Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus or Trojan ?

Started by kamel , Aug 19 2009 02:48 PM

  • Please log in to reply

#1
kamel
Posted 19 August 2009 - 02:48 PM

kamel

    Member

  • Member
  • PipPip
  • 16 posts
Good evening!

Kamel Therefore, I write in french and I translate into English!
Thank you Google ...
Just by downloading a PDF, Google is blocking the download and the URL has changed: "Http: / / google.sorry ..."

For Google, there are traces of Trojan or spyware!
Avira no longer work and seems powerless!
I tried the scan "Online", it took me over 48 hours!

- I tried CCleaner and then I went to Spybot Mbam then! Ad-Aware can not start ...

Well, thank you to Geeks to Go Guide for its "Spyware and Malware Cleaning Guide" ...

1/Voici therefore report MBAM (updated):

-Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 2

8/19/2009 20:35:11
mbam-log-2009-08-19 (20-35-11).txt

Type de recherche: Examen rapide
Eléments examinés: 177371
Temps écoulé: 5 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



2/Celui of RootRepeal:

- ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/19 20:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7047000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA64E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP7740
Image Path: \Driver\PCI_PNP7740
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xADAED000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spgk.sys
Image Path: spgk.sys
Address: 0xB9EA7000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xba7f6d76

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba7f6d6c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xba7f6d7b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xba7f6d85

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spgk.sys" at address 0xb9ec6ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spgk.sys" at address 0xb9ec7030

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xba7f6d8a

#: 119 Function Name: NtOpenKey
Status: Hooked by "spgk.sys" at address 0xb9ea80c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba7f6d58

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba7f6d5d

#: 160 Function Name: NtQueryKey
Status: Hooked by "spgk.sys" at address 0xb9ec7108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spgk.sys" at address 0xb9ec6f88

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xba7f6d94

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xba7f6d8f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xba7f6d80

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xba7f6d67

Hidden Services
-------------------
Service Name: 52138324
Image Path: C:\WINDOWS\System32\drivers\52138324.sys

Service Name: a2AntiDialer
Image Path: "C:\Program Files\a-squared Anti-Dialer\a2service.exe"

Service Name: Aavmker4
Image Path: C:\WINDOWS\system32\drivers\Aavmker4.sys

Service Name: aswFsBlk
Image Path: system32\DRIVERS\aswFsBlk.sys

Service Name: aswMon2
Image Path: C:\WINDOWS\system32\drivers\aswMon2.sys

Service Name: aswRdr
Image Path: C:\WINDOWS\system32\drivers\aswRdr.sys

Service Name: aswSP
Image Path: C:\WINDOWS\system32\drivers\aswSP.sys

Service Name: aswTdi
Image Path: C:\WINDOWS\system32\drivers\aswTdi.sys

Service Name: aswUpdSv
Image Path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

Service Name: avast! Mail Scanner
Image Path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

Service Name: avast! Web Scanner
Image Path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

Service Name: AVG Anti-Spyware Driver
Image Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

Service Name: AVG Anti-Spyware Guard
Image Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

Service Name: AvgAsCln
Image Path: System32\DRIVERS\AvgAsCln.sys

Service Name: NTSPPPOE
Image Path: system32\DRIVERS\ntspppoe.sys

Service Name: NTSVPN
Image Path: system32\DRIVERS\ntsvpn.sys

Service Name: PPPoEService
Image Path: C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

Service Name: raogthal
Image Path: system32\drivers\raogthal.sys

Service Name: RAWESR
Image Path: C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS

Service Name: TAPBIND
Image Path: C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS

Service Name: {2F7BA288-0E99-4B31-B766-3B5D978D6775}
Image Path: C:\WINDOWS\system32\drivers\{2F7BA288-0E99-4B31-B766-3B5D978D6775}.sys

Service Name: {CD8C252F-BBD3-4759-ABC9-03CE36D77D89}
Image Path: C:\WINDOWS\system32\drivers\{CD8C252F-BBD3-4759-ABC9-03CE36D77D89}.sys

