Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Advertise here

Sapidou

Par Sapidou
dans Analyses et éradication malwares

 Partager

Messages recommandés

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Salut et bienvenue sur le forum ;)

 

Quelques liens pour t'aider à commencer :

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement ;)

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton Ajouter une réponse

 

*********

 

Si tu as utilisé ComboFix, poste le rapport généré stp: tu les trouveras dans le lecteur C:\ et il se nomme ComboFix.txt

Sapidou Junior Member

Sapidou

Posté(e)
  • Auteur
Posté(e)

ComboFix 10-11-02.04 - Mohamed 03/11/10 11:27:27.1.2 - x86

Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3067.1586 [GMT 1:00]

Lancé depuis: c:\users\Mohamed\Desktop\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\users\Mohamed\AppData\Roaming\.#

c:\users\Mohamed\AppData\Roaming\.#\MBX@930@3E2998.###

c:\users\Mohamed\AppData\Roaming\.#\MBX@930@3E29C8.###

c:\users\Mohamed\AppData\Roaming\.#\MBX@930@3E29F8.###

c:\users\Mohamed\Documents\Readiris.DUS

c:\windows\AUTOLNCH.REG

c:\windows\system32\xmlpr0v32a.dll

 

----- BITS: Il y a peut-être des sites infectés -----

 

hxxp://wlxindex

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-10-03 au 2010-11-03 ))))))))))))))))))))))))))))))))))))

.

 

2010-11-03 08:54 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A694F9FE-2AC9-44F9-AFDA-9B6810EAF9BD}\mpengine.dll

2010-11-02 18:43 . 2010-11-02 18:43 -------- d-----w- c:\users\Mohamed\FSL

2010-10-29 21:25 . 2010-10-29 21:36 -------- d-----w- c:\users\Mohamed\AppData\Roaming\MyHeritage

2010-10-29 21:25 . 2010-10-29 21:28 -------- d-----w- c:\programdata\MyHeritage

2010-10-29 21:24 . 2010-10-29 21:24 -------- d-----w- c:\program files\Family Toolbar

2010-10-29 21:24 . 2010-10-29 21:24 -------- d-----w- c:\users\Mohamed\AppData\Roaming\The Complete Genealogy Reporter - FTB

2010-10-29 21:24 . 2003-07-06 12:07 372736 ----a-w- c:\windows\system32\ijl15.dll

2010-10-29 21:24 . 2002-03-06 23:19 454656 ----a-w- c:\windows\system32\PaintX.dll

2010-10-29 21:24 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\msmapi32.ocx

2010-10-29 21:23 . 2010-10-29 21:24 -------- d-----w- C:\MyHeritage

2010-10-29 20:26 . 1999-11-12 04:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL

2010-10-29 20:26 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2010-10-28 10:36 . 2010-10-28 10:36 -------- d-----w- c:\users\Mohamed\VSWebCache

2010-10-26 19:47 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-26 19:47 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-26 19:47 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-26 19:47 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-26 19:23 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-24 21:45 . 2009-10-07 19:39 180224 ----a-w- c:\windows\system32\cnvshell.dll

2010-10-24 21:02 . 2010-10-24 21:02 -------- d-----w- c:\programdata\NCH Software

2010-10-24 16:52 . 2010-10-24 16:52 -------- d-----r- C:\MSOCache

2010-10-22 11:50 . 2010-10-22 11:50 -------- d-----w- c:\users\Mohamed\AppData\Local\Seven Zip

2010-10-21 15:22 . 2010-10-21 15:22 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-10-16 20:46 . 2010-10-16 20:46 -------- d-----w- c:\program files\Common Files\Skype

2010-10-15 18:11 . 1998-10-07 12:08 327168 ----a-w- c:\windows\IsUn040c.exe

2010-10-15 18:11 . 2001-08-14 12:24 90112 ----a-w- c:\windows\system32\hpsjvset.dll

2010-10-15 18:11 . 2001-08-03 10:23 40960 ----a-w- c:\windows\system32\hpgmausd.dll

2010-10-15 18:11 . 2000-10-09 17:57 102400 ----a-w- c:\windows\system32\hpgmastr.dll

2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-10-14 19:19 . 2010-09-01 07:30 94208 ----a-w- c:\program files\Internet Explorer\fr\iediag.resources.dll

2010-10-14 19:11 . 2010-08-16 06:14 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2010-10-14 19:11 . 2010-08-16 06:15 804864 ----a-w- c:\windows\system32\FntCache.dll

