A voir également:
- Fenetre Grenn Card Lottery
- Raccourci agrandir fenetre - Guide
- Fenêtre hors écran windows 11 - Guide
- Realtek card reader - Forum Logiciels
- Fenêtre - Guide
- Tf card ✓ - Forum Mobile
4 réponses
quendistu
Messages postés
509
Date d'inscription
lundi 3 novembre 2008
Statut
Membre
Dernière intervention
4 juin 2009
87
14 avril 2009 à 14:33
14 avril 2009 à 14:33
Comme solution provisoire pour éviter d'être embétté par ce site le mettre dans dans les sites interdits de internet explorer :
Menu Outils / options internet / sécurité / sites sensibles / sites / saisir http://www.usadvl.org / Ajouter / Fermer / redémarrer IE.
Je ne sais plus si il y a la même chose sous firefox.
Supprimer tous les cookies et fichiers temporaires.
Préciser quels antivirus ont été essayés.
Créer un CD Ultimate Boot CD for Windows (UBCD4WIN) avec les dernières mises à jour puis booter dessus et passer tous les antivirus et les anti spy les uns après les autres.
Menu Outils / options internet / sécurité / sites sensibles / sites / saisir http://www.usadvl.org / Ajouter / Fermer / redémarrer IE.
Je ne sais plus si il y a la même chose sous firefox.
Supprimer tous les cookies et fichiers temporaires.
Préciser quels antivirus ont été essayés.
Créer un CD Ultimate Boot CD for Windows (UBCD4WIN) avec les dernières mises à jour puis booter dessus et passer tous les antivirus et les anti spy les uns après les autres.
Skibiriti
Messages postés
69
Date d'inscription
lundi 21 mai 2007
Statut
Membre
Dernière intervention
25 juin 2011
15 avril 2009 à 13:08
15 avril 2009 à 13:08
Bonjour
Malgré toute ses tentatives. Toujours la même chose.
Malgré toute ses tentatives. Toujours la même chose.
Voici le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:15, on 15/04/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\EasyPHP 3.0\EasyPHP.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\advhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\BOUARI\Downloads\HiJackThis.exe
C:\Windows\System32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP 3.0\EasyPHP.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_world/?url=
O13 - WWW Prefix: http://www.myhottersearchbox.com/not_found_world/?url=
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: C:\Windows\system32\adlaunch32.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:15, on 15/04/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\EasyPHP 3.0\EasyPHP.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\advhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\BOUARI\Downloads\HiJackThis.exe
C:\Windows\System32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP 3.0\EasyPHP.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_world/?url=
O13 - WWW Prefix: http://www.myhottersearchbox.com/not_found_world/?url=
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: C:\Windows\system32\adlaunch32.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
Voici le rapport de Combox
ComboFix 09-04-15.08 - BOUARI 15/04/2009 12:23.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.44.1036.18.2550.1653 [GMT 0:00]
Running from: c:\users\BOUARI\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2099-02-14 18:16 . 2009-04-09 08:41 -------- d-----w c:\windows\system32\catroot2
2099-02-14 18:16 . 2009-02-14 19:28 -------- d-----w c:\windows\Debug
2099-02-14 18:13 . 2099-02-14 18:19 -------- d-----w c:\windows\Panther
2099-02-14 18:12 . 2099-02-14 18:12 8192 --s-a-r C:\BOOTSECT.BAK
2099-02-14 18:12 . 2009-02-25 14:25 -------- d-sh--w C:\Boot
2099-02-14 18:12 . 2009-02-25 10:24 443912 --sha-r C:\bootmgr
2009-04-15 12:02 . 2009-04-15 12:02 507904 ----a-w c:\windows\TMUPDATE.DLL
2009-04-15 12:02 . 2009-04-15 12:02 69689 ----a-w c:\windows\UNZIP.DLL
2009-04-14 19:25 . 2009-04-14 19:25 -------- d-----w c:\users\BOUARI\AppData\Roaming\Malwarebytes
2009-04-14 19:25 . 2009-04-06 15:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 19:25 . 2009-04-06 15:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 19:25 . 2009-04-14 19:25 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-14 19:25 . 2009-04-14 19:25 -------- d-----w c:\programdata\Malwarebytes
2009-04-14 18:51 . 2009-04-14 18:51 -------- d-----w C:\MSNFix
2009-04-14 18:50 . 2008-01-20 23:47 186514 ----a-w C:\MSNFix.bat
2009-04-14 09:11 . 2009-02-05 21:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-04-14 08:42 . 2009-04-14 08:42 86040 ----a-w c:\windows\system32\adlaunch32.dll
2009-04-14 08:42 . 2009-04-14 08:42 122384 ----a-w c:\windows\system32\advhost.exe
2009-04-13 21:21 . 2009-04-13 21:21 446976 ----a-w c:\windows\system32\ShellMPD.dll
2009-04-13 21:16 . 2009-04-13 21:18 -------- d-----w c:\users\BOUARI\AppData\Roaming\MSN Pictures Displayer
2009-04-13 21:16 . 2009-04-13 21:21 -------- d-----w c:\users\All Users\MSN Pictures Displayer
2009-04-13 21:16 . 2009-04-13 21:21 -------- d-----w c:\programdata\MSN Pictures Displayer
2009-04-07 17:43 . 2009-04-07 17:43 680 ----a-w c:\users\BOUARI\AppData\Local\d3d9caps.dat
