Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
13 replies to this topic

#1 mkache5a

mkache5a

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 14 April 2010 - 06:20 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:09, on 15/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesSGPSAie3sh.exe
C:WindowsWindowsMobilewmdc.exe
C:Windowsehomeehtray.exe
C:Program FilesSamsungSamsung New PC StudioNPSAgent.exe
C:WindowsSystem32rundll32.exe
C:WindowsSystem32mobsync.exe
C:Windowsehomeehmsas.exe
C:PROGRA~1BandooBndCore.exe
C:Windowssystem32wuauclt.exe
C:PROGRA~1FREEDO~1FDM.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesAlwil SoftwareAvast5avastUI.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowsexplorer.exe
C:Program FilesHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nixud.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:Program FilesSGPSAmtwb3sh.dll
F2 - REG:system.ini: UserInit=C:Windowssystem32ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:Program FilesSGPSASearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:Program FilesMegauploadMega ManagerMegaIEMn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:Program FilesFree Download Manageriefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:Program FilesBandooPluginsIEieplugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:Program FilesSGPSABHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:Program FilesFast Browser SearchIEFBStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:Program FilesFast Browser SearchIEFBStoolbar.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [KBD] C:HPKBDKbdStub.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [FBSSA] C:Program FilesSGPSAie3sh.exe
O4 - HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [avast5] C:PROGRA~1ALWILS~1Avast5avastUI.exe /nogui
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [AutoStartNPSAgent] C:Program FilesSamsungSamsung New PC StudioNPSAgent.exe
O4 - HKCU..Run: [Canaveral] rundll32.exe C:Windowssystem32sshnas21.dll,BackupReadW
O4 - HKCU..Run: [YVIBBBHA8C] C:UsersBOUALL~1AppDataLocalTempMc1.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:Program FilesFree Download Managerdlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:Program FilesFree Download Managerdllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:Program FilesFree Download Managerdlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:Program FilesFree Download Managerdlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...NPUpldfr-fr.cab
O17 - HKLMSystemCCSServicesTcpip..{138F757C-D94E-45A9-A699-19A017ACC2BD}: NameServer = 213.36.80.1
O17 - HKLMSystemCCSServicesTcpip..{87359ADB-C935-498D-B770-95420FC2B0E7}: NameServer = 213.36.80.1,192.168.1.1
O17 - HKLMSystemCS1ServicesTcpip..{138F757C-D94E-45A9-A699-19A017ACC2BD}: NameServer = 213.36.80.1
O17 - HKLMSystemCS2ServicesTcpip..{138F757C-D94E-45A9-A699-19A017ACC2BD}: NameServer = 213.36.80.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: c:progra~1bandoobndhook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:PROGRA~1BandooBandoo.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:Program FilesCommon FilesBOONTY SharedServiceBoonty.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:Program FilesCommon FilesPortrait DisplaysSharedDTSRVC.exe
O23 - Service: FsUsbExService - Teruten - C:Windowssystem32FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:Program FilesNOSbingetPlus_HelperSvc.exe
O23 - Service: Service Google Update (gupdate1ca342c1675384b) (gupdate1ca342c1675384b) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:Program Filesma-config.commaconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:Windowssystem32PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe

--
End of file - 11606 bytes

i have scan also with dds :
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3069.1495 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32nvvsvc.exe
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k secsvcs
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32rundll32.exe
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesSGPSAie3sh.exe
C:Windowssystem32svchost.exe -k bthsvcs
C:WindowsWindowsMobilewmdc.exe
C:Windowsehomeehtray.exe
C:Program FilesCommon FilesPortrait DisplaysSharedDTSRVC.exe
C:Windowssystem32FsUsbExService.Exe
C:Program FilesSamsungSamsung New PC StudioNPSAgent.exe
C:Windowssystem32svchost.exe -k hpdevmgmt
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:WindowsSystem32rundll32.exe
c:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe
C:WindowsSystem32svchost.exe -k HPZ12
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WindowsSystem32svchost.exe -k HPZ12
C:WindowsSystem32mobsync.exe
C:Windowsehomeehmsas.exe
C:Windowssystem32PnkBstrA.exe
C:Windowssystem32PnkBstrB.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe
C:Windowssystem32svchost.exe -k imgsvc
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:PROGRA~1BandooBandoo.exe
C:Windowssystem32WUDFHost.exe
C:Windowssystem32svchost.exe -k WindowsMobile
c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
C:PROGRA~1BandooBndCore.exe
C:Windowssystem32wuauclt.exe
C:PROGRA~1FREEDO~1FDM.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:Program FilesAlwil SoftwareAvast5avastUI.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowsexplorer.exe
C:UsersBOUALLAGUIDownloadsdds.scr
C:Windowssystem32conime.exe
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Pavilion&pf=cndt
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.nixud.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHelper Class: {91c18ed5-5e1c-4ae5-a148-a861de8c8e16} - c:program filessgpsamtwb3sh.dll
mWinlogon: Userinit=c:windowssystem32ezShellStart.exe
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:program filessgpsaSearchAssistant.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:program filesmegauploadmega managerMegaIEMn.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:program filesfree download manageriefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:program filesbandoopluginsieieplugin.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:program filessgpsaBHO.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:program filesfast browser searchieFBStoolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:program filesfast browser searchieFBStoolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [AutoStartNPSAgent] c:program filessamsungsamsung new pc studioNPSAgent.exe
uRun: [Canaveral] rundll32.exe c:windowssystem32sshnas21.dll,BackupReadW
uRun: [YVIBBBHA8C] c:usersbouall~1appdatalocaltempMc1.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [KBD] c:hpkbdKbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [FBSSA] c:program filessgpsaie3sh.exe
mRun: [NPSStartup]
mRun: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
mRun: [avast5] c:progra~1alwils~1avast5avastUI.exe /nogui
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:progra~1micros~3office11EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:program fileswidcommbluetooth softwarebtsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:program fileswidcommbluetooth softwarebtsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:program filesfree download managerdlall.htm
IE: Télécharger avec Free Download Manager - file://c:program filesfree download managerdllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:program filesfree download managerdlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:program filesfree download managerdlfvideo.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:program fileswidcommbluetooth softwarebtsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:windowswindowsmobileINetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:windowswindowsmobileINetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~3office11REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
TCP: {138F757C-D94E-45A9-A699-19A017ACC2BD} = 213.36.80.1
TCP: {87359ADB-C935-498D-B770-95420FC2B0E7} = 213.36.80.1,192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
AppInit_DLLs: c:progra~1bandoobndhook.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:windowssystem32EZUPBH~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:usersbouall~1appdataroamingmozillafirefoxprofilestbulgkjh.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D8A1E761-E3BB-AA27-A854-B949A24AE7AA}&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:program filesfree download managerfirefoxextensioncomponentsvmsfdmff.dll
FF - component: c:usersbouallaguiappdataroamingmozillafirefoxprofilestbulgkjh.defaultextensions{77fa6d19-31f1-42a2-af61-f5c03a085e06}componentsFFExternalAlert.dll
FF - component: c:usersbouallaguiappdataroamingmozillafirefoxprofilestbulgkjh.defaultextensionsfirefox@bandoo.comcomponentsFFPlugin.dll
FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll
FF - plugin: c:program filesgoogleupdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:program filesma-config.comnphardwaredetection.dll
FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-4-15 162768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2010-4-15 19024]
R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2010-4-15 51792]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-4-15 40384]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:windowssystem32svchost.exe -k netsvcs [2008-1-21 21504]
R2 FsUsbExService;FsUsbExService;c:windowssystem32FsUsbExService.Exe [2010-3-20 237984]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-4-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-4-15 40384]
R3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.Sys [2010-3-20 36608]
R3 hxctlflt;hxctlflt;c:windowssystem32drivershxctlflt.sys [2009-2-8 99968]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:windowssystem32driversnetr73.sys [2008-9-6 493568]
R4 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2010-1-3 56816]
S2 gupdate1ca342c1675384b;Service Google Update (gupdate1ca342c1675384b);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-13 133104]
S3 Boonty Games;Boonty Games;c:program filescommon filesboonty sharedserviceBoonty.exe [2008-12-17 69120]
S3 CH341SER;CH341SER;c:windowssystem32driversCH341SER.SYS [2009-10-12 39632]
S3 fssfltr;FssFltr;c:windowssystem32driversfssfltr.sys [2009-11-18 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:program fileswindows livefamily safetyfsssvc.exe [2009-8-5 704864]
S3 maconfservice;Ma-Config Service;c:program filesma-config.commaconfservice.exe [2009-9-23 238960]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:progra~1pc-doc~1PCD5SRVC.pkms [2008-5-22 20640]