2010-10-14 19:11 . 2010-08-16 06:14 1076224 ----a-w- c:\windows\system32\DWrite.dll

2010-10-14 19:11 . 2010-08-16 06:14 737280 ----a-w- c:\windows\system32\d2d1.dll

2010-10-14 19:11 . 2010-08-16 06:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2010-10-14 19:10 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2010-10-14 19:10 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2010-10-14 19:10 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2010-10-14 19:09 . 2010-10-14 19:09 -------- d-----w- c:\program files\Feedback Tool

2010-10-14 07:02 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2010-10-14 07:01 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-14 06:38 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2010-10-14 06:38 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-10-14 06:38 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-10-14 06:38 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll

2010-10-14 06:38 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-10-14 06:38 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-10-14 06:38 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-10-14 06:35 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-14 06:35 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-10-14 06:35 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-10-14 06:35 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-10-14 06:35 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-10-14 06:35 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-14 06:35 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-10-13 12:56 . 2010-10-13 17:48 -------- d-----w- c:\users\Mohamed\AppData\Roaming\ICSharpCode

2010-10-13 09:36 . 2010-10-13 09:36 -------- d-----w- c:\users\Mohamed\AppData\Roaming\stetic

2010-10-13 09:35 . 2010-10-15 13:19 -------- d-----w- c:\users\Mohamed\AppData\Roaming\MonoDevelop

2010-10-13 06:26 . 2010-10-13 06:26 -------- d-----w- c:\users\Mohamed\AppData\Roaming\Avira

2010-10-13 06:09 . 2010-08-17 12:39 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-13 06:09 . 2010-08-17 12:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-13 06:09 . 2010-10-13 06:09 -------- d-----w- c:\programdata\Avira

2010-10-11 12:12 . 2010-10-11 12:12 -------- d-----w- c:\users\Mohamed\InstallAnywhere

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\en-US

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\system32\en

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\system32\drivers\en-US

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\system32\ar

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\system32\0409

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\ar-SA

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\system32\drivers\ar-SA

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\system32\drivers\UMDF\en-US

2010-10-09 17:57 . 2010-10-09 17:57 -------- d-----w- c:\windows\system32\drivers\UMDF\ar-SA

2010-10-09 17:56 . 2010-10-14 19:34 -------- d-----w- c:\windows\system32\wbem\en-US

2010-10-09 17:56 . 2010-10-14 19:34 -------- d-----w- c:\windows\system32\wbem\ar-SA

2010-10-09 17:53 . 2009-07-13 17:42 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ar-SA\LXKPTPRC.DLL.mui

2010-10-08 13:58 . 2010-10-08 14:32 -------- d-----w- c:\program files\Readiris Pro 11

2010-10-06 08:11 . 2010-10-06 08:11 -------- d-----w- c:\users\Mohamed\AppData\Roaming\Nitro PDF

2010-10-06 08:11 . 2010-09-30 13:28 17712 ----a-w- c:\windows\system32\nitrolocalui.dll

2010-10-06 08:11 . 2010-09-30 13:28 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll

2010-10-06 08:09 . 2010-10-06 08:09 -------- d-----w- c:\users\Mohamed\AppData\Roaming\Downloaded Installations

2010-10-04 10:52 . 2010-10-04 10:52 -------- d-----w- c:\users\Mohamed\AppData\Local\Finkit

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 10:41 . 2010-07-11 17:57 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-15 11:16 . 2010-09-25 21:04 209920 ----a-w- c:\windows\iun3401.exe

2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-07 20:46 . 2010-09-07 20:46 105388 ----a-w- c:\windows\system32\ad8f456c.exe

2010-09-07 20:45 . 2010-09-07 20:45 64232 ----a-w- c:\windows\system32\pnuffepgkhsbomt.exe

2010-09-04 17:57 . 2010-09-04 17:57 7168 ----a-w- c:\windows\system32\Pbpr01sw.dll

2010-08-26 13:33 . 2010-08-26 13:33 86576 ----a-w- c:\users\Mohamed\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

2010-08-26 13:33 . 2010-08-26 13:33 392728 ----a-w- c:\users\Mohamed\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll

2010-08-26 13:33 . 2010-08-26 13:33 132672 ----a-w- c:\users\Mohamed\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

2010-08-21 05:32 . 2010-09-17 13:11 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 10:59 . 2010-08-16 10:59 53248 ----a-w- c:\windows\system32\unrar.dll

