Aller au contenu

gazouz33

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    40

  • Inscription

  • Dernière visite

Tout ce qui a été posté par gazouz33

  1. gazouz33
    En effet, le problème est réglé après avoir téléchargé la bonne MAJ. Merci pour votre aide
  2. gazouz33
    Aucune suggestion ???
  3. gazouz33
    Non ça n'a rien donné. La MAJ est toujours invisible et MBAM n'a rien détecté
  4. gazouz33
    Bonjour. Voici mon problème ou mes problèmes. En faisant une mise à jour d'avira après avoir téléchargé le fichier de base de définition .zip, je ne peux pas le voir or, quand j'y accède avec windows je le trouve bien à sa place. J'ai pensé à une version obsolète du zip et j'ai retéléchargé le fichier zip mais il reste invisible. en deuxième lieu, MBAM n'arrête pas de bloquer des IP même quand je suis hors connexion voici un écran vous pourrez voir que le zip est bien là mais avira ne le "voit" pas je poste aussi un rapport Hijack et merci pour votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:40:21, on 04/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\xltCertPropUI.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Borland\InterBase\bin\ibguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\xltCCam.exe C:\Program Files\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Documents and Settings\ADEL\Mes documents\Downloads\Programs\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adserver.adtech.de/adlink|224|24050...ws.autoplus.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [xltCertPropUI] C:\WINDOWS\system32\xltCertPropUI.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100 O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe O23 - Service: Axalto Smart Card CAM Service (xltCCam) - Axalto Inc. - C:\WINDOWS\system32\xltCCam.exe -- End of file - 6693 bytes
  5. gazouz33
    Merci pour tout surtout pour votre attention mais avant de vous laisser à vos occupations j'aimerai quand même vous poser quelques question 1- Dois je changer d'AV puisque avira (que je met à jour quotidiennement et je scan tous les 4 o 5 jours) apparemment n'a rien vu de cette infection ? 2- Comment faire pour télécharger une nouvelle base de définition de MBAM ? Merci infiniment EDIT: MBAM continue d'afficher le même message mais l'IP a changé
  6. gazouz33
    Cette fois il a mis près de 10 mn pour afficher le compte-rendu est ce normal ? ComboFix 10-02-06.03 - ADEL1 07/02/2010 18:26:51.6.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1507 [GMT 0:00] Lancé depuis: c:\documents and settings\ADEL1\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\ADEL1\Bureau\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 )))))))))))))))))))))))))))))))))))) . 2010-02-06 18:35 . 2010-02-07 16:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\abelhadigital.com 2010-02-05 19:13 . 2010-02-07 16:39 -------- d-----w- C:\Temp 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\documents and settings\ADEL1\Application Data\LogProtect 2010-02-05 17:58 . 2010-02-07 16:41 -------- d-----w- c:\program files\LogProtect 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- c:\program files\trend micro 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- C:\rsit 2010-02-04 20:53 . 2010-02-04 20:55 -------- d-----w- c:\documents and settings\ADEL1\vw 2010-02-04 20:53 . 2010-02-04 20:53 -------- d-----w- c:\documents and settings\ADEL1\Visual IP Trace 2010-02-02 21:51 . 2010-02-02 21:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! 2010-02-02 15:17 . 2010-02-02 15:17 -------- d-----w- c:\documents and settings\ADEL1\Application Data\TeamViewer 2010-02-02 15:17 . 2010-02-05 17:19 -------- d-----w- c:\program files\TeamViewer 2010-02-02 12:19 . 2010-02-02 12:45 -------- d-----w- c:\program files\JDownloader 2010-01-30 16:50 . 2010-02-02 12:12 -------- d-----w- C:\Mes Sites Web 2010-01-30 16:49 . 2010-01-30 16:49 -------- d-----w- c:\program files\WinHTTrack 2010-01-25 21:58 . 2010-01-25 21:58 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Eggiz 2010-01-25 13:59 . 2010-01-25 13:59 -------- d-----w- c:\program files\Eggiz 2010-01-18 10:21 . 2010-01-18 10:21 -------- d-----w- C:\spoolerlogs 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SDI 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\ADEL1\Application Data\SDI 2010-01-15 15:36 . 2010-01-15 15:36 -------- d-----w- c:\program files\AF Software 2010-01-15 15:17 . 2010-01-15 15:17 -------- d-----w- c:\program files\Makayama 2010-01-15 14:59 . 2010-01-15 14:59 -------- d-----w- c:\program files\Abitec 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\program files\Microsoft Windows Script 2010-01-14 13:50 . 2010-01-14 13:55 -------- d-----w- c:\program files\Fma 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FMA 2010-01-14 13:26 . 2010-01-14 13:26 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Globe7 2010-01-14 13:03 . 2010-01-14 13:03 -------- d-----w- c:\program files\PowerQuest 2010-01-14 12:34 . 2010-01-14 12:36 -------- d-----w- c:\program files\WebCopier 2010-01-11 11:38 . 2010-01-11 11:45 2452037 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_87\mpcstar_setup.exe 2010-01-11 11:37 . 2010-01-11 11:37 1157 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_86\mpcstar_setup.exe 2010-01-11 10:32 . 2010-01-11 10:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield 2010-01-11 10:31 . 2010-01-11 10:32 -------- d-----w- c:\program files\Fichiers communs\Jasc Software Inc 2010-01-11 10:31 . 2010-01-11 10:31 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Jasc Software Inc 2010-01-11 10:30 . 2010-01-11 10:31 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-10 12:13 . 2010-01-10 12:13 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Identities 2010-01-10 11:24 . 2010-01-10 11:24 -------- d-s---w- c:\documents and settings\ADEL1\UserData . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-07 18:08 . 2002-09-07 00:00 71686 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-07 18:08 . 2002-09-07 00:00 458886 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-07 17:58 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\DMCache 2010-02-07 16:41 . 2009-06-21 12:00 -------- d-----w- c:\program files\ooVoo 2010-02-06 18:34 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\IDM 2010-02-03 20:57 . 2010-02-02 12:31 0 ----a-w- c:\documents and settings\ADEL1\errorlog.tmp 2010-02-02 21:51 . 2009-06-02 15:08 -------- d-----w- c:\program files\Yahoo! 2010-02-02 13:58 . 2010-01-05 12:07 -------- d-----w- c:\documents and settings\ADEL1\Application Data\uTorrent 2010-01-27 14:41 . 2009-12-09 14:27 1 ----a-w- c:\documents and settings\ADEL1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-21 20:34 . 2009-12-28 12:49 88880 ----a-w- c:\documents and settings\ADEL1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-17 13:01 . 2010-01-06 10:56 -------- d-----w- c:\program files\BitComet 2010-01-14 13:04 . 2009-04-17 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-11 10:31 . 2009-04-17 19:43 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-07 10:59 . 2009-05-10 10:48 -------- d-----w- c:\program files\Internet Download Manager 2010-01-06 13:27 . 2010-01-06 13:27 198064 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 10:56 . 2010-01-06 10:56 1036288 ----a-w- c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-06 10:28 . 2010-01-06 10:26 -------- d-----w- c:\program files\freebird 2010-01-05 12:07 . 2010-01-05 12:07 -------- d-----w- c:\program files\uTorrent 2010-01-05 11:55 . 2010-01-05 11:54 -------- d-----w- c:\documents and settings\ADEL1\Application Data\ooVoo Details 2010-01-05 11:24 . 2010-01-05 11:24 305 ----a-w- c:\windows\system32\secushr.dat 2010-01-05 11:23 . 2010-01-05 11:23 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FlashGet 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-04 14:22 . 2010-01-04 14:21 -------- d-----w- c:\program files\Fichiers communs\Motorola Shared 2010-01-04 14:21 . 2010-01-04 12:04 -------- d-----w- c:\program files\Motorola 2010-01-04 12:19 . 2010-01-04 12:19 40960 ----a-r- c:\documents and settings\ADEL1\Application Data\Microsoft\Installer\{86EB9B75-C7F8-4D7D-A032-6C5858757525}\ARPPRODUCTICON.exe 2010-01-04 09:47 . 2010-01-04 09:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software 2010-01-04 09:42 . 2010-01-04 09:42 -------- d-----w- c:\program files\Avanquest update 2010-01-04 09:42 . 2010-01-04 09:41 -------- d-----w- c:\program files\Motorola Phone Tools 2010-01-04 09:41 . 