2009-04-02 10:09 . 2009-04-14 10:40 147122367 ----a-w c:\windows\MEMORY.DMP
2009-04-01 22:20 . 2009-04-01 22:20 -------- d-----w C:\omniformat
2009-03-29 00:31 . 2009-03-29 00:31 -------- d-----w c:\users\BOUARI\AppData\Roaming\DivX
2009-03-29 00:31 . 2009-03-29 00:31 -------- d-----w c:\users\BOUARI\AppData\Roaming\Media Player Classic
2009-03-28 19:05 . 2009-03-28 19:05 -------- d-----w c:\users\All Users\WinZip
2009-03-28 19:05 . 2009-03-28 19:05 -------- d-----w c:\programdata\WinZip
2009-03-28 18:29 . 2009-03-28 18:29 -------- d-----w C:\pnp
2009-03-26 12:38 . 2009-03-26 12:38 -------- d-----w c:\users\All Users\ConeXware
2009-03-26 12:38 . 2009-03-26 12:38 -------- d-----w c:\programdata\ConeXware
2009-03-23 22:38 . 2009-03-28 14:49 -------- d-----w c:\users\BOUARI\AppData\Roaming\FileZilla
2009-03-23 13:29 . 2009-03-23 13:29 -------- d-----w c:\users\BOUARI\AppData\Roaming\Samsung
2009-03-23 11:27 . 2009-04-15 11:22 12 ----a-w c:\windows\bthservsdp.dat
2009-03-23 11:03 . 2006-05-03 22:53 174592 ----a-w c:\windows\system32\framedyn.dll
2009-03-23 10:55 . 2007-07-03 16:58 106792 ----a-w c:\windows\system32\drivers\sscdmdm.sys
2009-03-23 10:55 . 2007-07-03 16:57 11944 ----a-w c:\windows\system32\drivers\sscdmdfl.sys
2009-03-23 10:55 . 2007-07-03 16:56 9256 ----a-w c:\windows\system32\drivers\sscdcmnt.sys
2009-03-23 10:55 . 2007-07-03 16:56 9256 ----a-w c:\windows\system32\drivers\sscdcm.sys
2009-03-23 10:55 . 2007-07-03 17:00 9256 ----a-w c:\windows\system32\drivers\sscdwhnt.sys
2009-03-23 10:55 . 2007-07-03 17:00 9256 ----a-w c:\windows\system32\drivers\sscdwh.sys
2009-03-23 10:55 . 2007-07-03 16:54 80552 ----a-w c:\windows\system32\drivers\sscdbus.sys
2009-03-23 10:50 . 2009-03-23 10:59 -------- d-----w c:\windows\system32\Samsung_USB_Drivers
2009-03-23 10:49 . 2005-08-28 20:51 766 ----a-w c:\windows\system32\Uninstall.ico
2009-03-23 10:49 . 2009-03-23 11:16 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-03-19 19:39 . 2009-03-19 19:39 50 ----a-w c:\windows\MegaManager.INI
2009-03-18 14:18 . 2009-03-18 14:18 -------- d-----w c:\windows\system32\SDA
2009-03-18 13:44 . 2009-03-18 13:44 -------- d-----w c:\windows\tiinst
2009-03-18 13:15 . 2008-05-01 16:35 53248 ----a-w c:\windows\system32\CSVer.dll
2009-03-18 13:14 . 2009-03-18 13:14 -------- d-----w C:\Intel
2009-03-18 12:47 . 2009-04-10 13:51 -------- d-----w c:\users\BOUARI\AppData\Roaming\vlc
2009-03-17 21:18 . 2009-03-17 21:18 -------- d-----w c:\users\All Users\Vista64
2009-03-17 21:18 . 2009-03-17 21:18 -------- d-----w c:\programdata\Vista64
2009-03-17 21:18 . 2009-03-17 21:18 -------- d-----w c:\users\All Users\XP
2009-03-17 21:18 . 2009-03-17 21:18 -------- d-----w c:\programdata\XP
2009-03-17 17:50 . 2009-03-17 17:50 -------- d-----w c:\users\All Users\ma-config.com
2009-03-17 17:50 . 2009-03-17 17:50 -------- d-----w c:\programdata\ma-config.com
2009-03-16 23:32 . 2009-03-16 23:32 -------- d-----w c:\users\All Users\Megaupload
2009-03-16 23:32 . 2009-03-16 23:32 -------- d-----w c:\users\All Users\EmailNotifier
2009-03-16 23:32 . 2009-03-16 23:32 -------- d-----w c:\programdata\Megaupload
2009-03-16 23:32 . 2009-03-16 23:32 -------- d-----w c:\programdata\EmailNotifier
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 11:49 . 2009-04-01 22:10 -------- d-----w c:\program files\PowerPoint to Video
2009-04-15 11:36 . 2006-11-02 13:00 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-15 11:36 . 2006-11-02 13:00 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-15 11:36 . 2006-11-02 13:00 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-15 11:27 . 2009-04-15 11:27 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-15 11:27 . 2009-04-15 11:27 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-14 19:31 . 2009-04-14 19:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 16:08 . 2006-11-02 16:03 698282 ----a-w c:\windows\System32\perfh00C.dat
2009-04-14 16:08 . 2006-11-02 16:03 122952 ----a-w c:\windows\System32\perfc00C.dat
2009-04-14 10:44 . 2009-04-14 10:44 -------- d-----w c:\program files\AxBx
2009-04-14 09:11 . 2009-04-14 09:11 -------- d-----w c:\program files\Alwil Software
2009-04-09 08:40 . 2009-02-14 19:29 122272 ----a-w c:\users\BOUARI\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-08 17:44 . 2009-04-08 17:44 -------- d-----w c:\program files\EasyPHP 3.0
2009-04-06 22:23 . 2009-04-06 22:08 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-29 12:47 . 2009-02-15 13:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 12:47 . 2009-03-17 21:18 -------- d-----w c:\program files\TOSHIBA
2009-03-28 18:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-28 18:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-03-28 18:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-23 22:38 . 2009-03-23 22:38 -------- d-----w c:\program files\FileZilla FTP Client
2009-03-23 10:49 . 2009-03-23 10:49 -------- d-----w c:\program files\Samsung
2009-03-20 14:12 . 2009-03-20 14:12 -------- d-----w c:\program files\Yahoo!