2010-08-13 14:51 . 2010-08-13 14:51 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-08-10 18:44 . 2010-08-10 18:44 49016 ----a-w- c:\windows\system32\sirenacm.dll

2006-10-12 03:09 94208 --sh--w- c:\windows\System32\SalaatTime.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"= "c:\program files\Setuprog\tbSetu.dll" [2010-02-22 2353176]

 

[HKEY_CLASSES_ROOT\clsid\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]

2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]

2010-02-22 11:05 2353176 ----a-w- c:\program files\Setuprog\tbSetu.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"= "c:\program files\Setuprog\tbSetu.dll" [2010-02-22 2353176]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

 

[HKEY_CLASSES_ROOT\clsid\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]

 

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{F4EF4468-9BBB-45A1-A2CE-F0C430A9A7E5}"= "c:\program files\Setuprog\tbSetu.dll" [2010-02-22 2353176]

 

[HKEY_CLASSES_ROOT\clsid\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2010-07-26 12:09 70776 ----a-w- d:\programmes\Internet Download Manager\IDMShellExt.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"IDMan"="d:\programmes\Internet Download Manager\IDMan.exe" [2010-08-08 3241312]

"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2008-05-16 13496320]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-11 68856]

"ManicTime"="d:\programmes\ManicTime\ManicTime.exe" [2010-10-19 582984]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"E09FXLRD_4237033"="d:\programmes\Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" [2008-05-28 351000]

"SuperCopier2.exe"="d:\programmes\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]

"OfficeSyncProcess"="d:\programmes\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"avgnt"="d:\programmes\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

"BCSSync"="d:\programmes\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

 

c:\users\Mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 - Capture d'‚cran et lancement.lnk - d:\programmes\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\programmes\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-12 1343400]

R4 MSSQLServerADHelper100;Service SQL Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\programmes\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-07-26 68240]

S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

S3 NETw5s32;Pilote de carte Intel® Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - UBHelper

.

Contenu du dossier 'Tâches planifiées'

 

2010-11-03 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-09-03 20:55]

 

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 19:57]

 

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 19:57]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://search.myheritage.com

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://search.myheritage.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Télécharger avec IDM - d:\programmes\Internet Download Manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - d:\programmes\Internet Download Manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - d:\programmes\Internet Download Manager\IEGetAll.htm

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\70mbwduj.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.fr/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{3d0f2817-b22b-4f8f-3691-b8107ffb5512}\components\fff0e614.dll

FF - component: c:\users\Mohamed\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: d:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: d:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: d:\programmes\Google\Picasa3\npPicasa3.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-persistent-connections-per-server - 4

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

BHO-{490589b0-6d6c-0ff2-d460-b18f9b642010} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

ShellExecuteHooks-{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2} - WDShell

 

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-1661148129-1578780410-3629880296-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:68,76,ef,f0,30,f2,7f,3d,fd,9c,87,10,ba,c7,c5,a4,70,3d,73,61,37,39,df,

c6,40,88,f9,1e,8b,02,9a,31,0e,13,da,27,44,b8,bc,b4,bf,a0,2e,22,02,dc,da,6d,\

"??"=hex:c3,0c,33,ac,a5,fc,e0,6f,43,b2,4f,a9,36,32,05,23

 

[HKEY_USERS\S-1-5-21-1661148129-1578780410-3629880296-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):69,b7,7f,d4,e3,a7,3e,6e,90,6e,7b,a0,14,5b,82,3b,0b,be,7a,d4,76,

30,56,c0,1d,0c,5b,92,29,63,ab,76,cc,92,6e,04,2f,1b,db,8a,00,00,00,00,00,00,\

 

[HKEY_USERS\S-1-5-21-1661148129-1578780410-3629880296-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):4b,e6,38,a2,f4,4a,bb,f8,0a,fc,7c,74,14,62,9f,e1,89,5d,35,af,d2,

3c,77,8c,84,7d,82,a9,6c,0c,8a,84,b2,9d,cf,c9,2f,43,c1,de,00,00,00,00,00,00,\

 

[HKEY_USERS\S-1-5-21-1661148129-1578780410-3629880296-1000_Classes\CLSID\{c1a4a4f1-d205-45d1-be4b-41fd221bc167}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000119

"Therad"=dword:00000006

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

 

[HKEY_USERS\S-1-5-21-1661148129-1578780410-3629880296-1000_Classes\CLSID\{feb9ff69-86ba-4cb1-8def-9158eb67b9a4}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000d4