2010-01-04 09:41 25600 ----a-w- c:\documents and settings\ADEL1\usbsermptxp.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\documents and settings\ADEL1\usbsermpt.sys 2010-01-03 10:40 . 2009-07-01 10:36 -------- d-----w- c:\program files\Bit Che 2010-01-03 10:40 . 2010-01-03 10:40 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Convivea 2009-12-29 10:11 . 2009-06-23 14:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Malwarebytes 2009-12-28 13:38 . 2009-04-17 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-12-26 19:28 . 2009-12-26 01:22 -------- d-----w- c:\program files\Ontrack 2009-12-20 13:59 . 2009-05-13 10:15 -------- d-----w- c:\program files\FLV Player 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-20 10:25 . 2009-04-17 12:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-12-16 15:55 . 2009-12-09 12:26 586106 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-12-16 15:54 . 2009-12-09 12:26 369014 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-12-16 15:54 . 2009-12-09 12:26 237943 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2009-12-16 15:39 . 2009-12-16 15:39 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Ahead 2009-12-16 15:17 . 2009-12-16 15:17 -------- d-----w- c:\program files\XviD 2009-12-14 22:10 . 2009-12-14 22:10 -------- d-----w- c:\documents and settings\ADEL1\Application Data\vlc 2009-12-10 14:43 . 2009-12-09 12:26 127348 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2009-12-10 14:43 . 2009-12-09 12:26 180598 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2009-12-09 14:07 . 2009-12-09 14:04 77040 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_8\win2k_xp14363.exe 2009-12-09 13:48 . 2009-12-09 13:48 0 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_4\win2k_xp14363.exe 2009-12-09 13:19 . 2009-12-09 13:19 181680 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc02\components\idmmzcc.dll 2009-12-09 13:01 . 2009-12-09 11:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-09 12:32 . 2009-12-09 12:22 133192 ----a-w- c:\windows\hpwins13.dat 2009-12-09 12:29 . 2009-12-09 12:29 0 ----a-w- c:\windows\nsreg.dat 2009-12-09 11:28 . 2009-12-09 11:28 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-07 11:51 . 2009-04-21 09:41 1 ----a-w- c:\documents and settings\ADEL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-07 10:30 . 2009-12-09 12:26 2183544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2009-12-01 13:49 . 2009-07-01 12:33 64 ----a-w- c:\documents and settings\ADEL\errorlog.tmp 2009-11-30 20:30 . 2009-12-09 12:26 479605 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2009-11-20 12:05 . 2009-12-09 12:26 246132 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll . ((((((((((((((((((((((((((((( SnapShot@2010-02-07_16.32.33 ))))))))))))))))))))))))))))))))))))))))) . - 2002-09-07 00:00 . 2010-02-07 12:16 58930 c:\windows\system32\perfc009.dat + 2002-09-07 00:00 . 2010-02-07 18:08 58930 c:\windows\system32\perfc009.dat + 2002-09-07 00:00 . 2010-02-07 18:08 392630 c:\windows\system32\perfh009.dat - 2002-09-07 00:00 . 2010-02-07 12:16 392630 c:\windows\system32\perfh009.dat + 2004-08-04 03:14 . 2008-04-13 12:20 361344 c:\windows\system32\dllcache\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032] "SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-12-01 1066240] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "42890:TCP"= 42890:TCP:utor "42890:UDP"= 42890:UDP:utor "443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo "10984:TCP"= 10984:TCP:BitComet 10984 TCP "10984:UDP"= 10984:UDP:BitComet 10984 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/06/2009 14:57 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2009 18:46 269648] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [04/01/2010 14:22 91392] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/12/2009 13:38 19160] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [04/01/2010 14:22 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [04/01/2010 14:22 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [04/01/2010 14:22 42752] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm Trusted Zone: chat-land.org Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\ FF - component: c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-07 18:32 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):e9,9f,41,50,df,39,34,a1,f5,47,7c,a5,dd,87,85,2b,8c,5c,1c,f2,40, bc,24,af,49,25,84,8e,e6,ad,7c,7c,14,0d,88,d5,76,f7,f8,74,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a131821-1a88-43ff-a385-7946cc3ea724}] @Denied: (Full) (Everyone) "Model"=dword:00000005 "Therad"=dword:0000001b [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):7d,f6,21,d2,33,72,32,f9,42,f4,f8,9c,7b,e1,d2,3e,d5,4c,fe,69,16, b8,f8,ff,b7,72,3e,b4,0a,a1,8a,05,f6,71,95,8c,ef,16,78,a7,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0c97009-4299-4455-bab4-d28d0e73f920}] @Denied: (Full) (Everyone) "Model"=dword:00000023 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(980) c:\windows\system32\athgina.dll - - - - - - - > 'explorer.exe'(2876) c:\windows\system32\eappprxy.dll c:\program files\Internet Download Manager\IDMIECC.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Internet Download Manager\idmmkb.dll c:\program files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Motorola\MotoConnectService\MotoConnect.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-02-07 18:35:50 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-07 18:35 ComboFix2.txt 2010-02-07 18:08 ComboFix3.txt 2010-02-07 16:35 ComboFix4.txt 2010-01-13 20:33 ComboFix5.txt 2010-02-07 18:26 Avant-CF: 35 127 562 240 octets libres Après-CF: 35 093 577 728 octets libres - - End Of File - - E52EC76C6C7613C4C07D8A8A51C6252D
  7. gazouz33
    Désolé pour la bourde voici le rapport combofix ComboFix 10-02-06.03 - ADEL1 07/02/2010 17:59:15.5.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1499 [GMT 0:00] Lancé depuis: c:\documents and settings\ADEL1\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\ADEL1\Bureau\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\documents and settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\searchplugins\cherche.xml" "c:\documents and settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\searchplugins\cherche.xml" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\searchplugins\cherche.xml c:\documents and settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\searchplugins\cherche.xml . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 )))))))))))))))))))))))))))))))))))) . 2010-02-06 18:35 . 2010-02-07 16:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\abelhadigital.com 2010-02-05 19:13 . 2010-02-07 16:39 -------- d-----w- C:\Temp 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\documents and settings\ADEL1\Application Data\LogProtect 2010-02-05 17:58 . 2010-02-07 16:41 -------- d-----w- c:\program files\LogProtect 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- c:\program files\trend micro 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- C:\rsit 2010-02-04 20:53 . 2010-02-04 20:55 -------- d-----w- c:\documents and settings\ADEL1\vw 2010-02-04 20:53 . 2010-02-04 20:53 -------- d-----w- c:\documents and settings\ADEL1\Visual IP Trace 2010-02-02 21:51 . 2010-02-02 21:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! 2010-02-02 15:17 . 2010-02-02 15:17 -------- d-----w- c:\documents and settings\ADEL1\Application Data\TeamViewer 2010-02-02 15:17 . 2010-02-05 17:19 -------- d-----w- c:\program files\TeamViewer 2010-02-02 12:19 . 2010-02-02 12:45 -------- d-----w- c:\program files\JDownloader 2010-01-30 16:50 . 2010-02-02 12:12 -------- d-----w- C:\Mes Sites Web 2010-01-30 16:49 . 2010-01-30 16:49 -------- d-----w- c:\program files\WinHTTrack 2010-01-25 21:58 . 2010-01-25 21:58 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Eggiz 2010-01-25 13:59 . 2010-01-25 13:59 -------- d-----w- c:\program files\Eggiz 2010-01-18 10:21 . 2010-01-18 10:21 -------- d-----w- C:\spoolerlogs 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SDI 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\ADEL1\Application Data\SDI 2010-01-15 15:36 . 2010-01-15 15:36 -------- d-----w- c:\program files\AF Software 2010-01-15 15:17 . 2010-01-15 15:17 -------- d-----w- c:\program files\Makayama 2010-01-15 14:59 . 