2009-03-18 13:15 . 2009-03-18 13:15 -------- d-----w c:\program files\Intel
2009-03-17 21:09 . 2009-02-18 13:46 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-17 17:50 . 2009-03-17 17:50 -------- d-----w c:\program files\ma-config.com
2009-03-16 23:30 . 2009-03-16 23:30 -------- d-----w c:\program files\VideoLAN
2009-03-16 23:29 . 2009-03-02 23:39 -------- d-----w c:\program files\DivX
2009-03-16 23:29 . 2009-03-16 23:29 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-16 23:28 . 2009-03-16 23:28 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-16 23:26 . 2009-03-16 23:25 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-13 11:48 . 2009-03-13 11:48 -------- d-----w c:\program files\Yooda
2009-03-11 21:11 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-11 16:07 . 2009-02-15 15:00 -------- d-----w c:\programdata\Microsoft Help
2009-03-04 20:09 . 2009-03-04 20:09 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-04 20:07 . 2009-02-15 13:39 -------- d-----w c:\program files\Microsoft Works
2009-03-03 22:17 . 2009-03-03 22:17 -------- d-----w c:\program files\Microsoft
2009-03-03 22:17 . 2009-03-03 22:16 -------- d-----w c:\program files\Windows Live
2009-03-03 22:17 . 2009-03-03 22:17 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-03 21:50 . 2009-03-03 21:50 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-27 09:53 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-02-26 23:41 . 2009-02-26 23:41 268800 ----a-w c:\windows\System32\es.dll
2009-02-26 23:40 . 2009-02-26 23:40 1585664 ----a-w c:\windows\System32\setupapi.dll
2009-02-26 17:49 . 2009-02-26 11:54 -------- d-----w c:\program files\Google
2009-02-25 15:04 . 2009-02-25 15:04 1060920 ----a-w c:\windows\system32\drivers\ntfs.sys
2009-02-25 15:04 . 2009-02-25 15:04 41984 ----a-w c:\windows\system32\drivers\monitor.sys
2009-02-25 14:40 . 2009-02-25 14:40 410984 ----a-w c:\windows\System32\deploytk.dll
2009-02-25 14:40 . 2009-02-25 14:40 -------- d-----w c:\program files\Java
2009-02-25 14:25 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2009-02-25 14:19 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-02-25 14:19 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-02-25 14:19 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-02-25 11:09 . 2009-02-25 11:09 61440 ----a-w c:\windows\System32\winipsec.dll
2009-02-25 11:09 . 2009-02-25 11:09 361984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-02-25 11:09 . 2009-02-25 11:09 28672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-02-25 11:09 . 2009-02-25 11:09 272896 ----a-w c:\windows\System32\polstore.dll
2009-02-25 11:07 . 2009-02-25 11:07 95232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-02-25 11:07 . 2009-02-25 11:07 241152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-02-25 11:07 . 2009-02-25 11:07 160768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-02-25 11:06 . 2009-02-25 11:06 39424 ----a-w c:\windows\System32\ACCTRES.dll
2009-02-25 11:06 . 2009-02-25 11:06 205824 ----a-w c:\windows\System32\msoeacct.dll
2009-02-25 11:06 . 2009-02-25 11:06 87040 ----a-w c:\windows\System32\msoert2.dll
2009-02-25 11:05 . 2009-02-25 11:05 704000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-02-25 11:05 . 2009-02-25 11:05 258232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-02-25 11:05 . 2009-02-25 11:05 24064 ----a-w c:\windows\System32\wtsapi32.dll
2009-02-25 11:05 . 2009-02-25 11:05 20920 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-02-25 11:05 . 2009-02-25 11:05 28344 ----a-w c:\windows\system32\drivers\battc.sys
2009-02-25 11:05 . 2009-02-25 11:05 14208 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-02-25 11:05 . 2009-02-25 11:05 542720 ----a-w c:\windows\System32\sysmain.dll
2009-02-25 11:05 . 2009-02-25 11:05 67584 ----a-w c:\windows\System32\wlanhlp.dll
2009-02-25 11:05 . 2009-02-25 11:05 47104 ----a-w c:\windows\System32\wlanapi.dll
2009-02-25 11:05 . 2009-02-25 11:05 502784 ----a-w c:\windows\System32\wlansvc.dll
2009-02-25 11:05 . 2009-02-25 11:05 297984 ----a-w c:\windows\System32\wlansec.dll
2009-02-25 11:05 . 2009-02-25 11:05 290816 ----a-w c:\windows\System32\wlanmsm.dll
2009-02-25 11:04 . 2009-02-25 11:04 194560 ----a-w c:\windows\System32\WebClnt.dll
2009-02-25 11:04 . 2009-02-25 11:04 110080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2009-02-25 11:03 . 2009-02-25 11:03 826368 ----a-w c:\windows\System32\wininet.dll
2009-02-25 11:03 . 2009-02-25 11:03 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-02-25 11:02 . 2009-02-25 11:02 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-25 11:02 . 2009-02-25 11:02 56320 ----a-w c:\windows\System32\iesetup.dll
2009-02-25 11:01 . 2009-02-25 11:01 49664 ----a-w c:\windows\System32\csrsrv.dll
2009-02-25 11:01 . 2009-02-25 11:01 376320 ----a-w c:\windows\System32\winsrv.dll
2009-02-25 10:58 . 2009-02-25 10:58 297472 ----a-w c:\windows\System32\gdi32.dll
