bichique

Membres

Afficher le profil Afficher son activité

Compteur de contenus
3
Inscription
le 15 août 2007
Dernière visite
le 18 août 2007

bichique's Achievements

Junior Member (3/12)

Réputation sur la communauté

WIN ANTIVIRUS PRO 2007

bichique a répondu à un(e) sujet de bichique dans Analyses et éradication malwares

Merci, alors voici le 1er rapport : ComboFix 07-08-14.4 - "multimedia" 2007-08-16 14:04:16.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.505 [GMT 2:00] Command switches used :: /v exe2936 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\MULTIM~1\APPLIC~1\tmp14.tmp.exe C:\DOCUME~1\MULTIM~1\APPLIC~1\tmp15.tmp.exe C:\DOCUME~1\MULTIM~1\APPLIC~1\tmp4E.tmp.exe C:\DOCUME~1\MULTIM~1\APPLIC~1\tmp4F.tmp.exe C:\DOCUME~1\MULTIM~1\APPLIC~1\tmp50.tmp.exe C:\DOCUME~1\MULTIM~1\APPLIC~1\tmp51.tmp.exe C:\WINDOWS\dgfffe.ini C:\WINDOWS\efffgd.dll C:\WINDOWS\system32\atnalfblgr.dat C:\WINDOWS\system32\atnalfblgr.exe C:\WINDOWS\system32\atnalfblgr_nav.dat C:\WINDOWS\system32\atnalfblgr_navps.dat C:\WINDOWS\system32\ddccawv.dll C:\WINDOWS\system32\dn981e1cff.dat C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\exe2936.dll C:\WINDOWS\system32\install.exe C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\LEGACY_NPF -------\DomainService -------\NPF ((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 ))))))))))))))))))))))))))))))) 2007-08-16 14:03 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-14 19:36 <REP> d-------- C:\temp\Ultra$ISO 2007-08-14 18:43 <REP> d-------- C:\Program Files\UltraISO 2007-08-14 18:43 <REP> d-------- C:\Program Files\Fichiers communs\EZB Systems 2007-08-14 12:23 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-14 12:23 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-14 12:23 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-14 12:23 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-14 12:23 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-08-14 12:23 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-14 12:23 <REP> d-------- C:\temp\is-1N8IN.tmp 2007-08-14 12:23 <REP> d-------- C:\Program Files\Spyware Doctor 2007-08-14 12:23 <REP> d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\PC Tools 2007-08-14 12:17 <REP> d-------- C:\Program Files\SpywareBlaster 2007-08-14 12:13 9,814 --a------ C:\temp\Setup(2).exe 2007-08-14 12:13 128,368 --a------ C:\temp\Setup(4).exe 2007-08-14 12:13 <REP> d-------- C:\temp\DRDld 2007-08-14 12:12 20,521 --a------ C:\temp\temp.exe 2007-08-14 12:12 117,076 --a------ C:\temp\Setup(1).exe 2007-08-14 12:10 <REP> d-------- C:\Program Files\SpywareGuard 2007-08-14 12:06 670,347 --a------ C:\WINDOWS\system32\trusted.exe 2007-08-14 12:06 <REP> d-------- C:\WINDOWS\exefnd 2007-08-14 11:27 <REP> d-------- C:\Program Files\Secure PC Solutions 2007-08-14 10:35 <REP> d-------- C:\Program Files\Spyware-Secure 2007-08-14 10:33 <REP> d-------- C:\temp\e4j29.tmp_dir18072 2007-08-14 10:28 <REP> d-------- C:\temp\isp27.tmp 2007-08-14 10:17 <REP> d-------- C:\Program Files\Lionhead Studios 2007-08-14 10:08 <REP> d-------- C:\temp\ispD.tmp 2007-08-13 22:41 <REP> d-------- C:\Program Files\Divine Divinity 2007-08-13 18:40 <REP> d-------- C:\WINDOWS\system32\NtmsData 2007-08-13 01:06 56,832 -ra------ C:\temp\mpegm.dll 2007-08-13 01:06 56,832 -ra------ C:\temp\mpegc.dll 2007-08-12 20:38 16,384 --a----t- C:\temp\Perflib_Perfdata_528.dat 2007-08-12 11:51 <REP> d-------- C:\Program Files\XBudget 2007-08-12 11:42 <REP> d-------- C:\Program Files\BankPerfect 2007-08-10 15:34 <REP> d-------- C:\temp\~nsu.tmp 2007-08-10 14:36 <REP> d-------- C:\temp\ImageUploader_Temp 2007-08-10 14:24 <REP> d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\WIS 2007-08-09 17:06 <REP> d-------- C:\Program Files\3DYAMS_XP 2007-08-07 22:49 <REP> d-------- C:\Program Files\GameJack 5 2007-08-07 18:49 <REP> d-------- C:\Program Files\SpellForce 2007-08-06 09:42 <REP> d-------- C:\temp\OfficeMMergeTempDir 2007-08-03 07:36 16,384 --a----t- C:\temp\Perflib_Perfdata_184.dat 2007-08-02 17:52 78 --a------ C:\temp\del.bat 2007-08-02 08:42 74,752 --a------ C:\WINDOWS\ST6UNST.EXE 2007-08-02 08:42 290,816 --------- C:\WINDOWS\Setup1.exe 2007-08-01 10:04 950,272 --a------ C:\temp\svnhost.exe 2007-07-31 23:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Bureau 2007-07-31 23:16 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-07-31 22:49 368,640 --------- C:\temp\d2l_PlayD2.exe 2007-07-31 22:48 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-07-31 22:48 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-07-31 22:48 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-07-31 22:23 393,216 --------- C:\temp\d2l_Install.exe 2007-07-31 22:23 263,168 --------- C:\temp\binkw32.dll 2007-07-31 21:50 765,952 --a------ C:\WINDOWS\system32\svdhost.exe 2007-07-31 21:50 765,952 --a------ C:\temp\bot.exe 2007-07-31 21:50 3,378,849 --a------ C:\temp\uiso8_pe.exe 2007-07-31 21:50 <REP> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP 2007-07-31 21:24 <REP> d-------- C:\Program Files\Alcohol Soft 2007-07-31 21:19 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-29 11:49 <REP> d-------- C:\Program Files\Macrogaming 2007-07-29 08:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\nView_Profiles 2007-07-28 07:07 77,824 --a------ C:\temp\swt-gdip-win32-3345.dll 2007-07-28 07:04 307,200 --a------ C:\temp\swt-win32-3345.dll 2007-07-25 13:27 <REP> d-------- C:\WINDOWS\system32\LogFiles 2007-07-24 08:38 376,592 --a------ C:\WINDOWS\system32\MSRDO20.DLL 2007-07-24 08:38 <REP> d-------- C:\WINDOWS\Micro Application Shared 2007-07-23 10:38 338,944 --a------ C:\WINDOWS\system32\zpcglns.exe 2007-07-21 12:23 <REP> d-------- C:\Program Files\WinISO 2007-07-21 03:28 <REP> d-------- C:\temp\utorrent 2007-07-21 03:28 <REP> d-------- C:\Program Files\uTorrent 2007-07-21 03:07 <REP> d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\uTorrent 2007-07-20 22:13 <REP> d-------- C:\Program Files\Strategy First 2007-07-20 21:59 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-07-20 21:28 <REP> d-------- C:\Program Files\Elaborate Bytes 2007-07-20 08:38 <REP> d-------- C:\temp\MessengerCache 2007-07-20 08:23 <REP> d-------- C:\Program Files\MessengerSkinner 2007-07-20 08:23 <REP> d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\MessengerSkinner 2007-07-18 14:07 <REP> d-------- C:\DOCUME~1\MULTIM~1\Contacts 2007-07-18 14:06 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-07-18 14:05 <REP> d-------- C:\Program Files\MSN Messenger (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-15 21:37 --------- d-------- C:\Program Files\eMule 2007-08-14 13:52 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Azureus 2007-08-14 10:24 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-08-14 10:17 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-07 22:49 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-07 14:32 --------- d-------- C:\Program Files\Microsoft Works 2007-08-04 14:25 --------- d-------- C:\Program Files\zuma 2007-08-04 14:25 --------- d-------- C:\Program Files\messenger 2007-08-02 13:03 --------- d-------- C:\Program Files\Movie Collection 2007-07-31 23:53 --------- d-------- C:\Program Files\Azureus 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-24 08:38 --------- d-------- C:\Program Files\Micro Application 2007-07-02 16:41 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe 2007-07-02 16:41 33533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe 2007-07-02 16:41 --------- d-------- C:\Program Files\ffdshow 2007-07-02 16:40 56 -r-hs---- C:\WINDOWS\system32\717E67E075.sys 2007-07-02 16:40 2098 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-02 