=============== Created Last 30 ================

2010-04-14 22:41:39 0 d-----w- c:program filesTrendMicro
2010-04-14 22:03:59 51792 ----a-w- c:windowssystem32driversaswMonFlt.sys
2010-04-14 22:02:26 0 d-----w- c:programdataAlwil Software
2010-04-14 21:58:25 184 ----a-w- C:xwÑøäq
2010-04-12 09:53:39 183 ----a-w- C:Awuö¸r
2010-04-11 00:35:00 182 ----a-w- C:¦wj3ºq
2010-04-11 00:33:13 183 ----a-w- C:¦w
2010-04-11 00:31:13 183 ----a-w- C:¦wª0Yq
2010-04-10 23:23:27 184 ----a-w- C:¦w?°åq
2010-04-09 19:26:03 191 ----a-w- C:¶wî£?q
2010-04-09 19:24:47 183 ----a-w- C:¶wf¾?q
2010-04-09 19:23:28 182 ----a-w- C:¶w&¼?q
2010-04-09 19:22:56 192 ----a-w- C:¶w? ùy
2010-04-09 19:20:50 192 ----a-w- C:¶wþ¢òy
2010-04-09 19:20:23 183 ----a-w- C:¶wV¡?q
2010-04-09 19:17:49 183 ----a-w- C:¶wV½?q
2010-04-09 19:16:26 191 ----a-w- C:¶w?¦{q
2010-04-09 19:07:27 729 ----a-w- C:¶w
2010-04-08 22:16:55 191 ----a-w- C:$w?NCq
2010-04-08 22:13:31 192 ----a-w- C:$wn?gq
2010-04-08 22:11:41 191 ----a-w- C:$wÂchq
2010-04-04 15:02:33 190 ----a-w- C:¿w?bVp
2010-04-04 14:57:48 191 ----a-w- C:¿wÔ`Vp
2010-04-04 14:54:56 192 ----a-w- C:¿wS~5~
2010-04-04 14:48:21 191 ----a-w- C:¿wweýp
2010-04-04 14:42:41 192 ----a-w- C:¿w£yüp
2010-04-04 14:41:32 915 ----a-w- C:¿w
2010-04-03 22:30:35 191 ----a-w- C:,w?2Ïr
2010-04-03 08:55:51 372 ----a-w- C:,w
2010-04-03 01:48:50 0 d-----w- C:tt
2010-03-30 23:34:24 192 ----a-w- C:ðv.æÑr
2010-03-30 23:34:16 193 ----a-w- C:ðvZ%r
2010-03-30 22:18:28 184 ----a-w- C:ðv
2010-03-25 23:42:57 0 d-----w- C:divx
2010-03-20 23:44:30 0 ---ha-w- c:windowssystem32driversMsft_User_WpdRapi2_01_00_00.Wdf
2010-03-20 00:37:09 0 d-----w- c:programdataPC Suite
2010-03-20 00:12:46 319456 ----a-w- c:windowssystem32DIFxAPI.dll
2010-03-20 00:12:34 90624 ----a-w- c:windowssystem32nmwcdcls.dll
2010-03-20 00:12:30 21632 ----a-w- c:windowssystem32driverspccsmcfd.sys
2010-03-20 00:11:19 59 ----a-w- c:windowswininit.ini
2010-03-20 00:10:35 36608 ----a-w- c:windowssystem32FsUsbExDisk.Sys
2010-03-20 00:10:35 237984 ----a-w- c:windowssystem32FsUsbExService.Exe
2010-03-20 00:10:35 110592 ----a-w- c:windowssystem32FsUsbExDevice.Dll
2010-03-20 00:10:24 0 d-----w- c:usersbouall~1appdataroamingSamsung
2010-03-20 00:09:41 0 d-----w- c:program filesMarkAny
2010-03-20 00:09:38 0 d-----w- c:program filesPC Connectivity Solution
2010-03-19 23:58:20 0 d-----w- c:program filesWindows Mobile Device Handbook
2010-03-19 09:56:47 183 ----a-w- C:-wXd?u
2010-03-17 23:23:04 183 ----a-w- C:ÛwWÿ;u