"Therad"=dword:0000002a

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,a2,56,5d,f3,13,26,b2,34,1d,82,d3,1c,f3,48,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(1880)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\system32\btncopy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

d:\programmes\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\taskhost.exe

d:\programmes\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Heure de fin: 2010-11-03 11:41:38 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-11-03 10:41

 

Avant-CF: 73 754 329 088 octets libres

Après-CF: 73 438 236 672 octets libres

 

- - End Of File - - D515D17944656FAC19E5B2C8A076F060

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut ;)

 

Ok merci pour le rapport. Il met en évidence des fichiers douteux et très certainement infectieux.

Continue comme ceci =>

 

Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
    20091211135631.png
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complêt"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Sapidou Junior Member

Sapidou

Posté(e)
  • Auteur
Posté(e)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5065

 

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

 

07/11/10 16:40:26

mbam-log-2010-11-07 (16-40-26).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 486791

Temps écoulé: 2 heure(s), 1 minute(s), 40 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 5

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ad8f456c (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ASH24SXZ9S (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_application (Hijacker.Application) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Windows\System32\ad8f456c.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Windows\System32\pnuffepgkhsbomt.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut ;)

 

Très bien: MBAM a bien détecté et supprimé les deux fichiers douteux en question :)

 

Passe par le Panneau de Configuration et désinstalle ce programme => Setuprog Toolbar

 

Poste moi ces rapports pour terminer =>

 

Télécharge DDS de sUBs depuis un de ces liens. Sauvegarde le sur ton Bureau >>

dds_scr.gif

  • DDS.scr
  • DDS.pif
     
  • Double clique sur l'icône de DDS pour lancer le programme..
  • Le résultat va s'afficher dans deux fichiers au format texte.
  • Poste les rapports DDS.txt ainsi que Attach.txt

NOTE:

Désactive tout programme antimalware avant de lancer le scan .

Ne lance aucun autre scan (antivirus) en même temps.

N'utilise pas le pc pour autre chose pendant ce scan.

 

Poste ces deux rapport dans deux messages séparés car ils peuvent être longs et faire bugger le topic ;)

 

Comment fonctionne le pc ?

Sapidou Junior Member

Sapidou

Posté(e)
  • Auteur
Posté(e)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-11-08.01)

 

Microsoft Windows 7 Édition Intégrale

Boot Device: \Device\HarddiskVolume2

Install Date: 11/07/10 19:25:30

System Uptime: 11/08/10 21:04:10 (2136 hours ago)

 

Motherboard: Acer | | Makalu

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 144 GiB total, 67,907 GiB free.

D: is FIXED (NTFS) - 144 GiB total, 120,265 GiB free.

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP224: 20/10/10 21:48:49 - Configured Version d'évaluation de Microsoft Office Professionnel 2010

RP225: 20/10/10 21:53:21 - Removed Microsoft Office Professionnel 2010

RP227: 20/10/10 22:23:59 - Installed Version d'évaluation de Microsoft Office Professionnel 2010

RP228: 20/10/10 22:32:34 - Installed Version d'évaluation de Microsoft Office Professionnel 2010

RP229: 21/10/10 16:21:00 - Installed Version d'évaluation de Microsoft Office Professionnel Plus 2010

RP230: 22/10/10 09:29:01 - Windows Update

RP231: 23/10/10 12:48:45 - Windows Update

RP232: 23/10/10 13:50:01 - Nitro PDF Reader supprimé

RP233: 26/10/10 08:58:08 - Installed ManicTime

RP234: 26/10/10 20:22:50 - Windows Update

RP235: 26/10/10 21:50:50 - Windows Update

RP236: 26/10/10 21:55:38 - Windows Update

RP237: 29/10/10 07:24:50 - Windows Update

RP238: 30/10/10 10:47:48 - Removed Java 6 Update 21

RP239: 03/11/10 09:53:47 - Windows Update

RP240: 04/11/10 08:09:59 - Windows Update

RP241: 05/11/10 15:12:58 - Windows Update

 

==== Installed Programs ======================

 

ABB Image Icon Converter 5.1

Acer Arcade Deluxe

Acer Crystal Eye Webcam

Acer eAudio Management

Acer eDataSecurity Management

Acer Empowering Technology

Acer ePower Management

Acer eRecovery Management

Acer eSettings Management

Acer GameZone Console 2.0.1.1

Acer GridVista

Acer Mobility Center Plug-In

Acer ScreenSaver

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.0 - Français

Adobe Shockwave Player 11.5

Agatha Christie Death on the Nile

Alice Greenfingers

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

µTorrent

Audacity 1.3.12 (Unicode)

