j'ai utilisé DivFix et ça a très bien marché; et c'est très rapide en plus. Voila suivez ces instructions et ça ira mieux pour votre film: 1-Installer DivFix (bien sur) 2- Lancez le 3- lancer DivFix 4- ouvrir le fichier .avi corrompu 5- cocher "keep original" 6- cocher "Cut out bad parts" 7- cliquez sur "Rebuild Index" 8- ensuite sur "Strip Index" et c'est fini, vous trouverez le nouveau fichier dans le même dossier que le fichier original
- le 20 janvier 2010
- 3 réponses

Connexion

gazouz33

Compteur de contenus

Inscription

Dernière visite

À propos de gazouz33

Profile Information

Autres informations

gazouz33's Achievements

Member (4/12)

Réputation sur la communauté

[résolu]Impossible de voir la MAJ avira en manual update

[résolu]Impossible de voir la MAJ avira en manual update

[résolu]Impossible de voir la MAJ avira en manual update

[résolu]Impossible de voir la MAJ avira en manual update

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

MBAM bloque IP (c'est une attaque ?)

[Résolu] Fichier AVI "cassé"

Zebulon

Outils en ligne

Naviguer