16:40 --------- d-------- C:\Program Files\XviD 2007-07-02 16:40 --------- d-------- C:\Program Files\Morgan 2007-07-02 16:40 --------- d-------- C:\Program Files\DivX 2007-07-02 16:40 --------- d-------- C:\Program Files\AC3Filter 2007-07-02 16:38 --------- d-------- C:\Program Files\virtualdub 2007-06-29 15:45 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\AdobeUM 2007-06-28 08:57 --------- d-------- C:\Program Files\IncrediMail 2007-06-27 09:26 --------- d-------- C:\Program Files\Fichiers communs\Sandlot Shared 2007-06-26 18:38 --------- d-------- C:\Program Files\Cake Mania 2007-06-26 18:32 724992 --a------ C:\WINDOWS\iun6002.exe 2007-06-26 17:31 --------- d-------- C:\Program Files\RocketDock 2007-06-26 17:10 --------- d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared 2007-06-26 16:37 --------- d-------- C:\Program Files\Fichiers communs\ACD Systems 2007-06-26 16:37 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\ACD Systems 2007-06-26 16:36 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-06-26 16:36 --------- d-------- C:\Program Files\ACD Systems 2007-06-26 16:34 --------- d-------- C:\Program Files\Fichiers communs\Micro Application Shared 2007-06-26 16:30 --------- d-------- C:\Program Files\VIRTUELSOFT 2007-06-26 16:28 --------- d-------- C:\Program Files\PDFCreator 2007-06-26 14:56 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Vso 2007-06-26 14:30 81920 --a------ C:\DOCUME~1\MULTIM~1\APPLIC~1\ezpinst.exe 2007-06-26 14:30 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-06-26 14:30 47360 --a------ C:\DOCUME~1\MULTIM~1\APPLIC~1\pcouffin.sys 2007-06-26 14:30 --------- d-------- C:\Program Files\DVDFab Platinum 3 2007-06-26 13:45 --------- d-------- C:\Program Files\VideoLAN 2007-06-26 13:45 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\vlc 2007-06-21 18:20 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Micro Application 2007-06-21 18:18 --------- d-------- C:\Program Files\Google 2007-06-21 18:17 81280 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2007-06-21 18:17 37888 --a------ C:\WINDOWS\system32\setupnt.dll 2007-06-21 18:17 28768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys 2007-06-21 18:17 210400 --a------ C:\WINDOWS\system32\drivers\timntr.sys 2007-06-21 18:17 126976 --a------ C:\WINDOWS\system32\snapapi.dll 2007-06-21 18:17 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared 2007-06-21 18:17 --------- d-------- C:\Program Files\Fichiers communs\Acronis 2007-06-21 14:07 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Google 2007-06-20 19:30 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Symantec 2007-06-20 19:20 --------- d-------- C:\Program Files\Fichiers communs\Ahead 2007-06-20 19:20 --------- d-------- C:\Program Files\Ahead 2007-06-20 19:10 --------- d-------- C:\Program Files\EPSON 2007-06-20 19:04 --------- d-------- C:\Program Files\Fichiers communs\Agfa 2007-06-20 19:04 --------- d-------- C:\Program Files\Agfa 2007-06-20 18:56 2322816 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-06-20 18:50 --------- d-------- C:\Program Files\TuneUp Utilities 2007 2007-06-20 18:47 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\TuneUp Software 2007-06-20 18:24 2990 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin 2007-06-20 18:23 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin 2007-06-20 18:22 --------- d-------- C:\Program Files\movie maker 2007-06-20 18:20 --------- d-------- C:\Program Files\Windows NT 2007-06-20 18:10 --------- d-------- C:\Program Files\Netropa 2007-06-20 18:07 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Lavasoft 2007-06-20 18:06 --------- d-------- C:\Program Files\Lavasoft 2007-06-20 17:38 --------- d-------- C:\Program Files\Alwil Software 2007-06-20 10:00 --------- d-------- C:\Program Files\Alice 