2010-01-15 14:59 -------- d-----w- c:\program files\Abitec 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\program files\Microsoft Windows Script 2010-01-14 13:50 . 2010-01-14 13:55 -------- d-----w- c:\program files\Fma 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FMA 2010-01-14 13:26 . 2010-01-14 13:26 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Globe7 2010-01-14 13:03 . 2010-01-14 13:03 -------- d-----w- c:\program files\PowerQuest 2010-01-14 12:34 . 2010-01-14 12:36 -------- d-----w- c:\program files\WebCopier 2010-01-11 11:38 . 2010-01-11 11:45 2452037 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_87\mpcstar_setup.exe 2010-01-11 11:37 . 2010-01-11 11:37 1157 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_86\mpcstar_setup.exe 2010-01-11 10:32 . 2010-01-11 10:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield 2010-01-11 10:31 . 2010-01-11 10:32 -------- d-----w- c:\program files\Fichiers communs\Jasc Software Inc 2010-01-11 10:31 . 2010-01-11 10:31 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Jasc Software Inc 2010-01-11 10:30 . 2010-01-11 10:31 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-10 12:13 . 2010-01-10 12:13 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Identities 2010-01-10 11:24 . 2010-01-10 11:24 -------- d-s---w- c:\documents and settings\ADEL1\UserData . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-07 17:58 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\DMCache 2010-02-07 16:41 . 2009-06-21 12:00 -------- d-----w- c:\program files\ooVoo 2010-02-07 16:36 . 2002-09-07 00:00 71686 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-07 16:36 . 2002-09-07 00:00 458886 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-06 18:34 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\IDM 2010-02-03 20:57 . 2010-02-02 12:31 0 ----a-w- c:\documents and settings\ADEL1\errorlog.tmp 2010-02-02 21:51 . 2009-06-02 15:08 -------- d-----w- c:\program files\Yahoo! 2010-02-02 13:58 . 2010-01-05 12:07 -------- d-----w- c:\documents and settings\ADEL1\Application Data\uTorrent 2010-01-27 14:41 . 2009-12-09 14:27 1 ----a-w- c:\documents and settings\ADEL1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-21 20:34 . 2009-12-28 12:49 88880 ----a-w- c:\documents and settings\ADEL1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-17 13:01 . 2010-01-06 10:56 -------- d-----w- c:\program files\BitComet 2010-01-14 13:04 . 2009-04-17 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-11 10:31 . 2009-04-17 19:43 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-07 10:59 . 2009-05-10 10:48 -------- d-----w- c:\program files\Internet Download Manager 2010-01-06 13:27 . 2010-01-06 13:27 198064 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 10:56 . 2010-01-06 10:56 1036288 ----a-w- c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-06 10:28 . 2010-01-06 10:26 -------- d-----w- c:\program files\freebird 2010-01-05 12:07 . 2010-01-05 12:07 -------- d-----w- c:\program files\uTorrent 2010-01-05 11:55 . 2010-01-05 11:54 -------- d-----w- c:\documents and settings\ADEL1\Application Data\ooVoo Details 2010-01-05 11:24 . 2010-01-05 11:24 305 ----a-w- c:\windows\system32\secushr.dat 2010-01-05 11:23 . 2010-01-05 11:23 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FlashGet 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-04 14:22 . 2010-01-04 14:21 -------- d-----w- c:\program files\Fichiers communs\Motorola Shared 2010-01-04 14:21 . 2010-01-04 12:04 -------- d-----w- c:\program files\Motorola 2010-01-04 12:19 . 2010-01-04 12:19 40960 ----a-r- c:\documents and settings\ADEL1\Application Data\Microsoft\Installer\{86EB9B75-C7F8-4D7D-A032-6C5858757525}\ARPPRODUCTICON.exe 2010-01-04 09:47 . 2010-01-04 09:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software 2010-01-04 09:42 . 2010-01-04 09:42 -------- d-----w- c:\program files\Avanquest update 2010-01-04 09:42 . 2010-01-04 09:41 -------- d-----w- c:\program files\Motorola Phone Tools 2010-01-04 09:41 . 2010-01-04 09:41 25600 ----a-w- c:\documents and settings\ADEL1\usbsermptxp.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\documents and settings\ADEL1\usbsermpt.sys 2010-01-03 10:40 . 2009-07-01 10:36 -------- d-----w- c:\program files\Bit Che 2010-01-03 10:40 . 2010-01-03 10:40 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Convivea 2009-12-29 10:11 . 2009-06-23 14:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Malwarebytes 2009-12-28 13:38 . 2009-04-17 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-12-26 19:28 . 2009-12-26 01:22 -------- d-----w- c:\program files\Ontrack 2009-12-20 13:59 . 2009-05-13 10:15 -------- d-----w- c:\program files\FLV Player 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-20 10:25 . 2009-04-17 12:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-12-16 15:55 . 2009-12-09 12:26 586106 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-12-16 15:54 . 2009-12-09 12:26 369014 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-12-16 15:54 . 2009-12-09 12:26 237943 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2009-12-16 15:39 . 2009-12-16 15:39 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Ahead 2009-12-16 15:17 . 2009-12-16 15:17 -------- d-----w- c:\program files\XviD 2009-12-14 22:10 . 2009-12-14 22:10 -------- d-----w- c:\documents and settings\ADEL1\Application Data\vlc 2009-12-10 14:43 . 2009-12-09 12:26 127348 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2009-12-10 14:43 . 2009-12-09 12:26 180598 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2009-12-09 14:07 . 2009-12-09 14:04 77040 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_8\win2k_xp14363.exe 2009-12-09 13:48 . 2009-12-09 13:48 0 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_4\win2k_xp14363.exe 2009-12-09 13:19 . 2009-12-09 13:19 181680 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc02\components\idmmzcc.dll 2009-12-09 13:01 . 2009-12-09 11:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-09 12:32 . 2009-12-09 12:22 133192 ----a-w- c:\windows\hpwins13.dat 2009-12-09 12:29 . 2009-12-09 12:29 0 ----a-w- c:\windows\nsreg.dat 2009-12-09 11:28 . 2009-12-09 11:28 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-07 11:51 . 2009-04-21 09:41 1 ----a-w- c:\documents and settings\ADEL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-07 10:30 . 2009-12-09 12:26 2183544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2009-12-01 13:49 . 2009-07-01 12:33 64 ----a-w- c:\documents and settings\ADEL\errorlog.tmp 2009-11-30 20:30 . 2009-12-09 12:26 479605 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2009-11-20 12:05 . 2009-12-09 12:26 246132 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll . ------- Sigcheck ------- [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2010-02-07_16.32.33 ))))))))))))))))))))))))))))))))))))))))) . - 2002-09-07 00:00 . 2010-02-07 12:16 58930 c:\windows\system32\perfc009.dat + 2002-09-07 00:00 . 2010-02-07 16:36 58930 c:\windows\system32\perfc009.dat + 2002-09-07 00:00 . 2010-02-07 16:36 392630 c:\windows\system32\perfh009.dat - 2002-09-07 00:00 . 2010-02-07 12:16 392630 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032] "SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-12-01 1066240] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "42890:TCP"= 42890:TCP:utor "42890:UDP"= 42890:UDP:utor "443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo "10984:TCP"= 10984:TCP:BitComet 10984 TCP "10984:UDP"= 10984:UDP:BitComet 10984 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/06/2009 14:57 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2009 18:46 269648] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [04/01/2010 14:22 91392] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/12/2009 13:38 19160] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [04/01/2010 14:22 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [04/01/2010 14:22 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [04/01/2010 14:22 42752] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm Trusted Zone: chat-land.org Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cherche.us/ FF - component: c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-07 18:05 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):e9,9f,41,50,df,39,34,a1,f5,47,7c,a5,dd,87,85,2b,8c,5c,1c,f2,40, bc,24,af,49,25,84,8e,e6,ad,7c,7c,14,0d,88,d5,76,f7,f8,74,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a131821-1a88-43ff-a385-7946cc3ea724}] @Denied: (Full) (Everyone) "Model"=dword:00000005 "Therad"=dword:0000001b [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):7d,f6,21,d2,33,72,32,f9,42,f4,f8,9c,7b,e1,d2,3e,d5,4c,fe,69,16, b8,f8,ff,b7,72,3e,b4,0a,a1,8a,05,f6,71,95,8c,ef,16,78,a7,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0c97009-4299-4455-bab4-d28d0e73f920}] @Denied: (Full) (Everyone) "Model"=dword:00000023 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(980) c:\windows\system32\athgina.dll - - - - - - - > 'explorer.exe'(2404) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE . ************************************************************************** . Heure de fin: 2010-02-07 18:08:19 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-07 18:08 ComboFix2.txt 2010-02-07 16:35 ComboFix3.txt 2010-01-13 20:33 ComboFix4.txt 2010-01-10 13:40 ComboFix5.txt 2010-02-07 17:42 Avant-CF: 35 137 912 832 octets libres Après-CF: 35 118 702 592 octets libres - - End Of File - - E89783E998C202A1B9966028B8E56E9B