2009-02-25 10:58 . 2009-02-25 10:58 211456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-02-25 10:57 . 2009-02-25 10:57 374456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2009-02-25 10:56 . 2009-02-25 10:56 28672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-02-25 10:56 . 2009-02-25 10:56 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-02-25 10:56 . 2009-02-25 10:56 449536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-02-25 10:56 . 2009-02-25 10:56 2144256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-02-25 10:56 . 2009-02-25 10:56 537600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-02-25 10:56 . 2009-02-25 10:56 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-02-25 10:56 . 2009-02-25 10:56 4247552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-02-25 10:56 . 2009-02-25 10:56 1687040 ----a-w c:\windows\System32\gameux.dll
2009-02-25 10:55 . 2009-02-25 10:55 303616 ----a-w c:\windows\System32\wmpeffects.dll
2009-02-25 10:54 . 2009-02-25 10:54 2048 ----a-w c:\windows\System32\msxml3r.dll
2009-02-25 10:54 . 2009-02-25 10:54 1194496 ----a-w c:\windows\System32\msxml3.dll
2009-02-25 10:53 . 2009-02-25 10:53 414208 ----a-w c:\windows\System32\msscp.dll
2009-02-25 10:53 . 2009-02-25 10:53 356864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2009-02-25 10:52 . 2009-02-25 10:52 392192 ----a-w c:\windows\System32\FirewallAPI.dll
2009-02-25 10:52 . 2009-02-25 10:52 86016 ----a-w c:\windows\System32\icfupgd.dll
2009-02-25 10:52 . 2009-02-25 10:52 63488 ----a-w c:\windows\system32\drivers\mpsdrv.sys
2009-01-27 01:2009-01-27 01:34 34:38 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:2009-01-27 01:34 34:38 . c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-02-25 1232896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 148888]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"EasyPHP"="c:\program files\EasyPHP 3.0\EasyPHP.exe" [2006-11-19 176128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\users\BOUARI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MSN Pictures Displayer.lnk - c:\programdata\MSN Pictures Displayer\MSN Pictures Displayer.exe [2009-4-13 4712960]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-2-14 295606]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\adlaunch32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CDE312E6-DFCB-4C93-BA96-2EE535956478}"= UDP:3703:Adobe Version Cue CS3 Server
"{D6C6A7D9-646C-4333-A1B1-C7A8D213CD45}"= UDP:3704:Adobe Version Cue CS3 Server
"{E573670A-91B3-4F02-8A47-0ABEFD39EDCB}"= UDP:50900:Adobe Version Cue CS3 Server
"{944D6592-0CA9-4140-A357-1B056F1E678F}"= UDP:50901:Adobe Version Cue CS3 Server
"{30D0A034-FF8F-4ABD-8E56-A95AF66C125D}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{EED0D1FB-D4F0-41D6-9EF9-0B4908BA9D80}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{D640AF9D-F12B-4A82-8965-5209E4A189E9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{DF04D34E-2E44-4969-A917-81F07D37714F}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{F82BA27F-14F6-4D06-9B2B-C4AE324D3B69}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{75A51634-5023-44F7-95A3-D1278719D0E5}c:\\program files\\microsoft office\\office11\\frontpg.exe"= UDP:c:\program files\microsoft office\office11\frontpg.exe:Microsoft Office FrontPage
"UDP Query User{76B429FF-0A59-4CCD-933A-1E87A7C2DA67}c:\\program files\\microsoft office\\office11\\frontpg.exe"= TCP:c:\program files\microsoft office\office11\frontpg.exe:Microsoft Office FrontPage
"TCP Query User{45E003A4-B450-4DE9-9023-60E850FF0EE1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CF0FC09A-0A2E-4881-9595-F627B7BB2838}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{75CF5360-C765-4269-8910-46967D27B0CF}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{40C9C95F-C795-464E-A84F-978C639776F0}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{AE7A8019-BA1F-41F1-B22A-EE6B8EFD17F1}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{33924B6B-42B2-424E-8347-606CCC147AC8}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{70EE3737-83EC-46F7-B8BD-693ED5C2539D}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld
"UDP Query User{582CEE1F-1855-4535-B24E-3940E2E1D77B}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 TimerStop;TimerStop;c:\windows\system32\TimerStop.sys [2006-12-18 4096]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - F-SECURE_STANDALONE_MINIFILTER
*Deregistered* - F-Secure Standalone Minifilter
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2009-04-15 c:\windows\Tasks\User_Feed_Synchronization-{80366193-39D5-47E1-BBD1-604D04710ACF}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.explorerstartpage.com/wspage.php
mStart Page = hxxp://www.explorerstartpage.com/wspage.php
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\BOUARI\AppData\Roaming\Mozilla\Firefox\Profiles\mcol19xd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 12:24
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\adlaunch32.dll
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\adlaunch32.dll
.