2007-06-20 09:57 --------- d--h----- C:\Program Files\WindowsUpdate 2007-06-20 09:55 --------- d-------- C:\Program Files\Fichiers communs\InstallShield 2007-06-19 21:12 --------- d-------- C:\DOCUME~1\MULTIM~1\APPLIC~1\Help 2007-06-19 20:42 --------- d-------- C:\Program Files\Silicon Image 2007-06-19 17:07 30 --a------ C:\AUTOEXEC.BAT 2007-06-19 16:57 --------- d-------- C:\Program Files\Common Files 2007-06-19 16:41 0 -rahs---- C:\MSDOS.SYS 2007-06-19 16:41 0 -rahs---- C:\IO.SYS 2007-06-19 16:41 0 --a------ C:\CONFIG.SYS 2007-06-19 16:41 --------- d-------- C:\Program Files\msn gaming zone 2007-06-19 16:41 --------- d-------- C:\Program Files\microsoft frontpage 2007-06-19 16:41 --------- d-------- C:\Program Files\Fichiers communs\speechengines 2007-06-19 16:40 --------- d-------- C:\Program Files\Services en ligne 2007-06-19 16:39 --------- d-------- C:\Program Files\Fichiers communs\MSSoap 2007-06-19 15:41 --------- d-------- C:\Program Files\Fichiers communs\ODBC 2001-03-28 12:02 122880 --a------ C:\WINDOWS\inf\Agfa\message.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03] "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-12 00:22] "EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 05:00] "EPSON Stylus Photo R300 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 05:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-06-21 18:17] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-06-21 18:17] "nForce Tray Options"="sstray.exe" [2003-08-13 06:25 C:\WINDOWS\system32\sstray.exe] "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53] "Tweak UI"="TWEAKUI.CPL" [2001-03-19 00:41 C:\WINDOWS\system32\TWEAKUI.CPL] "SpyClean"="C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe" [] "ovbsnkq"="c:\windows\system32\ovbsnkq.exe" [2007-08-16 14:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] "CursorXP"="C:\themeGold55\CursorXP\CursorXP.exe" [2001-12-13 20:00] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05] "messengerskinner"="C:\Program Files\MessengerSkinner\MessengerSkinner.exe" [2007-05-30 11:33] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53] C:\Documents and Settings\multimedia\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35] C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoLowDiskSpaceCheck"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoLowDiskSpaceCheck"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{987bc8e7-3447-11dc-a51e-0011d80212bf}] AutoRun\command- J:\autorun.exe Contents of the 'Scheduled Tasks' folder 2007-08-10 15:21:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-16 14:08:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\ovbsnkq.dat C:\WINDOWS\system32\ovbsnkq.exe C:\WINDOWS\system32\ovbsnkq_navps.dat C:\WINDOWS\system32\ovbsnkq_navup.dat C:\WINDOWS\system32\nvs2.inf scan completed successfully hidden files: 5 ************************************************************************** Completion time: 2007-08-16 14:10:27 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-16 14:10 --- E O F --- et voici le nouveau scan hijack : Logfile of HijackThis v1.99.1 Scan saved at 14:12:16, on 16/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\themeGold55\CursorXP\CursorXP.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\MessengerSkinner\MessengerSkinner.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P40 "EPSON Stylus Photo R300 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [spyClean] C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182357547593 O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layou...IPSUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1BAD84-2F8F-4026-89FB-EB99904BFA20}: NameServer = 212.216.212.112,212.216.172.62 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe merci
- le 16 août 2007
- 3 réponses
WIN ANTIVIRUS PRO 2007