  8. gazouz33
    j'ai téléchargé de lien et il c'est un fichier html pas txt comme sur l'exemple j'ai quand même suivi vos instruction mais apparemment il y a une erreur de script qui arrête le processus. voici une image : ça reste comme cela et combofix se ferme quand j'appuie sur ok Merci de m'éclairer
  9. gazouz33
    OK voici le compte rendu combofix : ComboFix 10-02-06.03 - ADEL1 07/02/2010 16:25:45.4.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1583 [GMT 0:00] Lancé depuis: c:\documents and settings\ADEL1\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ADEL1\x.exe C:\khq c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\WanPacket.dll c:\windows\system32\winrar32.exe c:\windows\system32\wpcap.dll D:\khq E:\khq I:\khq . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-07 au 2010-02-07 )))))))))))))))))))))))))))))))))))) . 2010-02-07 12:24 . 2010-02-07 12:26 -------- d-----w- c:\program files\Vibe Streamer 2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\abelhadigital.com 2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\documents and settings\ADEL1\Application Data\abelhadigital.com 2010-02-06 18:35 . 2010-02-06 18:35 -------- d-----w- c:\program files\HostsMan 2010-02-05 19:13 . 2010-02-07 16:27 -------- d-----w- C:\Temp 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\documents and settings\ADEL1\Application Data\LogProtect 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\program files\LogProtect 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- c:\program files\trend micro 2010-02-05 12:24 . 2010-02-05 12:25 -------- d-----w- C:\rsit 2010-02-04 20:53 . 2010-02-04 20:55 -------- d-----w- c:\documents and settings\ADEL1\vw 2010-02-04 20:53 . 2010-02-04 20:53 -------- d-----w- c:\documents and settings\ADEL1\Visual IP Trace 2010-02-02 21:51 . 2010-02-02 21:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! 2010-02-02 15:17 . 2010-02-02 15:17 -------- d-----w- c:\documents and settings\ADEL1\Application Data\TeamViewer 2010-02-02 15:17 . 2010-02-05 17:19 -------- d-----w- c:\program files\TeamViewer 2010-02-02 12:19 . 2010-02-02 12:45 -------- d-----w- c:\program files\JDownloader 2010-01-30 16:50 . 2010-02-02 12:12 -------- d-----w- C:\Mes Sites Web 2010-01-30 16:49 . 2010-01-30 16:49 -------- d-----w- c:\program files\WinHTTrack 2010-01-25 21:58 . 2010-01-25 21:58 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Eggiz 2010-01-25 13:59 . 2010-01-25 13:59 -------- d-----w- c:\program files\Eggiz 2010-01-18 10:21 . 2010-01-18 10:21 -------- d-----w- C:\spoolerlogs 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SDI 2010-01-15 15:49 . 2010-01-15 15:49 -------- d-----w- c:\documents and settings\ADEL1\Application Data\SDI 2010-01-15 15:36 . 2010-01-15 15:36 -------- d-----w- c:\program files\AF Software 2010-01-15 15:17 . 2010-01-15 15:17 -------- d-----w- c:\program files\Makayama 2010-01-15 14:59 . 2010-01-15 14:59 -------- d-----w- c:\program files\Abitec 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\program files\Microsoft Windows Script 2010-01-14 13:50 . 2010-01-14 13:55 -------- d-----w- c:\program files\Fma 2010-01-14 13:50 . 2010-01-14 13:50 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FMA 2010-01-14 13:26 . 2010-01-14 13:26 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Globe7 2010-01-14 13:03 . 2010-01-14 13:03 -------- d-----w- c:\program files\PowerQuest 2010-01-14 12:34 . 2010-01-14 12:36 -------- d-----w- c:\program files\WebCopier 2010-01-11 11:38 . 2010-01-11 11:45 2452037 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_87\mpcstar_setup.exe 2010-01-11 11:37 . 2010-01-11 11:37 1157 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\mpcstar_setup_86\mpcstar_setup.exe 2010-01-11 10:32 . 2010-01-11 10:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield 2010-01-11 10:31 . 2010-01-11 10:32 -------- d-----w- c:\program files\Fichiers communs\Jasc Software Inc 2010-01-11 10:31 . 2010-01-11 10:31 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Jasc Software Inc 2010-01-11 10:30 . 2010-01-11 10:31 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-10 12:13 . 2010-01-10 12:13 -------- d-----w- c:\documents and settings\ADEL1\Local Settings\Application Data\Identities 2010-01-10 11:24 . 2010-01-10 11:24 -------- d-s---w- c:\documents and settings\ADEL1\UserData . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-07 16:24 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\DMCache 2010-02-07 12:16 . 2002-09-07 00:00 71686 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-07 12:16 . 2002-09-07 00:00 458886 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-06 18:34 . 2009-12-09 13:19 -------- d-----w- c:\documents and settings\ADEL1\Application Data\IDM 2010-02-03 20:57 . 2010-02-02 12:31 0 ----a-w- c:\documents and settings\ADEL1\errorlog.tmp 2010-02-02 21:51 . 2009-06-02 15:08 -------- d-----w- c:\program files\Yahoo! 2010-02-02 13:58 . 2010-01-05 12:07 -------- d-----w- c:\documents and settings\ADEL1\Application Data\uTorrent 2010-01-27 14:41 . 2009-12-09 14:27 1 ----a-w- c:\documents and settings\ADEL1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-21 20:34 . 2009-12-28 12:49 88880 ----a-w- c:\documents and settings\ADEL1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-17 13:01 . 2010-01-06 10:56 -------- d-----w- c:\program files\BitComet 2010-01-14 13:04 . 2009-04-17 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-11 10:31 . 2009-04-17 19:43 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-07 10:59 . 2009-05-10 10:48 -------- d-----w- c:\program files\Internet Download Manager 2010-01-06 13:27 . 2010-01-06 13:27 198064 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 10:56 . 2010-01-06 10:56 1036288 ----a-w- c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-06 10:28 . 2010-01-06 10:26 -------- d-----w- c:\program files\freebird 2010-01-05 12:07 . 2010-01-05 12:07 -------- d-----w- c:\program files\uTorrent 2010-01-05 11:55 . 2010-01-05 11:54 -------- d-----w- c:\documents and settings\ADEL1\Application Data\ooVoo Details 2010-01-05 11:54 . 2009-06-21 12:00 -------- d-----w- c:\program files\ooVoo 2010-01-05 11:24 . 2010-01-05 11:24 305 ----a-w- c:\windows\system32\secushr.dat 2010-01-05 11:23 . 2010-01-05 11:23 -------- d-----w- c:\documents and settings\ADEL1\Application Data\FlashGet 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf 2010-01-04 14:32 . 2010-01-04 14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2010-01-04 14:23 . 2010-01-04 14:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-04 14:22 . 2010-01-04 14:21 -------- d-----w- c:\program files\Fichiers communs\Motorola Shared 2010-01-04 14:21 . 2010-01-04 12:04 -------- d-----w- c:\program files\Motorola 2010-01-04 12:19 . 2010-01-04 12:19 40960 ----a-r- c:\documents and settings\ADEL1\Application Data\Microsoft\Installer\{86EB9B75-C7F8-4D7D-A032-6C5858757525}\ARPPRODUCTICON.exe 2010-01-04 09:47 . 2010-01-04 09:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software 2010-01-04 09:42 . 2010-01-04 09:42 -------- d-----w- c:\program files\Avanquest update 2010-01-04 09:42 . 2010-01-04 09:41 -------- d-----w- c:\program files\Motorola Phone Tools 2010-01-04 09:41 . 2010-01-04 09:41 25600 ----a-w- c:\documents and settings\ADEL1\usbsermptxp.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys 2010-01-04 09:41 . 2010-01-04 09:41 22768 ----a-w- c:\documents and settings\ADEL1\usbsermpt.sys 2010-01-03 10:40 . 