Completion time: 2009-04-15 12:26
ComboFix-quarantined-files.txt 2009-04-15 12:26
ComboFix2.txt 2009-04-15 12:21
Pre-Run: 38 918 578 176 octets libres
Post-Run: 38 789 304 320 octets libres
282 --- E O F --- 2009-04-13 17:05
ComboFix 09-04-15.08 - BOUARI 15/04/2009 12:23.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.44.1036.18.2550.1653 [GMT 0:00]
Running from: c:\users\BOUARI\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2099-02-14 18:16 . 2009-04-09 08:41 -------- d-----w c:\windows\system32\catroot2
2099-02-14 18:16 . 2009-02-14 19:28 -------- d-----w c:\windows\Debug
2099-02-14 18:13 . 2099-02-14 18:19 -------- d-----w c:\windows\Panther
2099-02-14 18:12 . 2099-02-14 18:12 8192 --s-a-r C:\BOOTSECT.BAK
2099-02-14 18:12 . 2009-02-25 14:25 -------- d-sh--w C:\Boot
2099-02-14 18:12 . 2009-02-25 10:24 443912 --sha-r C:\bootmgr
2009-04-15 12:02 . 2009-04-15 12:02 507904 ----a-w c:\windows\TMUPDATE.DLL
2009-04-15 12:02 . 2009-04-15 12:02 69689 ----a-w c:\windows\UNZIP.DLL
2009-04-14 19:25 . 2009-04-14 19:25 -------- d-----w c:\users\BOUARI\AppData\Roaming\Malwarebytes
2009-04-14 19:25 . 2009-04-06 15:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 19:25 . 2009-04-06 15:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 19:25 . 2009-04-14 19:25 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-14 19:25 . 2009-04-14 19:25 -------- d-----w c:\programdata\Malwarebytes
2009-04-14 18:51 . 2009-04-14 18:51 -------- d-----w C:\MSNFix
2009-04-14 18:50 . 2008-01-20 23:47 186514 ----a-w C:\MSNFix.bat
2009-04-14 09:11 . 2009-02-05 21:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-04-14 08:42 . 2009-04-14 08:42 86040 ----a-w c:\windows\system32\adlaunch32.dll
2009-04-14 08:42 . 2009-04-14 08:42 122384 ----a-w c:\windows\system32\advhost.exe
2009-04-13 21:21 . 2009-04-13 21:21 446976 ----a-w c:\windows\system32\ShellMPD.dll
2009-04-13 21:16 . 2009-04-13 21:18 -------- d-----w c:\users\BOUARI\AppData\Roaming\MSN Pictures Displayer
2009-04-13 21:16 . 2009-04-13 21:21 -------- d-----w c:\users\All Users\MSN Pictures Displayer
2009-04-13 21:16 . 2009-04-13 21:21 -------- d-----w c:\programdata\MSN Pictures Displayer
2009-04-07 17:43 . 2009-04-07 17:43 680 ----a-w c:\users\BOUARI\AppData\Local\d3d9caps.dat
2009-04-02 10:09 . 2009-04-14 10:40 147122367 ----a-w c:\windows\MEMORY.DMP
2009-04-01 22:20 . 2009-04-01 22:20 -------- d-----w C:\omniformat
2009-03-29 00:31 . 2009-03-29 00:31 -------- d-----w c:\users\BOUARI\AppData\Roaming\DivX
2009-03-29 00:31 . 2009-03-29 00:31 -------- d-----w c:\users\BOUARI\AppData\Roaming\Media Player Classic
2009-03-28 19:05 . 2009-03-28 19:05 -------- d-----w c:\users\All Users\WinZip
2009-03-28 19:05 . 2009-03-28 19:05 -------- d-----w c:\programdata\WinZip
2009-03-28 18:29 . 2009-03-28 18:29 -------- d-----w C:\pnp
2009-03-26 12:38 . 2009-03-26 12:38 -------- d-----w c:\users\All Users\ConeXware
2009-03-26 12:38 . 2009-03-26 12:38 -------- d-----w c:\programdata\ConeXware
2009-03-23 22:38 . 2009-03-28 14:49 -------- d-----w c:\users\BOUARI\AppData\Roaming\FileZilla
2009-03-23 13:29 . 2009-03-23 13:29 -------- d-----w c:\users\BOUARI\AppData\Roaming\Samsung
2009-03-23 11:27 . 2009-04-15 11:22 12 ----a-w c:\windows\bthservsdp.dat
2009-03-23 11:03 . 2006-05-03 22:53 174592 ----a-w c:\windows\system32\framedyn.dll
2009-03-23 10:55 . 2007-07-03 16:58 106792 ----a-w c:\windows\system32\drivers\sscdmdm.sys
2009-03-23 10:55 . 2007-07-03 16:57 11944 ----a-w c:\windows\system32\drivers\sscdmdfl.sys
2009-03-23 10:55 . 2007-07-03 16:56 9256 ----a-w c:\windows\system32\drivers\sscdcmnt.sys