==================== Find3M ====================

2010-04-14 21:59:49 718792 ----a-w- c:windowssystem32perfh00C.dat
2010-04-14 21:59:49 141870 ----a-w- c:windowssystem32perfc00C.dat
2010-04-14 21:52:39 3219238912 --sha-w- C:hiberfil.sys
2010-04-14 21:52:37 3533123584 --sha-w- C:pagefile.sys
2010-04-02 06:15:20 86016 ----a-w- c:windowsinfinfpub.dat
2010-04-02 06:15:20 143360 ----a-w- c:windowsinfinfstrng.dat
2010-04-02 06:15:19 143360 ----a-w- c:windowsinfinfstor.dat
2010-02-24 09:16:06 181632 ------w- c:windowssystem32MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:windowssystem32wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:windowssystem32iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:windowssystem32iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:windowssystem32ieUnatt.exe
2010-02-20 23:39:35 24064 ----a-w- c:windowssystem32nshhttp.dll
2010-02-20 23:37:20 31232 ----a-w- c:windowssystem32httpapi.dll
2010-02-20 21:18:40 411136 ----a-w- c:windowssystem32drivershttp.sys
2010-02-17 10:55:56 588472 ----a-w- c:windowssystem32ezsvc7x.dll
2010-02-12 10:48:12 293376 ----a-w- c:windowssystem32browserchoice.exe
2010-02-11 00:21:16 665600 ----a-w- c:windowsinfdrvindex.dat
2010-01-25 12:48:34 472576 ----a-w- c:windowssystem32secproc_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:windowssystem32secproc_ssp_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:windowssystem32secproc_ssp.dll
2010-01-25 12:48:06 472064 ----a-w- c:windowssystem32secproc.dll
2010-01-25 12:45:56 329216 ----a-w- c:windowssystem32msdrm.dll
2010-01-25 08:35:01 346624 ----a-w- c:windowssystem32RMActivate_ssp_isv.exe
2010-01-25 08:35:00 523776 ----a-w- c:windowssystem32RMActivate_isv.exe
2010-01-25 08:34:56 511488 ----a-w- c:windowssystem32RMActivate.exe
2010-01-25 08:34:56 347136 ----a-w- c:windowssystem32RMActivate_ssp.exe
2010-01-23 09:44:02 2048 ----a-w- c:windowssystem32tzres.dll
2008-09-06 11:24:28 37390 ----a-w- c:windowsinfperflib040cperfd.dat
2008-09-06 11:24:28 37390 ----a-w- c:windowsinfperflib040cperfc.dat
2008-09-06 11:24:28 340236 ----a-w- c:windowsinfperflib040cperfi.dat
2008-09-06 11:24:28 340236 ----a-w- c:windowsinfperflib040cperfh.dat
2008-01-21 02:43:21 174 --sha-w- c:program filesdesktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2009-11-03 06:19:04 245760 --sha-w- c:windowsserviceprofilesnetworkserviceappdataroamingmicrosoftwindowsietldcacheindex.dat
2008-09-06 11:39:43 8192 --sha-w- c:windowsusersdefaultNTUSER.DAT

============= FINISH: 1:29:10,45 ===============
attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: DeviceHarddiskVolume1
Install Date: 16/09/2008 10:08:50
System Uptime: 14/04/2010 23:52:21 (2 hours ago)

Motherboard: FOXCONN | | Irvine
Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 165,162 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1,702 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6 - Français
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
Assistant de connexion Windows Live
AutoUpdate
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bandoo
Bonjour
BufferChm
C3100
c3100_Help
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CDBurnerXP
Copy
CursorXP
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DocProc
DocProcQFolder
DVB Dream version 1.4i
EBP Comptabilité et Facturation
eMule
eSupportQFolder
Fast Browser Search (My Tattoons)
Favorit
Fax
Free Download Manager 3.0
Gadget Documents récents Microsoft Office 2007
Galerie de photos Windows Live
Gestionnaire pour appareils Windows Mobile
Google Chrome
Google Earth
Google Update Helper
H.264 Decoder
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 8.0
HP Demo
HP Easy Setup - Frontend
HP Imaging Device Functions 8.0
HP My Display
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Picasso Media Center Add-In
HP Product Assistant
HP Product Detection
HP Recovery Manager RSS
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Installation Windows Live
iTunes
Java™ 6 Update 17
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
LabelPrint
LG PC Suite II
LG USB Modem driver
LightScribe System Software
LimeWire 5.1.2
Ma-Config.com
Macromedia Extension Manager
Magic Desktop
MAGIX 3D Maker Trial 6.0.0.4 (F)
Manuel de l'appareil Windows Mobile®
MarketResearch
Mega Manager
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft Works
MKV Splitter
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Mozilla Firefox (3.5.9)
MSN Reaper
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Nero ShowTime CE
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Outil de téléchargement Windows Live
Outils de diagnostic du matériel
Package de pilotes Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
PC Connectivity Solution
PhotoFiltre
Port Splitter
Power2Go
PowerDirector
PSSWCORE
PunkBuster Services
Python 2.5.2
QuickTime
RealPlayer
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Driver
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung PC Studio 3 USB Driver Installer
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Scan
SDK
Skype™ 4.0
Solution de clavier multimédia amélioré
SolutionCenter
sp41121
sp44626
SPORE Creature Creator Trial Edition
Status
Stereoscopic Player
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB to Serial Cable Driver
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Version de démonstration de Microsoft Office Home and Student 2007
VideoToolkit01
VLC media player 0.9.8a
WebReg
WIDCOMM Bluetooth Software 6.0.1.6300
Windows Live Call
Windows Live Communications Platform
Windows Live Contrôle parental
Windows Live FolderShare
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Toolbar
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Mobile Device Center Driver Update
Xilisoft Video Converter Ultimate

==== End Of File ===========================



please help me
thank you

Edit: Please don't bump your topic or you will have to wait longer for help. ~BP

Edited by Budapest, 15 April 2010 - 06:19 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 AM