Service Name: {E27A09BA-E7A9-4CA3-B309-867658A21983}
Image Path: C:\WINDOWS\system32\drivers\{E27A09BA-E7A9-4CA3-B309-867658A21983}.sys

==EOF==

3/Enfin, the OTL:

- OTL logfile created on: 8/19/2009 21:12:01 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = D:\MesDocuments\Downloads\Programs
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 66.51% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.65% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.76 Gb Total Space | 3.64 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive D: | 42.76 Gb Total Space | 0.59 Gb Free Space | 1.37% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4.13 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCE2005
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/10/16 11:14:23 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/07/18 22:12:27 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/08/18 22:46:29 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2004/08/10 03:04:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/10 06:29:12 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/26 21:26:27 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/06/13 14:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/10 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/03/26 21:26:27 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/02/06 00:30:52 | 00,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\S3Trayp.exe
PRC - [2000/04/24 19:34:26 | 00,937,984 | ---- | M] (Babylon Ltd.) -- C:\Program Files\Babylon Translator\babylon.exe
PRC - [2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2009/07/28 09:25:48 | 02,799,024 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/02/18 14:01:01 | 00,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/08/04 21:30:08 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/08/19 21:04:27 | 00,514,048 | ---- | M] (OldTimer Tools) -- D:\MesDocuments\Downloads\Programs\OTL.exe
PRC - [2004/08/10 12:00:00 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2004/08/10 12:00:00 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/16 11:14:23 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2009/07/18 22:12:27 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/08/18 22:46:29 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (BlueSoleil Hid Service [Disabled | Stopped])
SRV - [2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/08/10 03:04:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/08/10 06:29:12 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2004/08/10 12:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/26 21:26:27 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2004/08/10 06:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/10/13 13:36:55 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Running])
SRV - File not found -- -- (oad [On_Demand | Stopped])
SRV - File not found -- -- (osagent [On_Demand | Stopped])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - File not found -- -- (StarWindServiceAE [Auto | Stopped])
SRV - [2005/01/28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - File not found -- -- (WmiApSrv [On_Demand | Stopped])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/01/07 19:47:12 | 00,315,264 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Administrateur\Local Settings\temp\0290461250711676mcinst.exe -- (0290461250711676mcinstcleanup [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.08
FF - prefs.js..extensions.enabledItems: [email protected]:6.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/11 20:14:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/26 21:26:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/19 21:11:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 21:30:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 21:30:15 | 00,000,000 | ---D | M]

[2009/07/06 18:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Extensions
[2009/07/06 18:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/19 20:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\1wlss3vg.default\extensions
[2009/08/19 20:41:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\1wlss3vg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/28 22:59:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\1wlss3vg.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/06/09 12:03:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 21:30:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/04 21:30:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 21:30:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/11/11 08:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/04 21:30:11 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2006/09/10 12:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/09/28 08:10:26 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/10 12:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 14:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/12 19:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (4974848 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://top.roddom.eu/
O1 - Hosts: 127.0.0.1 fr.winantivirus.com
O1 - Hosts: 127.0.0.1 www.winantivirus.com
O1 - Hosts: 127.0.0.1 amaena.com
O1 - Hosts: 127.0.0.1 www.amaena.com
O1 - Hosts: 127.0.0.1 www.errorsafe.com
O1 - Hosts: 127.0.0.1 fr.errorsafe.com
O1 - Hosts: 127.0.0.1 www.fr.errorsafe.com
O1 - Hosts: 127.0.0.1 www.winfixer.com
O1 - Hosts: 127.0.0.1 www.systemdoctor.com
O1 - Hosts: 127.0.0.1 fr.systemdoctor.com
O1 - Hosts: 127.0.0.1 winantispyware.com
O1 - Hosts: 127.0.0.1 www.winantispyware.com
O1 - Hosts: 127.0.0.1 www.adware-remover.net
O1 - Hosts: 127.0.0.1 adprotector.com
O1 - Hosts: 127.0.0.1 www.adprotector.com
O1 - Hosts: 127.0.0.1 [email protected]
O1 - Hosts: 127.0.0.1 protectorsuite.com
O1 - Hosts: 127.0.0.1 www.protectorsuite.com
O1 - Hosts: 127.0.0.1 popupprotector.com
O1 - Hosts: 127.0.0.1 www.popupprotector.com
O1 - Hosts: 127.0.0.1 historyprotector.com
O1 - Hosts: 127.0.0.1 www.historyprotector.com
O1 - Hosts: 127.0.0.1 x-protector.com
O1 - Hosts: 163373 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Babylon Translator] C:\Program Files\Babylon Translator\babylon.exe (Babylon Ltd.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WB: DllName - fastload.dll - C:\WINDOWS\System32\fastload.dll (Stardock)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/13 00:17:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/19 20:50:40 | 00,000,093 | ---- | M] () - D:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2008/01/19 18:24:10 | 00,000,093 | ---- | M] () - D:\AUTOEXEC.DOS -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 14 Days ==========