Avira AntiVir Personal - Free Antivirus

Azada

Backspin Billiards

Bejeweled 2 Deluxe

Big Kahuna Reef

Bled Pour Tous

Bricks of Egypt

Bridge Baron 20 Français

Caesar IV

Caesar IV Demo

Cake Mania

Cake Mania - Lights Camera Action

CCleaner

Chicken Invaders 3

Contrôle ActiveX Windows Live Devices pour connexions à distance

Crystal Reports for Visual Studio

D3DX10

Definition update for Microsoft Office 2010 (KB982726)

Dictionnaire Français

Diner Dash Flo on the Go

Dotfuscator Software Services - Community Edition - FRA

Feedback Tool

Fichiers de support d'installation de Microsoft SQL Server 2008

Football Manager 2010

Free Mp3 Wma Converter V 1.91

Funbridge2

GIMP 2.6.10

Glary Utilities 2.29.0.1032

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Google Earth

HDAUDIO Soft Data Fax Modem with SmartCP

HP PrecisionScan LTX

ImageConverter Plus 8.0

Infra. d'app. de la couche Données Microsoft SQL Server 2008 R2

Intel® Matrix Storage Manager

Internet Download Manager

Jewel Quest Solitaire

Kick N Rush

Launch Manager

Le Petit Robert 2010

Learn to Play Bridge

LightScribe 1.4.142.1

Logiciel d'archivage WinRAR

Mah Jong Quest III Balance of Life

Mahjong Escape Ancient China

Mahjong Escape Ancient Japan

MahJong Quest II Deluxe

Mahjongg Artifacts 2

Malwarebytes' Anti-Malware

ManicTime

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile FRA Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended FRA Language Pack

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - FRA

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - FRA

Microsoft Encarta 2009 - Collection

Microsoft Expression Blend 3

Microsoft Expression Blend 3 SDK

Microsoft Expression Design 3

Microsoft Expression Encoder 3

Microsoft Expression Studio 3

Microsoft Expression Web 3

Microsoft Expression Web 3 SP1

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Help Viewer 1.0

Microsoft Help Viewer 1.0 Language Pack - FRA

Microsoft Office Access MUI (French) 2010

Microsoft Office Excel MUI (French) 2010

Microsoft Office Groove MUI (French) 2010

Microsoft Office InfoPath MUI (French) 2010

Microsoft Office OneNote MUI (French) 2010

Microsoft Office Outlook MUI (French) 2010

Microsoft Office PowerPoint MUI (French) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Professionnel Plus 2010

Microsoft Office Proof (Arabic) 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (French) 2010

Microsoft Office Publisher MUI (French) 2010

Microsoft Office Shared MUI (French) 2010

Microsoft Office Word MUI (French) 2010

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 3 SDK - Français

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server Compact 3.5 SP2 FRA

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime v1.0 SP1 (x86) fr

Microsoft Sync Framework SDK v1.0 SP1 fr

Microsoft Sync Framework Services v1.0 SP1 (x86) fr

Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) fr

Microsoft Team Foundation Server 2010 Object Model - FRA

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual Studio 2010 Office Developer Tools (x86)

Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - FRA

Microsoft Visual Studio 2010 Professional - FRA

Microsoft Visual Studio 2010 Professional - Français

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - FRA

Microsoft Visual Studio Macro Tools

Microsoft Visual Studio Macro Tools - FRA Language Pack

Microsoft Works

Mise à jour pour Microsoft Outlook Social Connector (KB2289116)

Modèle objet Microsoft Team Foundation Server 2010 - Français

Module linguistique de la visionneuse d'aide Microsoft 1.0 - FRA

Module linguistique Microsoft .NET Framework 4 Client Profile FRA

Module linguistique Microsoft .NET Framework 4 Extended FRA

Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x86) - FRA

Mozilla Firefox (3.6.12)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyHeritage Family Tree Builder

MySQL Connector/ODBC 3.51

Mystery Case Files - Huntsville

Mystery Solitaire - Secret Island

Notification de cadeaux MSN

NVIDIA Drivers

Objets de gestion Microsoft SQL Server 2008 R2

OpenOffice.org 3.2

Outils Microsoft Visual Studio 2010 ADO.NET Entity Framework

PC Chrono 1.1.0.6

Personal Translator 2008 Professional English French

PhotoNow!