Posted 18 April 2010 - 01:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 mkache5a

mkache5a
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 19 April 2010 - 02:17 PM

thank you for help this is the results:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 21:06:37
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\BOUALL~1\AppData\Local\Temp\fxlyqkog.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747988B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747D98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7479B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7478FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74797A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7478EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747CB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7479BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7479074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747906B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7481D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747B7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7478E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7478697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74792465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a84d165
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a84d165@001ee221ba35 0x83 0xB5 0xD4 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a84d165@001f013859c7 0xB0 0x12 0x44 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a84d165@001247e6069c 0x82 0x26 0xFE 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a84d165@002491f4dbb8 0xCF 0xDF 0x63 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a84d165@002566d84076 0x7C 0xA9 0x29 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE0 0x88 0xB6 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x43 0x6A 0x45 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x65 0x1B 0x1E ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a84d165 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a84d165@001ee221ba35 0x83 0xB5 0xD4 0xF8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a84d165@001f013859c7 0xB0 0x12 0x44 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a84d165@001247e6069c 0x82 0x26 0xFE 0xFC ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a84d165@002491f4dbb8 0xCF 0xDF 0x63 0x4B ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a84d165@002566d84076 0x7C 0xA9 0x29 0xE1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE0 0x88 0xB6 0x21 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x43 0x6A 0x45 0x4D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x65 0x1B 0x1E ...

---- EOF - GMER 1.0.15 ----


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:15 on 19/04/2010 (BOUALLAGUI)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 AM

Posted 19 April 2010 - 03:25 PM

No rootkits but some obviously suspect stuff in the DDS.

Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Posted Image
m0le is a proud member of UNITE

#5 mkache5a

mkache5a
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 19 April 2010 - 04:52 PM

THANK YOU THIS IS THE RESULTS:
ComboFix 10-04-18.04 - BOUALLAGUI 19/04/2010 23:04:57.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3069.1706 [GMT 2:00]
Lancé depuis: c:\users\BOUALLAGUI\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1107729293-1374532846-2533309393-1000
c:\$recycle.bin\S-1-5-21-1884331166-11208692-367647030-500
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider01.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider05.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider08.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider14.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\ie3sh.exe
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\Provider01.xml
c:\program files\Fast Browser Search\IE\Provider05.xml
c:\program files\Fast Browser Search\IE\Provider08.xml
c:\program files\Fast Browser Search\IE\Provider14.xml
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SearchProvider01.xml
c:\program files\Fast Browser Search\IE\SearchProvider05.xml
c:\program files\Fast Browser Search\IE\SearchProvider08.xml
c:\program files\Fast Browser Search\IE\SearchProvider14.xml
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\ie3sh.exe
c:\program files\SGPSA\mtwb3sh.dll
c:\program files\SGPSA\SearchAssistant.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2010-03-19 au 2010-04-19 ))))))))))))))))))))))))))))))))))))
.