2009-07-01 10:36 -------- d-----w- c:\program files\Bit Che 2010-01-03 10:40 . 2010-01-03 10:40 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Convivea 2009-12-29 10:11 . 2009-06-23 14:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Malwarebytes 2009-12-28 13:38 . 2009-04-17 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-12-26 19:28 . 2009-12-26 01:22 -------- d-----w- c:\program files\Ontrack 2009-12-20 13:59 . 2009-05-13 10:15 -------- d-----w- c:\program files\FLV Player 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-12-20 10:26 . 2009-12-20 10:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-20 10:25 . 2009-04-17 12:36 -------- d-----w- c:\program files\Hewlett-Packard 2009-12-16 15:55 . 2009-12-09 12:26 586106 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-12-16 15:54 . 2009-12-09 12:26 369014 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-12-16 15:54 . 2009-12-09 12:26 237943 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2009-12-16 15:39 . 2009-12-16 15:39 -------- d-----w- c:\documents and settings\ADEL1\Application Data\Ahead 2009-12-16 15:17 . 2009-12-16 15:17 -------- d-----w- c:\program files\XviD 2009-12-14 22:10 . 2009-12-14 22:10 -------- d-----w- c:\documents and settings\ADEL1\Application Data\vlc 2009-12-10 14:43 . 2009-12-09 12:26 127348 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2009-12-10 14:43 . 2009-12-09 12:26 180598 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2009-12-09 14:07 . 2009-12-09 14:04 77040 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_8\win2k_xp14363.exe 2009-12-09 13:48 . 2009-12-09 13:48 0 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\DwnlData\ADEL1\win2k_xp14363_4\win2k_xp14363.exe 2009-12-09 13:19 . 2009-12-09 13:19 181680 ----a-w- c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc02\components\idmmzcc.dll 2009-12-09 13:01 . 2009-12-09 11:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-09 12:32 . 2009-12-09 12:22 133192 ----a-w- c:\windows\hpwins13.dat 2009-12-09 12:29 . 2009-12-09 12:29 0 ----a-w- c:\windows\nsreg.dat 2009-12-09 11:28 . 2009-12-09 11:28 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-07 11:51 . 2009-04-21 09:41 1 ----a-w- c:\documents and settings\ADEL\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-07 10:30 . 2009-12-09 12:26 2183544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2009-12-01 13:49 . 2009-07-01 12:33 64 ----a-w- c:\documents and settings\ADEL\errorlog.tmp 2009-11-30 20:30 . 2009-12-09 12:26 479605 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2009-11-20 12:05 . 2009-12-09 12:26 246132 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll . ------- Sigcheck ------- [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032] "SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-12-01 1066240] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "LogProtect"="c:\program files\LogProtect\LogProtect.exe" [2010-01-07 3910144] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\ooVoo\\ooVoo.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "42890:TCP"= 42890:TCP:utor "42890:UDP"= 42890:UDP:utor "443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo "10984:TCP"= 10984:TCP:BitComet 10984 TCP "10984:UDP"= 10984:UDP:BitComet 10984 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/06/2009 14:57 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2009 18:46 269648] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [04/01/2010 14:22 91392] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/12/2009 13:38 19160] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [04/01/2010 14:22 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [04/01/2010 14:22 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [04/01/2010 14:22 42752] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm Trusted Zone: chat-land.org Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\ FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr) FF - prefs.js: browser.startup.homepage - hxxp://www.cherche.us/ FF - prefs.js: keyword.URL - hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q= FF - component: c:\documents and settings\ADEL1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\ADEL1\Application Data\Mozilla\Firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-07 16:32 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):e9,9f,41,50,df,39,34,a1,f5,47,7c,a5,dd,87,85,2b,8c,5c,1c,f2,40, bc,24,af,49,25,84,8e,e6,ad,7c,7c,14,0d,88,d5,76,f7,f8,74,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a131821-1a88-43ff-a385-7946cc3ea724}] @Denied: (Full) (Everyone) "Model"=dword:00000005 "Therad"=dword:0000001b [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):7d,f6,21,d2,33,72,32,f9,42,f4,f8,9c,7b,e1,d2,3e,d5,4c,fe,69,16, b8,f8,ff,b7,72,3e,b4,0a,a1,8a,05,f6,71,95,8c,ef,16,78,a7,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0c97009-4299-4455-bab4-d28d0e73f920}] @Denied: (Full) (Everyone) "Model"=dword:00000023 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(980) c:\windows\system32\athgina.dll - - - - - - - > 'explorer.exe'(2664) c:\program files\LogProtect\DllHookM.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\wscntfy.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe . ************************************************************************** . Heure de fin: 2010-02-07 16:35:33 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-07 16:35 ComboFix2.txt 2010-01-13 20:33 ComboFix3.txt 2010-01-10 13:40 ComboFix4.txt 2010-01-06 10:02 Avant-CF: 35 087 040 512 octets libres Après-CF: 35 145 084 928 octets libres - - End Of File - - C4BFE2B96A249BEC00A453DFE1B83474
  10. gazouz33
    FoxScan Version 1.1.1 Par Loup blanc - Zebulon.fr Scan lancé le 07/02/2010 à 12:15 Microsoft Windows XP Professionnel Service Pack 3 [version 5.1.2600] Mozilla Firefox version : 3.6 (fr) Dossier d'installation : C:\Program Files\Mozilla Firefox ================================================================================ = ---------- Compte utilisateur : ADEL ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\ Pages de démarrage prefs.js : "http://www.cherche.us/"'>http://www.cherche.us/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : Java Console Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ Etat : actif Nom : Java Quick Starter Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\ Etat : actif Nom : Xmarks Dossier : C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\extensions\foxmarks@kei.com\ Etat : actif Nom : Solid State ION Dossier : C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\extensions\SolidStateION@solidstatenetworks.com\ Etat : actif Nom : FlashGot Dossier : C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : "http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=" keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\ADEL\Application Data\mozilla\firefox\Profiles\5f0fjwnd.default\searchplugins\cherche.xml Template : http://google.cherche.us/Result.php?client ================================================================================ = ---------- Compte utilisateur : ADEL1 [session en cours] ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\ Pages de démarrage prefs.js : "http://www.cherche.us/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : Java Console Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ Etat : actif Nom : Xmarks Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\foxmarks@kei.com\ Etat : actif Nom : TV5 - Dictionnaires Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\{b055c535-4a3a-11db-9659-00e08161166f}\ Etat : actif Nom : BitComet Video Downloader Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\ Etat : actif Nom : BitComet 视频下载器 Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\ Etat : actif Nom : Chickenfoot Dossier : C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : "Wikipédia (fr keyword.URL : "http://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=" keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\ADEL1\Application Data\mozilla\firefox\Profiles\iaat96us.default\searchplugins\cherche.xml Template : http://www.cherche.us/Result.php?client ================================================================================ = ---------- Section commune ================================================================================ = //////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\ browserdirprovider.dll brwsrcmp.dll ------------------------------------------------------ //////////// Plugins de recherche \\\\\\\\\\\\\ --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml Template : http://www.amazon.fr/exec/obidos/external-search/ C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml Template : http://www.cnrtl.fr/lexicographie/{searchTerms} C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml Template : http://rover.ebay.com/rover/1/709-47295-17703-3/4 C:\Program Files\Mozilla Firefox\searchplugins\google.xml Template : http://www.google.com/search C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml Template : http://fr.wikipedia.org/wiki/Special:Recherche C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml Template : http://fr.search.yahoo.com/search ------------------------------------------------------ //////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection] "Description"="Détection de sa configuration" "Vendor"="CybelSoft" "Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3] "Description"="Yahoo Messenger State Plugin" "Vendor"="Yahoo" "Path"="C:\Program Files\Yahoo!