Picasa 3

Pixillion Image Converter

PVSonyDll

QuickTime

RadioSure

Readiris Pro 11 Mr.Underground Edition

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Revo Uninstaller 1.89

Salaat Time 2.0

Sandlot Games Client Services 1.2.2

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft Word 2010 (KB2345000)

Service Pack 1 pour SQL Server 2008 (KB968369)

Skype Toolbars

Skype 5.0

SolSuite 2010 v10.5

Sql Server Customer Experience Improvement Program

SuperCopier2

Synaptics Pointing Device Driver

SYSTRAN

The Treasures of Mystery Island: The Gates of Fate

UltraEdit 16.20

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft OneNote 2010 (KB2288640)

Update for Microsoft Outlook Social Connector (KB2289116)

Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 FRA

VLC media player 1.1.4

Web Deployment Tool

WIDCOMM Bluetooth Software 6.0.1.6400

Winbond CIR Device Drivers

Windows Live Bêta

Windows Live Communications Platform

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live Photo Common Beta

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinHTTrack Website Copier 3.43-9C

WPF Toolkit June 2009 (Version 3.5.40619.1)

Zuma Deluxe

 

==== End Of File ===========================

 

DDS (Ver_10-11-08.01) - NTFSx86

Run by Mohamed at 21:12:09,64 on 08/11/10

Internet Explorer: 9.0.7930.16406

Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3067.1899 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

D:\Programmes\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

D:\Programmes\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\taskhost.exe

D:\Programmes\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\conhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Mohamed\AppData\Local\Temp\RtkBtMnt.exe

D:\Programmes\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Programmes\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\wbem\unsecapp.exe

D:\Programmes\FSL_Launcher\FSL_Launcher.exe

D:\Programmes\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Mohamed\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://google.fr/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://search.myheritage.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\programmes\internet download manager\IDMIECC.dll

BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [iDMan] d:\programmes\internet download manager\IDMan.exe /onboot

uRun: [salaatTime] c:\program files\salaat time\SalaatTime.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ManicTime] d:\programmes\manictime\ManicTime.exe /minimized /name:

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [E09FXLRD_4237033] "d:\programmes\encarta\microsoft encarta 2009 - collection dvd\EDICT.EXE" -m

uRun: [superCopier2.exe] d:\programmes\supercopier2\SuperCopier2.exe

uRun: [OfficeSyncProcess] "d:\programmes\microsoft office\office14\MSOSYNC.EXE"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"

mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"

mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe

mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "d:\programmes\avira\antivir desktop\avgnt.exe" /min

mRun: [bCSSync] "d:\programmes\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\mohamed\appdata\roaming\micros~1\windows\startm~1\programs\startup\fsl_la~1.lnk - d:\programmes\fsl_launcher\FSL_Launcher.exe

StartupFolder: c:\users\mohamed\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - d:\programmes\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Envoyer à OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Télécharger avec IDM - d:\programmes\internet download manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - d:\programmes\internet download manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - d:\programmes\internet download manager\IEGetAll.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\programmes\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\programmes\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~1\office14\GROOVEEX.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\mohamed\appdata\roaming\mozilla\firefox\profiles\70mbwduj.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.fr/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - component: c:\program files\mozilla firefox\extensions\{3d0f2817-b22b-4f8f-3691-b8107ffb5512}\components\fff0e614.dll

FF - component: c:\users\mohamed\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: d:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: d:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: d:\programmes\google\picasa3\npPicasa3.dll

FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{3d0f2817-b22b-4f8f-3691-b8107ffb5512}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-persistent-connections-per-server - 4

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

 

============= SERVICES / DRIVERS ===============

 

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2010-7-11 61424]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\programmes\avira\antivir desktop\sched.exe [2010-10-13 135336]

R2 AntiVirService;Avira AntiVir Guard;d:\programmes\avira\antivir desktop\avguard.exe [2010-10-13 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-13 60936]

R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2010-7-11 81504]

R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-11-20 24576]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-7-26 68240]

R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2010-7-11 122368]

R3 NETw5s32;Pilote de carte Intel® Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-11-21 44064]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-17 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\programmes\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 32 bits;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-12 1343400]

S4 MSSQLServerADHelper100;Service SQL Active Directory Helper;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

 

=============== Created Last 30 ================

 