2010-04-19 21:14 . 2010-04-19 21:17 -------- d-----w- c:\users\BOUALLAGUI\AppData\Local\temp
2010-04-19 21:14 . 2010-04-19 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 17:36 . 2010-04-19 17:36 93056 ----a-w- C:\fxlyqkog.sys
2010-04-14 23:49 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 23:49 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 23:49 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 23:49 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 23:49 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 23:49 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 23:49 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 23:49 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 23:49 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 22:41 . 2010-04-14 22:41 -------- d-----w- c:\program files\TrendMicro
2010-04-14 22:04 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 22:04 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 22:04 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 22:04 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 22:03 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-14 22:02 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 22:02 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 22:02 . 2010-04-14 22:02 -------- d-----w- c:\programdata\Alwil Software
2010-04-14 09:07 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 09:07 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-03 01:48 . 2010-04-03 01:49 -------- d-----w- C:\tt
2010-03-25 23:42 . 2010-04-03 22:41 -------- d-----w- C:\divx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 21:15 . 2008-12-25 13:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-19 21:15 . 2009-05-26 17:09 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Free Download Manager
2010-04-19 19:15 . 2008-09-06 11:24 718792 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-19 19:15 . 2008-09-06 11:24 141870 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-19 17:16 . 2008-12-16 21:25 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\LimeWire
2010-04-18 23:02 . 2009-02-21 17:07 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Skype
2010-04-18 23:01 . 2009-02-21 22:06 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\skypePM
2010-04-15 10:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 22:02 . 2009-08-30 01:14 -------- d-----w- c:\program files\Alwil Software
2010-04-03 22:26 . 2010-04-03 22:25 21292528 ----a-w- c:\users\BOUALLAGUI\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe
2010-03-20 23:44 . 2010-03-20 23:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-03-20 00:37 . 2010-03-20 00:37 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\PC Suite
2010-03-20 00:37 . 2010-03-20 00:37 -------- d-----w- c:\programdata\PC Suite
2010-03-20 00:12 . 2009-04-18 06:12 -------- d-----w- c:\program files\Samsung
2010-03-20 00:12 . 2010-03-20 00:10 -------- d-----w- c:\program files\DIFX
2010-03-20 00:12 . 2010-03-20 00:09 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-20 00:10 . 2010-03-20 00:10 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Samsung
2010-03-20 00:09 . 2008-09-06 02:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-20 00:09 . 2010-03-20 00:09 -------- d-----w- c:\program files\MarkAny
2010-03-19 23:58 . 2010-03-19 23:58 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2010-03-13 00:20 . 2008-12-16 23:08 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Apple Computer
2010-02-27 21:46 . 2010-02-27 21:46 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Stereoscopic Player
2010-02-27 21:45 . 2010-02-27 21:45 -------- d-----w- c:\program files\Stereoscopic Player
2010-02-24 13:56 . 2009-09-19 08:45 118256 ----a-w- c:\users\BOUALLAGUI\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-02 15:44 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 09:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-11 09:14 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 09:14 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 09:14 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-17 10:55 . 2008-09-06 02:24 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-02-12 10:48 . 2010-03-04 11:18 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:48 . 2010-02-23 22:24 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-23 22:24 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-23 22:24 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-23 22:24 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-23 22:24 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-23 22:24 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:24 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-23 22:24 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-23 22:24 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-23 22:25 2048 ----a-w- c:\windows\system32\tzres.dll
2008-09-06 11:39 . 2008-09-06 11:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2009-12-16 23:31 2073024 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-13 106904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-17 13535776]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:French /KBD:2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^La Solution Ciel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\La Solution Ciel.lnk
backup=c:\windows\pss\La Solution Ciel.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-06-29 16:56 278528 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-02-27 17:46 3399727 ----a-w- c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 13:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-01-12 10:27 972344 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-06-02 07:28 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-17 12:21 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-17 11:30 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca342c1675384b;Service Google Update (gupdate1ca342c1675384b);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 133104]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2009-06-02 39632]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-09-23 238960]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-05-22 20640]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-29 717296]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-13 237984]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 99968]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 04:38]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 04:38]

2010-04-18 c:\windows\Tasks\User_Feed_Synchronization-{8DCD1CD8-9DC4-4FA5-93C0-CFA5AF43E649}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.nixud.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {138F757C-D94E-45A9-A699-19A017ACC2BD} = 213.36.80.1
TCP: {87359ADB-C935-498D-B770-95420FC2B0E7} = 213.36.80.1,192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\BOUALLAGUI\AppData\Roaming\Mozilla\Firefox\Profiles\tbulgkjh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D8A1E761-E3BB-AA27-A854-B949A24AE7AA}&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\users\BOUALLAGUI\AppData\Roaming\Mozilla\Firefox\Profiles\tbulgkjh.default\extensions\{77fa6d19-31f1-42a2-af61-f5c03a085e06}\components\FFExternalAlert.dll
FF - component: c:\users\BOUALLAGUI\AppData\Roaming\Mozilla\Firefox\Profiles\tbulgkjh.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-Canaveral - c:\windows\system32\sshnas21.dll
MSConfigStartUp-ieyocie - c:\users\bouallagui\appdata\local\ieyocie.exe
MSConfigStartUp-ubpwdrh - c:\users\bouallagui\appdata\local\ubpwdrh.exe
AddRemove-DVB Dream_is1 - c:\dvbdream\unins000.exe
AddRemove-Free Download Manager - c:\program files\Free Download Manager\uninst.exe
AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
AddRemove-ubpwdrh - c:\users\bouallagui\appdata\local\vmdsj.bat



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 23:19
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?A861DE8C8E16}?????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2475932755-273297265-1281367313-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,f6,dc,f6,58,9c,23,69,88,56,99,ff,e7,65,76,86,19,27,49,5d,84,
df,1e,97,35,87,e8,7d,1a,cb,e7,35,6b,8b,c7,bc,cf,ff,4b,80,d3,96,2f,72,24,1f,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3500)
c:\windows\system32\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\progra~1\Bandoo\Bandoo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Heure de fin: 2010-04-19 23:27:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-19 21:27

Avant-CF: 202 839 863 296 octets libres
Après-CF: 202 472 964 096 octets libres

- - End Of File - - EF96D6033190550B84070DD4A1C0A99C


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 AM

Posted 19 April 2010 - 05:19 PM

One more run of Combofix now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
C:\fxlyqkog.sys

Folder::
c:\program files\SGPSA

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FBSSA"=-

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{83da6326-97a6-4088-9453-
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Device Parameters\MODES]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 mkache5a

mkache5a
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 19 April 2010 - 06:20 PM

thank you this is the results:




ComboFix 10-04-18.04 - BOUALLAGUI 20/04/2010 1:05.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3069.1992 [GMT 2:00]
Lancé depuis: c:\users\BOUALLAGUI\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\BOUALLAGUI\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé

FILE ::
"C:\fxlyqkog.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fxlyqkog.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-19 au 2010-04-19 ))))))))))))))))))))))))))))))))))))
.