\Shared\npYState.dll" ------------------------------------------------------ //////////// Recherche additionnelles... \\\\\\\\\\\\\ ==== Extension supplémentaire ==== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6\extensions] =========================== Fin du rapport ===========================
  11. gazouz33
    OK c'est fait voici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50:46, on 06/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Conexant\SmartAudio\SmAudio.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\LogProtect\LogProtect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ADEL1\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [smAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [LogProtect] C:\Program Files\LogProtect\LogProtect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O15 - Trusted Zone: http://software.kuaiche.com O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- End of file - 6525 bytes
  12. gazouz33
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:24:03, on 06/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Conexant\SmartAudio\SmAudio.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ADEL1\Mes documents\Downloads\Programs\BarreFinal401.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\ADEL1\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [smAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [LogProtect] C:\Program Files\LogProtect\LogProtect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\ADEL1\scriptjava.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O15 - Trusted Zone: http://software.kuaiche.com O20 - AppInit_DLLs: € O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- End of file - 7903 bytes
  13. gazouz33
    voici le rapport log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by ADEL1 at 2010-02-05 12:24:41 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 34 GB (56%) free of 60 GB Total RAM: 2038 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:00, on 05/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Conexant\SmartAudio\SmAudio.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ADEL1\Mes documents\Downloads\Programs\BarreFinal401.exe C:\Documents and Settings\ADEL1\Mes documents\Downloads\Programs\RSIT.exe C:\Program Files\trend micro\ADEL1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file) O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [smAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\ADEL1\scriptjava.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O15 - Trusted Zone: http://software.kuaiche.com O20 - AppInit_DLLs: CLKERN.DLL,€ O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- End of file - 8119 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D}] VIPTToolbarManager Class - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll [2005-04-25 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - Visual IP Trace - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll [2005-04-25 32768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-09-11 172032] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032] "SmAudio"=C:\Program Files\Conexant\SmartAudio\SmAudio.exe [2007-07-24 3495240] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176] "mumservice"=C:\Program Files\Motorola\Software Update\mumservice.exe [2009-12-01 1066240] ""= [] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="CLKERN.DLL,€" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-09-11 217088] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Motorola\RSD Lite\SDL.exe"="C:\Program Files\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL" "C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu" "C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81da71fe-0b33-11df-8a55-002268ca5b9c}] shell\AutoRun\command - G:\dmrhfs.exe shell\explore\command - G:\dmrhfs.exe shell\open\command - G:\dmrhfs.exe ======List of files/folders created in the last 1 months====== 2010-02-05 12:24:42 ----D---- C:\Program Files\trend micro 2010-02-05 12:24:41 ----D---- C:\rsit 2010-02-04 20:53:51 ----D---- C:\Program Files\Visual IP Trace 2009 2010-02-03 20:22:44 ----D---- C:\Program Files\Cracklock 2010-02-02 21:51:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! 2010-02-02 21:51:31 ----A---- C:\YServer.txt 2010-02-02 15:17:31 ----D---- C:\Documents and Settings\ADEL1\Application Data\TeamViewer 2010-02-02 15:17:21 ----D---- C:\Program Files\TeamViewer 2010-02-02 12:19:56 ----D---- C:\Program Files\JDownloader 2010-01-30 16:50:00 ----D---- C:\Mes Sites Web 2010-01-30 16:49:13 ----D---- C:\Program Files\WinHTTrack 2010-01-29 15:53:47 ----A---- C:\WINDOWS\system32\winrar32.exe 2010-01-25 13:59:27 ----D---- C:\Program Files\Eggiz 2010-01-23 13:48:49 ----N---- C:\wepkey speedtouch.txt 2010-01-21 20:39:02 ----A---- C:\wepkeys_djaweb.txt 2010-01-18 10:21:34 ----D---- C:\spoolerlogs 2010-01-15 15:49:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SDI 2010-01-15 15:49:32 ----D---- C:\Documents and Settings\ADEL1\Application Data\SDI 2010-01-15 15:36:41 ----D---- C:\Program Files\AF Software 2010-01-15 15:17:51 ----N---- C:\WINDOWS\system32\wpcap.dll 2010-01-15 15:17:51 ----N---- C:\WINDOWS\system32\WanPacket.dll 2010-01-15 15:17:51 ----N---- C:\WINDOWS\system32\Packet.dll 2010-01-15 15:17:51 ----D---- C:\Program Files\Makayama 2010-01-15 14:59:42 ----D---- C:\Program Files\Abitec 2010-01-14 13:50:22 ----D---- C:\Program Files\Microsoft Windows Script 2010-01-14 13:50:17 ----D---- C:\Program Files\Fma 2010-01-14 13:50:17 ----D---- C:\Documents and Settings\ADEL1\Application Data\FMA 2010-01-14 13:26:04 ----D---- C:\Documents and Settings\ADEL1\Application Data\Globe7 2010-01-14 13:03:45 ----D---- C:\Program Files\PowerQuest 2010-01-14 12:34:15 ----D---- C:\Program Files\WebCopier 2010-01-13 20:40:32 ----SHD---- C:\RECYCLER 2010-01-13 20:33:24 ----D---- C:\WINDOWS\temp 2010-01-13 20:33:22 ----A---- C:\ComboFix.txt 2010-01-13 20:28:26 ----D---- C:\ComboFix 2010-01-13 20:24:45 ----A---- C:\wepkeys.txt 2010-01-11 10:32:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield 2010-01-11 10:31:15 ----D---- C:\Program Files\Fichiers communs\Jasc Software Inc 2010-01-11 10:31:15 ----D---- C:\Documents and Settings\ADEL1\Application Data\Jasc Software Inc 2010-01-11 10:30:33 ----D---- C:\Program Files\Jasc Software Inc 2010-01-07 13:31:34 ----A---- C:\WINDOWS\WD.INI 2010-01-07 13:31:05 ----D---- C:\CIM10 2010-01-07 13:31:03 ----D---- C:\HSF 2010-01-06 10:56:33 ----D---- C:\Downloads 2010-01-06 10:56:11 ----D---- C:\Program Files\BitComet 2010-01-06 10:26:39 ----D---- C:\Program Files\freebird 2010-01-06 09:55:08 ----A---- C:\WINDOWS\zip.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\SWSC.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\SWREG.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\sed.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\PEV.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\NIRCMD.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\MBR.exe 2010-01-06 09:55:08 ----A---- C:\WINDOWS\grep.exe 2010-01-06 09:55:01 ----D---- C:\WINDOWS\ERDNT 2010-01-06 09:54:34 ----AD---- C:\Qoobox ======List of files/folders modified in the last 1 months====== 2010-02-05 12:24:47 ----D---- C:\WINDOWS\Prefetch 2010-02-05 12:24:42 ----RD---- C:\Program Files 2010-02-05 12:21:51 ----D---- C:\Program Files\Mozilla Firefox 2010-02-05 12:21:32 ----D---- C:\WINDOWS\system32 2010-02-04 20:54:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-02-04 20:52:14 ----D---- C:\Documents and Settings\ADEL1\Application Data\DMCache 2010-02-04 20:50:04 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-03 21:45:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-02 21:51:09 ----D---- C:\Program Files\Yahoo! 2010-02-02 13:58:44 ----D---- C:\Documents and Settings\ADEL1\Application Data\uTorrent 2010-01-30 20:46:16 ----D---- C:\Documents and Settings\ADEL1\Application Data\IDM 2010-01-27 12:55:42 ----D---- C:\WINDOWS 2010-01-25 22:11:11 ----A---- C:\WINDOWS\NeroDigital.ini 2010-01-19 20:02:48 ----RSD---- C:\WINDOWS\Fonts 2010-01-16 12:48:39 ----ASH---- C:\boot.ini 2010-01-16 00:20:36 ----SHD---- C:\WINDOWS\Installer 2010-01-16 00:20:36 ----D---- C:\Config.Msi 2010-01-15 15:17:51 ----D---- C:\WINDOWS\system32\drivers 2010-01-15 15:07:27 ----D---- C:\WINDOWS\system32\appmgmt 2010-01-15 14:33:32 ----SHD---- C:\System Volume Information 2010-01-15 14:33:32 ----D---- C:\WINDOWS\system32\Restore 2010-01-14 13:50:24 ----HD---- C:\WINDOWS\inf 2010-01-14 13:04:01 ----HD---- C:\Program Files\InstallShield Installation Information 2010-01-13 20:31:18 ----A---- C:\WINDOWS\system.ini 2010-01-11 10:31:40 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-11 10:31:39 ----D---- C:\Program Files\Fichiers communs\InstallShield 2010-01-11 10:31:15 ----D---- C:\Program Files\Fichiers communs 2010-01-10 13:38:00 ----D---- C:\WINDOWS\AppPatch 2010-01-10 12:13:29 ----SD---- C:\Documents and Settings\ADEL1\Application Data\Microsoft 2010-01-07 13:31:27 ----A---- C:\WINDOWS\win.ini 2010-01-07 10:59:26 ----D---- C:\Program Files\Internet Download Manager 2010-01-06 10:07:29 ----RSD---- C:\WINDOWS\assembly 2010-01-06 10:07:29 ----D---- C:\WINDOWS\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-13 225664] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-29 56816] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-06-27 1315776] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-12-18 732160] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-07 12288] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520] R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2009-06-19 19712] S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320] S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2009-05-08 42752] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-10-27 23936] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512] S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2010-01-04 22768] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2008-07-07 467029] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-29 185089] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-09 91392] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- et le rapport info.txt info.txt logfile of random's system information tool 1.06 2010-02-05 12:25:02 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002} Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x040c -removeonly Avanquest update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x40c Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bit Che-->"C:\Program Files\Bit Che\unins000.exe" BitComet 1.17-->C:\Program Files\BitComet\uninst.exe Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -I*.INF Easy WiFi Radar PRO 1.0.0-->C:\PROGRA~1\Makayama\EASYWI~1\Setup.exe /remove /q0 EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036 HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -ITE1HER5m.inf HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HP Officejet K7100 Series Toolbox-->MsiExec.exe /X{C9F9BEAE-3963-41D3-B970-CA60C6A71179} HP Officejet K7100 Series-->C:\Program Files\HP\Digital Imaging\{297A3C8E-6650-4311-B7B9-C1516FBBEEF7}\setup\hpzscr01.exe -datfile hpwscr13.dat -forcereboot HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} JDownloader-->C:\Program Files\JDownloader\uninstall.exe Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Meteo Fusion 1.5.9.11-->"C:\Program Files\Eggiz\Meteo Fusion\unins000.exe" MicroBest Cracklock 3.8.4-->"C:\Program Files\Cracklock\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Motorola Phone Tools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x40c -removeonly Motorola Software Update-->MsiExec.exe /I{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914} Motorola USB Drivers v2.9-->MsiExec.exe /X{86EB9B75-C7F8-4D7D-A032-6C5858757525} Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801036} ooVoo-->"C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x040c -removeonly OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33} PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} RSDLite-->MsiExec.exe /I{FBEA1DA0-5289-4B11-983C-3D9FA03E670F} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SIW version 2009-03-17-->"C:\Program Files\SIW\unins000.exe" SmartAudio-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801 TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe Visual IP Trace-->"C:\Program Files\Visual IP Trace 2009\Uninstall.exe" "C:\Program Files\Visual IP Trace 2009" Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.43-9-->"C:\Program Files\WinHTTrack\unins000.exe" XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe" Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: PC-ADEL Event Code: 7036 Message: Le service WEP/WPA-PMK key recovery service est entré dans l'état : en cours d'exécution. Record Number: 1202 Source Name: Service Control Manager Time Written: 20100113202445.000000+000 Event Type: Informations User: Computer Name: PC-ADEL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Pilote de filtre de trafic IP. Record Number: 1201 Source Name: Service Control Manager Time Written: 20100113202252.000000+000 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: PC-ADEL Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté. Record Number: 1200 Source Name: Service Control Manager Time Written: 20100113202246.000000+000 Event Type: Informations User: Computer Name: PC-ADEL Event Code: 7036 Message: Le service hpqwmiex est entré dans l'état : en cours d'exécution. Record Number: 1199 Source Name: Service Control Manager Time Written: 20100113202241.000000+000 Event Type: Informations User: Computer Name: PC-ADEL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service hpqwmiex. Record Number: 1198 Source Name: Service Control Manager Time Written: 20100113202241.000000+000 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20091209112736.000000+000 Event Type: Informations User: Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20091209112730.000000+000 Event Type: Informations User: Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20091209112541.000000+000 Event Type: Informations User: Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20091209112455.000000+000 Event Type: Informations User: Computer Name: ADEL Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20091209112454.000000+000 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF---------------
  14. gazouz33
    Bonjour Depuis quelque temps, malwarebytes antimalware (MBAM) n'arrête pas de me signaler qu'il a bloqué l'accès à une IP malveillante même quand je n'ai aucune activité sur le net (je ne surf pas, je je n'ai aucun page ouverte, je ne télécharge pas). J'ai fait un scan de Avira antivir, aucun fichier infecté, j'ai fait un examen complet de MBAM et il n'a rien trouvé. Quelqu'un purrait il me dire à quoi je suis confronté et quelle est la solution ? voici un screen et l'adresse IP (qui est toujours la même qui proviendrait de Hollande d'après un site de trace IP). merci
  15. gazouz33
    Ayant galèré aussi avant de pouvoir réparer un AVI cassé, j'ai utilisé DivFix et ça a très bien marché; et c'est très rapide en plus. Voila suivez ces instructions et ça ira mieux pour votre film: 1-Installer DivFix (bien sur) 2- Lancez le 3- lancer DivFix 4- ouvrir le fichier .avi corrompu 5- cocher "keep original" 6- cocher "Cut out bad parts" 7- cliquez sur "Rebuild Index" 8- ensuite sur "Strip Index" et c'est fini, vous trouverez le nouveau fichier dans le même dossier que le fichier original
  16. gazouz33
    Oui, c'est le même que j'ai utilisé. Il s'installe normalement mais ça ne fonctionne pas Oui bien sur c'est bien le premier reflex que j'ai eu, celui d'appuyer sur le bouton mais tu peux le constater sur mes captures, c'est comme si le bouton était hs.