2010-11-07 13:29:37 -------- d-----w- c:\users\mohamed\appdata\roaming\Malwarebytes

2010-11-07 13:29:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-07 13:29:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-07 13:29:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-07 13:29:30 -------- d-----w- c:\progra~2\Malwarebytes

2010-11-05 14:13:18 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ab54276f-a797-4777-93da-98c95cecc362}\mpengine.dll

2010-11-03 10:36:30 -------- d-----w- C:\$RECYCLE.BIN

2010-11-03 10:25:03 98816 ----a-w- c:\windows\sed.exe

2010-11-03 10:25:03 86528 ----a-w- c:\windows\MBR.exe

2010-11-03 10:25:03 256512 ----a-w- c:\windows\PEV.exe

2010-11-03 10:25:03 161792 ----a-w- c:\windows\SWREG.exe

2010-11-02 18:43:33 -------- d-----w- c:\users\mohamed\FSL

2010-10-29 21:25:28 -------- d-----w- c:\users\mohamed\appdata\roaming\MyHeritage

2010-10-29 21:25:28 -------- d-----w- c:\progra~2\MyHeritage

2010-10-29 21:24:09 -------- d-----w- c:\program files\Family Toolbar

2010-10-29 21:24:08 454656 ----a-w- c:\windows\system32\PaintX.dll

2010-10-29 21:24:08 372736 ----a-w- c:\windows\system32\ijl15.dll

2010-10-29 21:24:08 137000 ----a-w- c:\windows\system32\msmapi32.ocx

2010-10-29 21:24:08 -------- d-----w- c:\users\mohamed\appdata\roaming\The Complete Genealogy Reporter - FTB

2010-10-29 21:23:59 -------- d-----w- C:\MyHeritage

2010-10-29 20:26:32 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2010-10-29 20:26:32 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL

2010-10-28 10:36:07 -------- d-----w- c:\users\mohamed\VSWebCache

2010-10-26 19:47:36 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-26 19:47:36 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-26 19:47:36 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-26 19:47:36 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-26 19:23:28 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-24 21:45:57 180224 ----a-w- c:\windows\system32\cnvshell.dll

2010-10-22 11:50:10 -------- d-----w- c:\users\mohamed\appdata\local\Seven Zip

2010-10-21 15:22:12 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-10-15 18:11:35 327168 ----a-w- c:\windows\IsUn040c.exe

2010-10-15 18:11:22 90112 ----a-w- c:\windows\system32\hpsjvset.dll

2010-10-15 18:11:22 40960 ----a-w- c:\windows\system32\hpgmausd.dll

2010-10-15 18:11:22 102400 ----a-w- c:\windows\system32\hpgmastr.dll

2010-10-14 23:44:02 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-10-14 19:19:27 94208 ----a-w- c:\program files\internet explorer\fr\iediag.resources.dll

2010-10-14 19:11:23 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2010-10-14 19:11:22 804864 ----a-w- c:\windows\system32\FntCache.dll

2010-10-14 19:11:22 737280 ----a-w- c:\windows\system32\d2d1.dll

2010-10-14 19:11:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2010-10-14 19:11:22 1076224 ----a-w- c:\windows\system32\DWrite.dll

2010-10-14 19:10:50 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2010-10-14 19:10:50 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2010-10-14 19:10:16 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2010-10-14 19:09:07 -------- d-----w- c:\program files\Feedback Tool

2010-10-14 07:02:00 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2010-10-14 07:01:59 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-14 06:38:56 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2010-10-14 06:38:55 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-10-14 06:38:33 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-10-14 06:38:31 224256 ----a-w- c:\windows\system32\schannel.dll

2010-10-14 06:38:21 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-10-14 06:38:18 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-10-14 06:38:18 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-10-14 06:35:13 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-14 06:35:09 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-10-14 06:35:09 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-10-14 06:35:09 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-10-14 06:35:09 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-10-14 06:35:04 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-14 06:35:01 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-10-13 12:56:33 -------- d-----w- c:\users\mohamed\appdata\roaming\ICSharpCode

2010-10-13 09:36:04 -------- d-----w- c:\users\mohamed\appdata\roaming\stetic

2010-10-13 09:35:41 -------- d-----w- c:\users\mohamed\appdata\roaming\MonoDevelop

2010-10-13 06:26:07 -------- d-----w- c:\users\mohamed\appdata\roaming\Avira

2010-10-13 06:09:37 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-13 06:09:36 -------- d-----w- c:\progra~2\Avira