2010-04-19 23:11 . 2010-04-19 23:12 -------- d-----w- c:\users\BOUALLAGUI\AppData\Local\temp
2010-04-19 23:11 . 2010-04-19 23:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-19 23:11 . 2010-04-19 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-14 23:49 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 23:49 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 23:49 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 23:49 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 23:49 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 23:49 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 23:49 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 23:49 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 23:49 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 22:41 . 2010-04-14 22:41 -------- d-----w- c:\program files\TrendMicro
2010-04-14 22:04 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 22:04 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 22:04 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 22:04 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 22:03 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-14 22:02 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 22:02 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 22:02 . 2010-04-14 22:02 -------- d-----w- c:\programdata\Alwil Software
2010-04-14 09:07 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 09:07 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-03 22:25 . 2010-04-03 22:26 21292528 ----a-w- c:\users\BOUALLAGUI\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe
2010-04-03 01:48 . 2010-04-03 01:49 -------- d-----w- C:\tt
2010-03-25 23:42 . 2010-04-03 22:41 -------- d-----w- C:\divx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 21:50 . 2008-09-06 11:24 718792 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-19 21:50 . 2008-09-06 11:24 141870 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-19 21:39 . 2008-12-25 13:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-19 21:15 . 2009-05-26 17:09 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Free Download Manager
2010-04-19 17:16 . 2008-12-16 21:25 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\LimeWire
2010-04-18 23:02 . 2009-02-21 17:07 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Skype
2010-04-18 23:01 . 2009-02-21 22:06 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\skypePM
2010-04-15 10:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 22:02 . 2009-08-30 01:14 -------- d-----w- c:\program files\Alwil Software
2010-03-20 23:44 . 2010-03-20 23:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-03-20 00:37 . 2010-03-20 00:37 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\PC Suite
2010-03-20 00:37 . 2010-03-20 00:37 -------- d-----w- c:\programdata\PC Suite
2010-03-20 00:12 . 2009-04-18 06:12 -------- d-----w- c:\program files\Samsung
2010-03-20 00:12 . 2010-03-20 00:10 -------- d-----w- c:\program files\DIFX
2010-03-20 00:12 . 2010-03-20 00:09 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-20 00:10 . 2010-03-20 00:10 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Samsung
2010-03-20 00:09 . 2008-09-06 02:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-20 00:09 . 2010-03-20 00:09 -------- d-----w- c:\program files\MarkAny
2010-03-19 23:58 . 2010-03-19 23:58 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2010-03-13 00:20 . 2008-12-16 23:08 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Apple Computer
2010-02-27 21:46 . 2010-02-27 21:46 -------- d-----w- c:\users\BOUALLAGUI\AppData\Roaming\Stereoscopic Player
2010-02-27 21:45 . 2010-02-27 21:45 -------- d-----w- c:\program files\Stereoscopic Player
2010-02-24 13:56 . 2009-09-19 08:45 118256 ----a-w- c:\users\BOUALLAGUI\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-02 15:44 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 09:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-11 09:14 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 09:14 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 09:14 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-17 10:55 . 2008-09-06 02:24 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-02-12 10:48 . 2010-03-04 11:18 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-11 00:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-25 12:48 . 2010-02-23 22:24 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-23 22:24 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-23 22:24 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-23 22:24 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-23 22:24 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-23 22:24 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:24 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-23 22:24 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-23 22:24 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-23 22:25 2048 ----a-w- c:\windows\system32\tzres.dll
2008-09-06 11:39 . 2008-09-06 11:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2009-12-16 23:31 2073024 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-13 106904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-17 13535776]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:French /KBD:2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^La Solution Ciel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\La Solution Ciel.lnk
backup=c:\windows\pss\La Solution Ciel.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-06-29 16:56 278528 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-02-27 17:46 3399727 ----a-w- c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 13:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-01-12 10:27 972344 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-06-02 07:28 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-17 12:21 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-17 11:30 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca342c1675384b;Service Google Update (gupdate1ca342c1675384b);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 133104]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2009-06-02 39632]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-09-23 238960]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-05-22 20640]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-29 717296]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-13 237984]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 99968]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 04:38]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 04:38]