  17. gazouz33
    Bonjour à tous, je vous éxpose mon problème. Voila je suis en possession d'un Compaq presario C700 qui tournait sous vista familial basic. je l'ai formaté et réinstallé XP pro sp2 et j'ai réinstallé les drivers adéquats. Tous marche nikel sauf pour la carte wifi (ATHEROS AR5006X) dont le voyant reste orange ce qui veut dire étteinte, mais la carte en elle même est bien détectée par windows qui la reconnait et j'ai même l'icone du réseau dans la abrre des tâches (avec une crois rouge). On m'avait dit que c'était à cause d'une mauvaise version du driver, mais je viens de télécharger la dernière version et ça ne marche toujours pas, le voyant est toujours orange au lieu d'être bleu. Alors, si vous avez des proposition ou suggestions ou si vous voulez plus de détails, je reste à l'écoute et merci beaucoup.
  18. gazouz33
    C'est exact, mais je pense que ça ne va pas aussi mal que je le crois, puisque j'ai reçu un fax me disant que le ministère a signé une convention avec les télécom pour ce qui est de la fourniture et l'installation du materiel puisque ce sont nos fournisseurs (les télécom). Un problème de moins. Merci KwlCat sincèrement et à la prochaine. Donc je pense que mon problème est résolu donc ce post peut-être fermé par nos chers administrateur. Merci à tous
  19. gazouz33
    Salut KewlCat et merci pour ta réponse. Je m'excuse si j'ai été impatient mais saches que je ne suis pas au courant de vos moeurs ainsi que vos habitudes vu que je suis dans un pays étranger. Tu plaisantes où quoi ? je viens à peine d'être recruté après 6 ans de chômage et j'ai été nommé CIES (correspondant informatique des établissements de santé) une sorte de chef de service mais sans aucune personne dans le services tu vois ? donc je suis le chef, le subordonné, le technicien, le programmeur, le maintenancier et occasionnellement agent de saisie . Donc pour une éventuelle formation, je peux toujours attendre. Franchement, si. Ils n'ont pas omis d'envoyer la docu mais le hic c'est qu'elle est en..... chinois et en finnois ou neerlandais donc ça ne m'aide pas. Par contre, avec ton lien, je crois que je commence à y voir claire du moment que ça se configure sous windows (j'avais trop peur que ce soit sous linux ou un autre OS). C'est pas que je n'aime pas linux mais je suis limité par le temps. Je vais essayer de me débrouiller comme un grand, et puis c'est l'occasion d'apprendre (à condition de ne pas faire de bourdes) Merci quand même KewlCat d'avoir pris du temps et de m'avoir répondu. Si tu veux savoir autre chose je suis à ta disposition. PS : j'ai trouvé de la docu sur stonegate fw310. C'est pas le même mais ça devrait me donner une idée. Reste plus qu'à traduire.
  20. gazouz33
    personne pour me répondre ? au fait, si vous pensez que mon post devrait être dans la section "matériel" je demande aux administrateurs de bien vouloir le déplacer. merci
  21. gazouz33
    Bonjour à tous Voila, je vous expose mon problème. Dans le cadre d'un programme ministériel, nous avons reçu le matériel pour installer un réseau intranet national, voici la liste du matos: armoire de brassage panneau d'alimentation 24 ports un switch 24 ports un onduleur 1000 VA un firewall (materiel) STONEGATE FW 300 Et c'est là le but de ma question, c'est à dire le firewall. Bon, tous les autres trucs je connais déja mais j'avoue que je ne comprends pas vraiment comment installer ce firewal Ce que je voudra comprendre c'est comment l'installer, le configurer et où le brancher. merci
  22. gazouz33
    Ce lien est infecté où je me trompe ???????
  23. gazouz33
    Bon, j'ai voulu en avoir le coeur net et j'ai passé un coup de MBAM et devinez quoi ? il trouvé deux autres infections. Voici le rapport ça pourrait aider qui sait. Malwarebytes' Anti-Malware 1.16 Version de la base de données: 846 21:38:39 04/07/2008 mbam-log-7-4-2008 (21-38-39).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 82519 Temps écoulé: 26 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  24. gazouz33
    Merci beaucoup, je suis ravi de m'être débarrassé de ces cochonnerie .
  25. gazouz33
    Après avoir scanné mon Pc suite à toutes sortes de problèmes, voici le rapport d'Avira : Report file date: vendredi 4 juillet 2008 15:59 Scanning for 1378593 virus strains and unwanted programs. Licensed to: hiphop anonymous Serial number: 1101603756-PEPWE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: ADEL1 Computer name: ADEL Version information: BUILD.DAT : 8.1.0.344 19214 Bytes 28/05/2008 17:00:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 11:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 10:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 10:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 10:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 10:43:09 ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 10:43:19 ANTIVIR3.VDF : 7.0.5.50 139264 Bytes 04/07/2008 13:21:40 Engineversion : 8.1.0.64 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 11:58:21 AESCRIPT.DLL : 8.1.0.46 283002 Bytes 02/07/2008 17:21:01 AESCN.DLL : 8.1.0.22 119157 Bytes 02/07/2008 10:45:00 AERDL.DLL : 8.1.0.20 418165 Bytes 02/07/2008 10:44:58 AEPACK.DLL : 8.1.1.6 364918 Bytes 02/07/2008 10:44:51 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 02/07/2008 10:44:19 AEHEUR.DLL : 8.1.0.35 1298806 Bytes 02/07/2008 17:20:57 AEHELP.DLL : 8.1.0.15 115063 Bytes 02/07/2008 10:43:40 AEGEN.DLL : 8.1.0.29 307573 Bytes 02/07/2008 10:43:39 AEEMU.DLL : 8.1.0.6 430451 Bytes 02/07/2008 10:43:33 AECORE.DLL : 8.1.0.32 168311 Bytes 02/07/2008 17:20:45 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 19:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 12:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 15:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 19:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 10:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 10:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 19:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 19:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 14:05:10 RCIMAGE.DLL : 8.0.0.31 2564353 Bytes 28/02/2008 11:19:50 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 13:45:45 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Premium\PROFILES\folder.avp Logging..........................: low Primary action...................: repair Secondary action.................: quarantine Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 4 juillet 2008 15:59 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '23' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\ADEL1\Bureau\perso\perso.exe [DETECTION] Contains detection pattern of the worm WORM/Brontok.C [NOTE] The file was moved to '48e049d7.qua'! C:\Documents and Settings\ADEL1\Bureau\perso\SALIP\SALIP.exe [DETECTION] Contains detection pattern of the worm WORM/Brontok.C [NOTE] The file was moved to '48ba49b5.qua'! C:\Program Files\Alcohol Soft\Alcohol 120\patch.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '48e24cfb.qua'! End of the scan: vendredi 4 juillet 2008 17:02 Used time: 1:03:06 min The scan has been done completely. 3983 Scanning directories 157574 Files were scanned 3 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 157571 Files not concerned 816 Archives were scanned 1 Warnings 3 Notes et celui de HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:56, on 04/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\update.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.blingo.com/search?q=blingo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/search?q=blingo R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.blingo.com/friends?ref=k0mqBd7j..._ysP80cjUOrMT2A R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKCU\..\Run: [ADIMON MFC Application] C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF2A2E7-74EB-4E73-A5EA-DADA5E98C173}: NameServer = 41.221.20.4 213.140.2.12 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file) O23 - Service: 13BB7DC7 - Unknown owner - C:\WINDOWS\system32\6DE79875.EXE (file missing) O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6933 bytes Dois je faire autre chose ? surtout que le PC reste toujours lent au démarrage de certaines applications (firefox) Merci à tous, j'attends vos recommandations.
×
×
  • Créer...