2010-10-11 12:12:50 -------- d-----w- c:\users\mohamed\InstallAnywhere

 

==================== Find3M ====================

 

2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-15 11:16:21 209920 ----a-w- c:\windows\iun3401.exe

2010-09-30 13:28:08 17712 ----a-w- c:\windows\system32\nitrolocalui.dll

2010-09-30 13:28:06 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll

2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-04 17:57:52 7168 ----a-w- c:\windows\system32\Pbpr01sw.dll

2010-08-31 23:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll

2010-08-31 23:44:32 367104 ----a-w- c:\windows\system32\html.iec

2010-08-31 23:44:30 1448448 ----a-w- c:\windows\system32\inetcpl.cpl

2010-08-31 23:44:24 1122304 ----a-w- c:\windows\system32\wininet.dll

2010-08-31 23:44:06 424960 ----a-w- c:\windows\system32\vbscript.dll

2010-08-31 23:43:22 23552 ----a-w- c:\windows\system32\licmgr10.dll

2010-08-31 23:43:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2010-08-31 23:43:12 114176 ----a-w- c:\windows\system32\iesysprep.dll

2010-08-31 23:43:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2010-08-31 23:43:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2010-08-31 23:42:58 51200 ----a-w- c:\windows\system32\admparse.dll

2010-08-31 23:42:54 75264 ----a-w- c:\windows\system32\iesetup.dll

2010-08-31 23:42:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2010-08-31 23:42:42 150016 ----a-w- c:\windows\system32\iexpress.exe

2010-08-31 23:42:42 149504 ----a-w- c:\windows\system32\wextract.exe

2010-08-31 23:42:20 33280 ----a-w- c:\windows\system32\imgutil.dll

2010-08-31 23:42:16 48640 ----a-w- c:\windows\system32\mshtmler.dll

2010-08-31 23:42:12 11264 ----a-w- c:\windows\system32\mshta.exe

2010-08-31 23:42:10 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2010-08-31 23:42:04 63488 ----a-w- c:\windows\system32\tdc.ocx

2010-08-31 23:41:46 160768 ----a-w- c:\windows\system32\msls31.dll

2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 10:59:24 53248 ----a-w- c:\windows\system32\unrar.dll

2010-08-13 14:51:40 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2006-10-12 03:09:40 94208 --sh--w- c:\windows\system32\SalaatTime.dll

 

============= FINISH: 21:13:05,53 ===============

Sapidou Junior Member

Sapidou

Posté(e)
  • Auteur
Posté(e)

Salut

Je viens de poster les deux rapports demandés.

Je m'excuse, je ne sais pas bien utiliser ce forum.

Pour le Pc, il fonctionne normalement.

Encore merci pour ton aide !

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

ok le dernier rapport ne montre rien de mauvais.

 

  • Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) et copie/colle ceci =>
     
    ComboFix /uninstall (il y a un espace entre x et / si tu recopies la commande manuellement)
    CF_Uninstall-1.jpg
  • Clique sur le bouton OK
  • Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc: la restauration système sera purgée, les options d'affichage des fichiers seront restaurées et les fichiers/dossiers installés par ComboFix auront disparu.

 

Encore une toolbar a la réputation douteuse dont tu peux te débarrasser: poste moi ce rapport stp =>

 

Clique ICI pour télécharger le fichier d'installation d'HijackThis :

  1. Enregistre Hijackthis.exe sur ton bureau kkhl0s90lj.gif
  2. Double-clique sur Hijackthis.exe pour lancer le programme
  3. Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis
  4. Accepte la license en cliquant sur le bouton "I Accept"
  5. Choisis l'option "Do a system scan and save a log file"
  6. Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
  7. Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
  8. Colle le rapport que tu viens de copier sur ce forum
  9. Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Sapidou Junior Member

Sapidou

Posté(e)
  • Auteur
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:10:10, on 09/11/10

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\wbem\unsecapp.exe

D:\Programmes\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

D:\Programmes\Internet Download Manager\IDMan.exe

C:\Program Files\Salaat Time\SalaatTime.exe

D:\Programmes\ManicTime\ManicTime.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Programmes\Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE

D:\Programmes\SuperCopier2\SuperCopier2.exe

D:\Programmes\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

D:\Programmes\FSL_Launcher\FSL_Launcher.exe

D:\Programmes\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\explorer.exe

C:\Users\Mohamed\Desktop\HiJackThis.exe

 

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 1787 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...