[2009/08/19 20:55:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/08/19 20:54:36 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\McAfee
[2009/08/19 20:53:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/19 20:53:57 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/08/19 20:53:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/08/19 20:01:58 | 00,000,000 | ---D | C] -- C:\Spy
[2009/08/19 12:45:58 | 00,000,940 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Spybot - Search & Destroy.lnk
[2009/08/19 12:45:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/19 12:45:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/17 22:21:31 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/08/17 20:41:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\HouseCall 6.6
[2009/08/16 18:19:06 | 00,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\FLV to AVI.lnk
[2009/08/16 18:19:05 | 00,000,000 | ---D | C] -- C:\Program Files\FLV to AVI
[2009/08/14 12:13:54 | 00,000,000 | ---D | C] -- D:\MesDocuments\Zaweche » Archives du Blog » Amine Zaoui et la ville d’oran_fichiers
[2009/08/14 12:13:53 | 00,050,459 | ---- | C] () -- D:\MesDocuments\Zaweche » Archives du Blog » Amine Zaoui et la ville d’oran.htm
[2009/08/13 23:37:23 | 01,876,094 | ---- | C] () -- D:\MesDocuments\Liens_good.htm
[2009/08/13 23:36:06 | 00,000,000 | ---D | C] -- D:\MesDocuments\Liens_good_fichiers
[2009/08/11 09:19:18 | 00,082,585 | ---- | C] () -- D:\MesDocuments\Msn_Mans_bille.htm
[2009/08/11 09:19:18 | 00,000,000 | ---D | C] -- D:\MesDocuments\Msn_Mans_bille_fichiers
[2009/08/10 15:24:38 | 00,011,979 | ---- | C] () -- D:\MesDocuments\Contrat_OverBlog.htm
[2009/08/10 15:24:38 | 00,000,000 | ---D | C] -- D:\MesDocuments\Contrat_OverBlog_fichiers
[2009/08/10 10:55:11 | 00,020,276 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\K 19 Sous- marin.avi[www.maroctorrent.net].torrent
[2009/08/10 10:41:54 | 00,043,419 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Algerie Autopsie d'Une Tragedie[www.Algerian-Torrents.com].torrent
[2009/08/06 21:24:40 | 00,014,161 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Les.Guerres.Du.XXe.Siecle.La.Guerre.D.Algerie.red1barca.torrent
[2009/08/06 21:18:55 | 00,011,459 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\L AUTRE 8 MAI 1945 Aux origines de la guerre d Algerie .flv[www.Algerian-Torrents.com].torrent