bichique a posté un sujet dans Analyses et éradication malwares

Bonjour Depuis quelques temps, j'ai des fenêtres qui s'ouvrent me demandant d'effectuer un scan avec WIN ANTIVIRUS PRO 2007. En suivant vos instructions, j'ai installé hijack et j'ai fais le scan. Voici le résultat : Logfile of HijackThis v1.99.1 Scan saved at 13:05:10, on 15/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Documents and Settings\multimedia\Application Data\tmp4F.tmp.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\themeGold55\CursorXP\CursorXP.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\MessengerSkinner\MessengerSkinner.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\eMule\emule.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\hijackthis\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {5d778e00-e242-447f-bc3b-357840256168} - C:\WINDOWS\system32\exe2936.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P40 "EPSON Stylus Photo R300 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [spyClean] C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe /startup O4 - HKLM\..\Run: [spyware-Secure] c:\temp\Rar$EX00.031\Spyware-Secure_trial.exe O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\efffgd.dll",forkonce O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182357547593 O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layou...IPSUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1BAD84-2F8F-4026-89FB-EB99904BFA20}: NameServer = 212.216.212.112,212.216.172.62 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\windows\system32\ddccawv.dll O20 - Winlogon Notify: exe2936 - C:\WINDOWS\SYSTEM32\exe2936.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\multimedia\Application Data\tmp4F.tmp.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe merci de vos réponses
- le 15 août 2007
- 3 réponses
DRIVE CLEANER 2007 et WIN ANTIVIRUS PRO 2007

bichique a répondu à un(e) sujet de Natoue dans Analyses et éradication malwares

Bonjour, J'ai le même soucis voici le scan effectué : Logfile of HijackThis v1.99.1 Scan saved at 13:05:10, on 15/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Documents and Settings\multimedia\Application Data\tmp4F.tmp.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\themeGold55\CursorXP\CursorXP.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\MessengerSkinner\MessengerSkinner.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\eMule\emule.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\hijackthis\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {5d778e00-e242-447f-bc3b-357840256168} - C:\WINDOWS\system32\exe2936.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P40 "EPSON Stylus Photo R300 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [spyClean] C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe /startup O4 - HKLM\..\Run: [spyware-Secure] c:\temp\Rar$EX00.031\Spyware-Secure_trial.exe O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\efffgd.dll",forkonce O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182357547593 O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layou...IPSUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1BAD84-2F8F-4026-89FB-EB99904BFA20}: NameServer = 212.216.212.112,212.216.172.62 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\windows\system32\ddccawv.dll O20 - Winlogon Notify: exe2936 - C:\WINDOWS\SYSTEM32\exe2936.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\multimedia\Application Data\tmp4F.tmp.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe merci de votre réponse
- le 15 août 2007
- 11 réponses

Connexion

bichique

Compteur de contenus

Inscription

Dernière visite

bichique's Achievements

Junior Member (3/12)

Réputation sur la communauté

WIN ANTIVIRUS PRO 2007

WIN ANTIVIRUS PRO 2007

DRIVE CLEANER 2007 et WIN ANTIVIRUS PRO 2007

Zebulon

Outils en ligne

Naviguer