2009-03-23 10:55 . 2007-07-03 16:56 9256 ----a-w c:\windows\system32\drivers\sscdcm.sys
2009-03-23 10:55 . 2007-07-03 17:00 9256 ----a-w c:\windows\system32\drivers\sscdwhnt.sys
2009-03-23 10:55 . 2007-07-03 17:00 9256 ----a-w c:\windows\system32\drivers\sscdwh.sys
2009-03-23 10:55 . 2007-07-03 16:54 80552 ----a-w c:\windows\system32\drivers\sscdbus.sys
2009-03-23 10:50 . 2009-03-23 10:59 -------- d-----w c:\windows\system32\Samsung_USB_Drivers
2009-03-23 10:49 . 2005-08-28 20:51 766 ----a-w c:\windows\system32\Uninstall.ico
2009-03-23 10:49 . 2009-03-23 11:16 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-03-19 19:39 . 2009-03-19 19:39 50 ----a-w c:\windows\MegaManager.INI
2009-03-18 14:18 . 2009-03-18 14:18 -------- d-----w c:\windows\system32\SDA
2009-03-18 13:44 . 2009-03-18 13:44 -------- d-----w c:\windows\tiinst
2009-03-18 13:15 . 2008-05-01 16:35 53248 ----a-w c:\windows\system32\CSVer.dll
2009-03-18 13:14 . 2009-03-18 13:14 -------- d-----w C:\Intel
2009-03-18 12:47 . 2009-04-10 13:51 -------- d-----w c:\users\BOUARI\AppData\Roaming\vlc
2009-03-17 21:18 . 2009-03-17 21:18 -------- d-----w c:\users\All Users\Vista64
2009-03-17 21:18 . 2009-03-17 21:18 -------- d-----w c:\programdata\Vista64
2009-03-17 21:18 . 2009-03-17 21:18 -------- d-----w c:\users\All Users\XP
2009-03-17 21:18 . 2009-03-17 21:18 -------- d-----w c:\programdata\XP
2009-03-17 17:50 . 2009-03-17 17:50 -------- d-----w c:\users\All Users\ma-config.com
2009-03-17 17:50 . 2009-03-17 17:50 -------- d-----w c:\programdata\ma-config.com
2009-03-16 23:32 . 2009-03-16 23:32 -------- d-----w c:\users\All Users\Megaupload
2009-03-16 23:32 . 2009-03-16 23:32 -------- d-----w c:\users\All Users\EmailNotifier
2009-03-16 23:32 . 2009-03-16 23:32 -------- d-----w c:\programdata\Megaupload
2009-03-16 23:32 . 2009-03-16 23:32 -------- d-----w c:\programdata\EmailNotifier
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 11:49 . 2009-04-01 22:10 -------- d-----w c:\program files\PowerPoint to Video
2009-04-15 11:36 . 2006-11-02 13:00 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-15 11:36 . 2006-11-02 13:00 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-15 11:36 . 2006-11-02 13:00 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-15 11:27 . 2009-04-15 11:27 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-15 11:27 . 2009-04-15 11:27 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-14 19:31 . 2009-04-14 19:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 16:08 . 2006-11-02 16:03 698282 ----a-w c:\windows\System32\perfh00C.dat
2009-04-14 16:08 . 2006-11-02 16:03 122952 ----a-w c:\windows\System32\perfc00C.dat
2009-04-14 10:44 . 2009-04-14 10:44 -------- d-----w c:\program files\AxBx
2009-04-14 09:11 . 2009-04-14 09:11 -------- d-----w c:\program files\Alwil Software
2009-04-09 08:40 . 2009-02-14 19:29 122272 ----a-w c:\users\BOUARI\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-08 17:44 . 2009-04-08 17:44 -------- d-----w c:\program files\EasyPHP 3.0
2009-04-06 22:23 . 2009-04-06 22:08 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-29 12:47 . 2009-02-15 13:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 12:47 . 2009-03-17 21:18 -------- d-----w c:\program files\TOSHIBA
2009-03-28 18:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-28 18:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-03-28 18:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-23 22:38 . 2009-03-23 22:38 -------- d-----w c:\program files\FileZilla FTP Client
2009-03-23 10:49 . 2009-03-23 10:49 -------- d-----w c:\program files\Samsung
2009-03-20 14:12 . 2009-03-20 14:12 -------- d-----w c:\program files\Yahoo!
2009-03-18 13:15 . 2009-03-18 13:15 -------- d-----w c:\program files\Intel
2009-03-17 21:09 . 2009-02-18 13:46 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-17 17:50 . 2009-03-17 17:50 -------- d-----w c:\program files\ma-config.com
2009-03-16 23:30 . 2009-03-16 23:30 -------- d-----w c:\program files\VideoLAN
2009-03-16 23:29 . 2009-03-02 23:39 -------- d-----w c:\program files\DivX
2009-03-16 23:29 . 2009-03-16 23:29 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-16 23:28 . 2009-03-16 23:28 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-16 23:26 . 2009-03-16 23:25 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-13 11:48 . 2009-03-13 11:48 -------- d-----w c:\program files\Yooda
2009-03-11 21:11 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-11 16:07 . 2009-02-15 15:00 -------- d-----w c:\programdata\Microsoft Help
2009-03-04 20:09 . 2009-03-04 20:09 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-04 20:07 . 2009-02-15 13:39 -------- d-----w c:\program files\Microsoft Works
2009-03-03 22:17 . 2009-03-03 22:17 -------- d-----w c:\program files\Microsoft
2009-03-03 22:17 . 2009-03-03 22:16 -------- d-----w c:\program files\Windows Live
2009-03-03 22:17 . 2009-03-03 22:17 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-03 21:50 . 2009-03-03 21:50 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-27 09:53 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-02-26 23:41 . 2009-02-26 23:41 268800 ----a-w c:\windows\System32\es.dll
2009-02-26 23:40 . 2009-02-26 23:40 1585664 ----a-w c:\windows\System32\setupapi.dll
2009-02-26 17:49 . 2009-02-26 11:54 -------- d-----w c:\program files\Google
2009-02-25 15:04 . 2009-02-25 15:04 1060920 ----a-w c:\windows\system32\drivers\ntfs.sys
2009-02-25 15:04 . 2009-02-25 15:04 41984 ----a-w c:\windows\system32\drivers\monitor.sys
2009-02-25 14:40 . 2009-02-25 14:40 410984 ----a-w c:\windows\System32\deploytk.dll
2009-02-25 14:40 . 2009-02-25 14:40 -------- d-----w c:\program files\Java
2009-02-25 14:25 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2009-02-25 14:19 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-02-25 14:19 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-02-25 14:19 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-02-25 11:09 . 2009-02-25 11:09 61440 ----a-w c:\windows\System32\winipsec.dll
2009-02-25 11:09 . 2009-02-25 11:09 361984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-02-25 11:09 . 2009-02-25 11:09 28672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-02-25 11:09 . 2009-02-25 11:09 272896 ----a-w c:\windows\System32\polstore.dll
2009-02-25 11:07 . 2009-02-25 11:07 95232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-02-25 11:07 . 2009-02-25 11:07 241152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-02-25 11:07 . 2009-02-25 11:07 160768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-02-25 11:06 . 2009-02-25 11:06 39424 ----a-w c:\windows\System32\ACCTRES.dll
2009-02-25 11:06 . 2009-02-25 11:06 205824 ----a-w c:\windows\System32\msoeacct.dll
2009-02-25 11:06 . 2009-02-25 11:06 87040 ----a-w c:\windows\System32\msoert2.dll
2009-02-25 11:05 . 2009-02-25 11:05 704000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-02-25 11:05 . 2009-02-25 11:05 258232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-02-25 11:05 . 2009-02-25 11:05 24064 ----a-w c:\windows\System32\wtsapi32.dll
2009-02-25 11:05 . 2009-02-25 11:05 20920 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-02-25 11:05 . 2009-02-25 11:05 28344 ----a-w c:\windows\system32\drivers\battc.sys
2009-02-25 11:05 . 2009-02-25 11:05 14208 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-02-25 11:05 . 2009-02-25 11:05 542720 ----a-w c:\windows\System32\sysmain.dll
2009-02-25 11:05 . 2009-02-25 11:05 67584 ----a-w c:\windows\System32\wlanhlp.dll
2009-02-25 11:05 . 2009-02-25 11:05 47104 ----a-w c:\windows\System32\wlanapi.dll
2009-02-25 11:05 . 2009-02-25 11:05 502784 ----a-w c:\windows\System32\wlansvc.dll
2009-02-25 11:05 . 2009-02-25 11:05 297984 ----a-w c:\windows\System32\wlansec.dll
2009-02-25 11:05 . 2009-02-25 11:05 290816 ----a-w c:\windows\System32\wlanmsm.dll
2009-02-25 11:04 . 2009-02-25 11:04 194560 ----a-w c:\windows\System32\WebClnt.dll
2009-02-25 11:04 . 2009-02-25 11:04 110080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2009-02-25 11:03 . 2009-02-25 11:03 826368 ----a-w c:\windows\System32\wininet.dll
2009-02-25 11:03 . 2009-02-25 11:03 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-02-25 11:02 . 2009-02-25 11:02 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-25 11:02 . 2009-02-25 11:02 56320 ----a-w c:\windows\System32\iesetup.dll
2009-02-25 11:01 . 2009-02-25 11:01 49664 ----a-w c:\windows\System32\csrsrv.dll
2009-02-25 11:01 . 2009-02-25 11:01 376320 ----a-w c:\windows\System32\winsrv.dll
2009-02-25 10:58 . 2009-02-25 10:58 297472 ----a-w c:\windows\System32\gdi32.dll