========== Files - Modified Within 14 Days ==========

[2009/08/19 20:06:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/19 20:05:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/19 14:39:14 | 00,000,295 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/19 13:18:41 | 04,974,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/19 12:58:38 | 00,000,940 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Spybot - Search & Destroy.lnk
[2009/08/18 22:46:29 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/18 22:45:07 | 00,001,018 | ---- | M] () -- C:\WINDOWS\calendarium.cfg
[2009/08/18 21:23:12 | 03,145,782 | ---- | M] () -- C:\WINDOWS\Calendarium.bmp
[2009/08/18 21:22:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/16 21:15:29 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/16 18:19:06 | 00,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\FLV to AVI.lnk
[2009/08/15 18:26:54 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/14 12:13:57 | 00,050,459 | ---- | M] () -- D:\MesDocuments\Zaweche » Archives du Blog » Amine Zaoui et la ville d’oran.htm
[2009/08/13 23:37:24 | 01,876,094 | ---- | M] () -- D:\MesDocuments\Liens_good.htm
[2009/08/11 09:19:19 | 00,082,585 | ---- | M] () -- D:\MesDocuments\Msn_Mans_bille.htm
[2009/08/10 15:24:39 | 00,011,979 | ---- | M] () -- D:\MesDocuments\Contrat_OverBlog.htm
[2009/08/10 10:55:12 | 00,020,276 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\K 19 Sous- marin.avi[www.maroctorrent.net].torrent
[2009/08/10 10:41:55 | 00,043,419 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Algerie Autopsie d'Une Tragedie[www.Algerian-Torrents.com].torrent
[2009/08/06 21:24:40 | 00,014,161 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Les.Guerres.Du.XXe.Siecle.La.Guerre.D.Algerie.red1barca.torrent
[2009/08/06 21:18:55 | 00,011,459 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\L AUTRE 8 MAI 1945 Aux origines de la guerre d Algerie .flv[www.Algerian-Torrents.com].torrent

========== LOP Check ==========

[2009/08/18 20:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data
[2009/07/28 22:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Azureus
[2009/08/19 21:07:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DMCache
[2009/08/16 10:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\dvdcss
[2009/07/06 18:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EstSoft
[2009/08/17 20:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HouseCall 6.6
[2009/08/19 20:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\IDM
[2009/07/19 11:53:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Notepad++
[2009/07/06 18:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\RayV
[2009/07/06 13:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thinstall
[2009/07/28 12:12:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2009/08/19 20:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/28 14:23:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/05/27 20:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/03/29 18:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/08/18 23:01:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/05 10:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Torrent2Exe
[2008/09/09 22:35:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2004/08/10 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/19 20:06:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\regedit.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrateur\Bureau\Sniffle.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrateur\Bureau\jre-6u13-windows-i586-p.exe:SummaryInformation
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:556BBACC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