2010-04-18 c:\windows\Tasks\User_Feed_Synchronization-{8DCD1CD8-9DC4-4FA5-93C0-CFA5AF43E649}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.nixud.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {138F757C-D94E-45A9-A699-19A017ACC2BD} = 213.36.80.1
TCP: {87359ADB-C935-498D-B770-95420FC2B0E7} = 213.36.80.1,192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\BOUALLAGUI\AppData\Roaming\Mozilla\Firefox\Profiles\tbulgkjh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D8A1E761-E3BB-AA27-A854-B949A24AE7AA}&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\users\BOUALLAGUI\AppData\Roaming\Mozilla\Firefox\Profiles\tbulgkjh.default\extensions\{77fa6d19-31f1-42a2-af61-f5c03a085e06}\components\FFExternalAlert.dll
FF - component: c:\users\BOUALLAGUI\AppData\Roaming\Mozilla\Firefox\Profiles\tbulgkjh.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 01:12
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2475932755-273297265-1281367313-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,f6,dc,f6,58,9c,23,69,88,56,99,ff,e7,65,76,86,19,27,49,5d,84,
df,1e,97,35,87,e8,7d,1a,cb,e7,35,6b,8b,c7,bc,cf,ff,4b,80,d3,96,2f,72,24,1f,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
@DACL=(02 0000)
"Type"=hex:10,00,00,00
"Data"=hex:00,80,8c,a3,c5,94,c6,01

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:36,00,2e,00,30,00,2e,00,36,00,30,00,30,00,31,00,2e,00,31,00,38,00,
30,00,30,00,30,00,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:4d,00,6f,00,6e,00,69,00,74,00,65,00,75,00,72,00,20,00,6e,00,6f,00,
6e,00,20,00,50,00,6c,00,75,00,67,00,2d,00,61,00,6e,00,64,00,2d,00,50,00,6c,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,2e,00,69,00,6e,00,66,00,
00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:4e,00,6f,00,6e,00,50,00,6e,00,50,00,4d,00,6f,00,6e,00,69,00,74,00,
6f,00,72,00,2e,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,5c,00,64,00,65,00,66,00,
61,00,75,00,6c,00,74,00,5f,00,6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000E\00000000]
@DACL=(02 0000)
"Type"=hex:07,00,00,00
"Data"=hex:00,00,ff,0d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6f,00,65,00,6d,00,33,00,33,00,2e,00,69,00,6e,00,66,00,3a,00,48,00,
50,00,3a,00,77,00,32,00,30,00,30,00,37,00,5f,00,41,00,2e,00,49,00,6e,00,73,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
@DACL=(02 0000)
"Type"=hex:10,00,00,00
"Data"=hex:00,c0,e1,a4,db,14,c7,01

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:32,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:48,00,50,00,20,00,77,00,32,00,30,00,30,00,37,00,20,00,57,00,69,00,
64,00,65,00,20,00,4c,00,43,00,44,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6f,00,65,00,6d,00,33,00,33,00,2e,00,69,00,6e,00,66,00,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:77,00,32,00,30,00,30,00,37,00,5f,00,41,00,2e,00,49,00,6e,00,73,00,
74,00,61,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,5c,00,68,00,77,00,70,00,
32,00,36,00,61,00,36,00,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:48,00,50,00,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&21cbbf5a&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000E\00000000]
@DACL=(02 0000)
"Type"=hex:07,00,00,00
"Data"=hex:00,00,ff,0d
.
Heure de fin: 2010-04-20 01:14:51
ComboFix-quarantined-files.txt 2010-04-19 23:14
ComboFix2.txt 2010-04-19 21:27

Avant-CF: 245 281 325 056 octets libres
Après-CF: 245 249 187 840 octets libres

- - End Of File - - D42F99214236A4DB96C91C0E60904AB7


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 AM

Posted 19 April 2010 - 06:44 PM

Good. Let's run an online scan with ESET

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found there will be no option to export the text file as no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#9 mkache5a

mkache5a
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 20 April 2010 - 04:47 AM

thank you this is the results:



C:\Users\BOUALLAGUI\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1a8a8b6d-77275d4e OSX/Exploit.Smid.B trojan deleted - quarantined

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 AM

Posted 20 April 2010 - 02:59 PM

That looks good.

How is the PC running now?
Posted Image
m0le is a proud member of UNITE

#11 mkache5a

mkache5a
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 20 April 2010 - 04:43 PM

thank you thank you thumbup.gif thumbup.gif thumbup.gif
the computer is good

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 AM

Posted 20 April 2010 - 04:50 PM

Let's clear up then smile.gif

You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it mkache5a, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 mkache5a

mkache5a
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 21 April 2010 - 05:33 PM

thank you thank you clapping.gif clapping.gif clapping.gif clapping.gif very much thumbup.gif thumbup.gif thumbup.gif

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 AM

Posted 25 April 2010 - 06:54 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users