2009-02-25 10:58 . 2009-02-25 10:58 211456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-02-25 10:57 . 2009-02-25 10:57 374456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2009-02-25 10:56 . 2009-02-25 10:56 28672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-02-25 10:56 . 2009-02-25 10:56 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-02-25 10:56 . 2009-02-25 10:56 449536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-02-25 10:56 . 2009-02-25 10:56 2144256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-02-25 10:56 . 2009-02-25 10:56 537600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-02-25 10:56 . 2009-02-25 10:56 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-02-25 10:56 . 2009-02-25 10:56 4247552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-02-25 10:56 . 2009-02-25 10:56 1687040 ----a-w c:\windows\System32\gameux.dll
2009-02-25 10:55 . 2009-02-25 10:55 303616 ----a-w c:\windows\System32\wmpeffects.dll
2009-02-25 10:54 . 2009-02-25 10:54 2048 ----a-w c:\windows\System32\msxml3r.dll
2009-02-25 10:54 . 2009-02-25 10:54 1194496 ----a-w c:\windows\System32\msxml3.dll
2009-02-25 10:53 . 2009-02-25 10:53 414208 ----a-w c:\windows\System32\msscp.dll
2009-02-25 10:53 . 2009-02-25 10:53 356864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2009-02-25 10:52 . 2009-02-25 10:52 392192 ----a-w c:\windows\System32\FirewallAPI.dll
2009-02-25 10:52 . 2009-02-25 10:52 86016 ----a-w c:\windows\System32\icfupgd.dll
2009-02-25 10:52 . 2009-02-25 10:52 63488 ----a-w c:\windows\system32\drivers\mpsdrv.sys
2009-01-27 01:2009-01-27 01:34 34:38 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:2009-01-27 01:34 34:38 . c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-02-25 1232896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 148888]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"EasyPHP"="c:\program files\EasyPHP 3.0\EasyPHP.exe" [2006-11-19 176128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\users\BOUARI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MSN Pictures Displayer.lnk - c:\programdata\MSN Pictures Displayer\MSN Pictures Displayer.exe [2009-4-13 4712960]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-2-14 295606]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\adlaunch32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CDE312E6-DFCB-4C93-BA96-2EE535956478}"= UDP:3703:Adobe Version Cue CS3 Server
"{D6C6A7D9-646C-4333-A1B1-C7A8D213CD45}"= UDP:3704:Adobe Version Cue CS3 Server
"{E573670A-91B3-4F02-8A47-0ABEFD39EDCB}"= UDP:50900:Adobe Version Cue CS3 Server
"{944D6592-0CA9-4140-A357-1B056F1E678F}"= UDP:50901:Adobe Version Cue CS3 Server
"{30D0A034-FF8F-4ABD-8E56-A95AF66C125D}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{EED0D1FB-D4F0-41D6-9EF9-0B4908BA9D80}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{D640AF9D-F12B-4A82-8965-5209E4A189E9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{DF04D34E-2E44-4969-A917-81F07D37714F}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{F82BA27F-14F6-4D06-9B2B-C4AE324D3B69}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{75A51634-5023-44F7-95A3-D1278719D0E5}c:\\program files\\microsoft office\\office11\\frontpg.exe"= UDP:c:\program files\microsoft office\office11\frontpg.exe:Microsoft Office FrontPage
"UDP Query User{76B429FF-0A59-4CCD-933A-1E87A7C2DA67}c:\\program files\\microsoft office\\office11\\frontpg.exe"= TCP:c:\program files\microsoft office\office11\frontpg.exe:Microsoft Office FrontPage
"TCP Query User{45E003A4-B450-4DE9-9023-60E850FF0EE1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CF0FC09A-0A2E-4881-9595-F627B7BB2838}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{75CF5360-C765-4269-8910-46967D27B0CF}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{40C9C95F-C795-464E-A84F-978C639776F0}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{AE7A8019-BA1F-41F1-B22A-EE6B8EFD17F1}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{33924B6B-42B2-424E-8347-606CCC147AC8}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{70EE3737-83EC-46F7-B8BD-693ED5C2539D}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld
"UDP Query User{582CEE1F-1855-4535-B24E-3940E2E1D77B}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 TimerStop;TimerStop;c:\windows\system32\TimerStop.sys [2006-12-18 4096]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - F-SECURE_STANDALONE_MINIFILTER
*Deregistered* - F-Secure Standalone Minifilter
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2009-04-15 c:\windows\Tasks\User_Feed_Synchronization-{80366193-39D5-47E1-BBD1-604D04710ACF}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.explorerstartpage.com/wspage.php
mStart Page = hxxp://www.explorerstartpage.com/wspage.php
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\BOUARI\AppData\Roaming\Mozilla\Firefox\Profiles\mcol19xd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 12:24
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\adlaunch32.dll
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\adlaunch32.dll
.
Completion time: 2009-04-15 12:26
ComboFix-quarantined-files.txt 2009-04-15 12:26
ComboFix2.txt 2009-04-15 12:21
Pre-Run: 38 918 578 176 octets libres
Post-Run: 38 789 304 320 octets libres
282 --- E O F --- 2009-04-13 17:05