========== Files - Unicode (All) ==========
[2008/08/12 18:43:10 | 00,000,000 | ---D | C](C:\Program Files\??????? ???????) -- C:\Program Files\المكتبة الشاملة
[2008/08/12 19:36:25 | 00,000,000 | ---D | M](C:\Program Files\??????? ???????) -- C:\Program Files\المكتبة الشاملة
[2009/01/03 19:21:06 | 09,512,357 | ---- | C] ()(D:\MesDocuments\??? ???? ?????.pdf) -- D:\MesDocuments\صفه صلاه النبى.pdf
[2009/01/03 19:40:05 | 09,512,357 | ---- | M] ()(D:\MesDocuments\??? ???? ?????.pdf) -- D:\MesDocuments\صفه صلاه النبى.pdf
[2009/02/10 16:35:50 | 00,025,088 | ---- | C] ()(D:\MesDocuments\?.docSecret_Ayettes_KafHaYa3inSad.doc) -- D:\MesDocuments\ه.docSecret_Ayettes_KafHaYa3inSad.doc
[2009/02/10 19:53:34 | 00,028,672 | ---- | C] ()(D:\MesDocuments\????? ????.doc) -- D:\MesDocuments\قصيدة خدوج.doc
[2009/02/10 20:14:17 | 00,028,672 | ---- | M] ()(D:\MesDocuments\????? ????.doc) -- D:\MesDocuments\قصيدة خدوج.doc
[2009/03/09 10:52:40 | 00,185,070 | ---- | C] ()(D:\MesDocuments\?????.php.htm) -- D:\MesDocuments\أعشاب.php.htm
[2009/03/09 10:52:41 | 00,000,000 | ---D | C](D:\MesDocuments\?????.php_fichiers) -- D:\MesDocuments\أعشاب.php_fichiers
[2009/03/09 10:52:42 | 00,000,000 | ---D | M](D:\MesDocuments\?????.php_fichiers) -- D:\MesDocuments\أعشاب.php_fichiers
[2009/03/09 10:52:42 | 00,185,070 | ---- | M] ()(D:\MesDocuments\?????.php.htm) -- D:\MesDocuments\أعشاب.php.htm
[2009/04/06 13:32:01 | 00,133,665 | ---- | C] ()(D:\MesDocuments\-?????-????-?????-??????.html) -- D:\MesDocuments\-نصيحه-طبيه-مفيدة-لحياتك.html
[2009/04/06 13:32:02 | 00,000,000 | ---D | C](D:\MesDocuments\-?????-????-?????-??????_fichiers) -- D:\MesDocuments\-نصيحه-طبيه-مفيدة-لحياتك_fichiers
[2009/04/06 13:32:03 | 00,000,000 | ---D | M](D:\MesDocuments\-?????-????-?????-??????_fichiers) -- D:\MesDocuments\-نصيحه-طبيه-مفيدة-لحياتك_fichiers
[2009/04/06 13:32:06 | 00,133,665 | ---- | M] ()(D:\MesDocuments\-?????-????-?????-??????.html) -- D:\MesDocuments\-نصيحه-طبيه-مفيدة-لحياتك.html
[2009/04/25 23:30:41 | 00,311,808 | ---- | C] ()(D:\MesDocuments\?????? ??????? pegboard ?????.doc) -- D:\MesDocuments\اختبار للمهارة pegboard بوردو.doc
[2009/05/02 01:24:32 | 00,311,808 | ---- | M] ()(D:\MesDocuments\?????? ??????? pegboard ?????.doc) -- D:\MesDocuments\اختبار للمهارة pegboard بوردو.doc
[2009/06/27 21:00:03 | 00,025,088 | ---- | M] ()(D:\MesDocuments\?.docSecret_Ayettes_KafHaYa3inSad.doc) -- D:\MesDocuments\ه.docSecret_Ayettes_KafHaYa3inSad.doc
< End of report >


Finally thank you to all the team! A Cuckoo particular Handhfan ..
With my friends, bravo!
  • 0

Advertisements

#2
kamel
Posted 31 August 2009 - 06:11 AM

kamel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I am so sad!
Why nobody seems interested in me?
I connect difficult ...
Here is the message given by Spybot:

HLM \ Software \ Microsoft \ Security Center \ AntiVirusOverride (is not) Dword: 0

Thank you to guide me!

Kamel

Edited by kamel, 31 August 2009 - 06:15 AM.

  • 0

#3
kamel
Posted 13 September 2009 - 02:43 PM

kamel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
That is because I had spent a "cuckoo" to Handhfan, nobody wants to help me! It's crazy ...
And I thought this community was exemplary and that people could help each other and I have not failed the rules of propriety!

I'm very naive!
Finally, I begin to get used to my "virus" and I will find a solution elsewhere ...
This is unfortunate!
I shall never come back on this forum! :)

Edited by kamel, 13 September 2009 - 02:46 PM.

  • 0

#4
Octagonal
Posted 14 September 2009 - 02:21 AM

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
While we try to help everyone as quickly as possible, our malware team is vastly outnumbered by people needing help. Some of our experts work from the older topics towards the newer ones and some take on newer topics rather than older ones. We encourage the former practice, but that's not always practical.

Some of the helpers are more comfortable with certain infections and seek them out...still other helpers will look for the tougher infections to take on. This may explain, at least partially, the seemingly random nature of how topics are selected. We DO try to get to everyone in a timely manner, but as you've seen, the Malware Forum presents a pretty formidable workload for the number of staff members we have. With that being said, I am sure that you can see how easily a topic can slip through the cracks and get overlooked.

However, when your topic goes more than three days without a reply, post a link to your topic in The Waiting Room and a staff member will pick it up as soon as they can. This topic is also pinned at the top of this forum.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP