eradiquage deluxecommunications

metziarr · le 16 novembre 2006

toujours les meme problemes intenpestifs a ce sujet, pop-up et autres bloquages ... etc.

voici mon rapport combofix :

ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\manoa henrytos\Application Data\Dxcknwrd.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\mc-110-12-0000730.exe

C:\WINDOWS\system32\aaa00000.sys

C:\WINDOWS\uninstall_nmon.vbs

C:\Documents and Settings\LocalService\Application Data\NetMon

C:\Program Files\Deskbar

C:\Program Files\network monitor

C:\Program Files\Fichiers communs\{889BA193-07CF-1036-0529-021203200020}

((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))

2006-11-14 22:50 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-11-14 22:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

2006-11-14 22:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys

2006-11-14 22:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

2006-10-16 17:12 53,248 --a------ C:\WINDOWS\system32\Process.exe

2006-10-16 17:12 42,496 --a------ C:\WINDOWS\system32\swreg.exe

2006-10-16 17:12 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2006-10-16 17:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2006-10-15 13:34 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll

2006-10-15 13:34 483,328 --a------ C:\WINDOWS\system32\PICSDK.dll

2006-10-15 13:34 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll

2006-10-15 13:33 98,304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL

2006-10-15 13:33 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL

2006-10-15 13:33 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL

2006-10-15 13:33 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL

2006-10-15 13:33 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL

2006-10-15 13:33 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-14 23:00 -------- d-------- C:\Program Files\Fichiers communs

2006-11-14 22:59 -------- d-------- C:\Program Files\Mozilla Firefox

2006-11-14 22:52 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\AVG7

2006-11-14 22:50 -------- d-------- C:\Program Files\Grisoft

2006-11-14 22:45 -------- d-------- C:\Program Files\ewido anti-spyware 4.0

2006-11-10 00:40 -------- d-------- C:\Program Files\Championship Manager 99-00

2006-11-06 19:07 -------- d-------- C:\Program Files\Winamp

2006-11-05 23:38 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\vlc

2006-11-05 23:25 -------- d-------- C:\Program Files\VideoLAN

2006-11-05 23:19 -------- d-------- C:\Program Files\Matroska Playback Pack

2006-11-05 02:42 -------- d---s---- C:\Documents and Settings\manoa henrytos\Application Data\Microsoft

2006-11-05 02:22 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\Real

2006-11-05 02:20 -------- d-------- C:\Program Files\Real

2006-11-05 02:20 -------- d-------- C:\Program Files\Fichiers communs\xing shared

2006-11-05 02:20 -------- d-------- C:\Program Files\Fichiers communs\Real

2006-10-30 23:58 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\Mozilla

2006-10-27 10:22 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-10-27 10:22 -------- d-------- C:\Program Files\Google

2006-10-27 10:22 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\Google

2006-10-27 10:18 -------- d-------- C:\Program Files\CCleaner

2006-10-19 14:50 -------- d-------- C:\Program Files\LimeWire

2006-10-19 01:43 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\Ahead

2006-10-19 01:28 -------- d-------- C:\Program Files\Fichiers communs\Ahead

2006-10-19 01:27 -------- d-------- C:\Program Files\Nero

2006-10-16 17:31 -------- d-------- C:\Program Files\eMule

2006-10-15 14:10 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\Help

2006-10-15 14:02 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\EPSON

2006-10-15 13:36 -------- d-------- C:\Program Files\Fichiers communs\InstallShield

2006-10-15 13:34 -------- d-------- C:\Program Files\EPSON

2006-10-13 00:22 0 --a------ C:\WINDOWS\system32\27031_redworld.exe

2006-10-13 00:12 -------- d-------- C:\Documents and Settings\manoa henrytos\Application Data\uTorrent

2006-10-12 23:59 -------- d-------- C:\Program Files\uTorrent

2006-10-08 15:08 -------- d-------- C:\Program Files\Web media Player

2006-10-08 15:08 -------- d-------- C:\Program Files\Ares

2006-10-08 15:07 -------- d-------- C:\Program Files\DivX

2006-10-02 16:39 -------- d-------- C:\Program Files\NetMeeting

2006-10-02 16:32 -------- d-------- C:\Program Files\MSN Messenger

2006-09-24 11:47 -------- d-------- C:\Program Files\VirtualDJ

2006-09-24 11:25 -------- d-------- C:\Program Files\adslTV

2006-09-10 16:41 0 --a------ C:\WINDOWS\system32\eraseme_07611.exe

2006-09-06 14:49 0 --a------ C:\WINDOWS\system32\eraseme_20518.exe

2006-08-25 13:26 138 --a------ C:\Program Files\INSTALL.LOG

2006-08-24 23:10 62 --ahs---- C:\Documents and Settings\manoa henrytos\Application Data\desktop.ini

2006-08-24 22:48 1233 --a------ C:\WINDOWS\system32\ncw80004.sys

2006-08-24 22:35 44 --a------ C:\WINDOWS\system32\msssc.dll

2006-08-24 22:25 0 -rahs---- C:\MSDOS.SYS

2006-08-24 22:25 0 -rahs---- C:\IO.SYS

2006-08-24 22:25 0 --a------ C:\CONFIG.SYS

2006-08-24 22:25 0 --a------ C:\AUTOEXEC.BAT

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"fzwi"="C:\\Program Files\\Fichiers communs\\fzwi\\fzwim.exe"

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"fzwi"="C:\\Program Files\\Fichiers communs\\fzwi\\fzwim.exe"

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

"{889BA193-07CF-1036-0529-021203200020}"="\"C:\\Program Files\\Fichiers communs\\{889BA193-07CF-1036-0529-021203200020}\\Update.exe\" mc-110-12-0000730"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

"{889BA193-07CF-1036-0529-021203200020}"="\"C:\\Program Files\\Fichiers communs\\{889BA193-07CF-1036-0529-021203200020}\\Update.exe\" mc-110-12-0000730"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061113-171335-882

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

backup-20061113-171335-750

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

backup-20061113-171335-615

O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

backup-20061113-171335-229

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

backup-20061113-171335-498

O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

backup-20061113-171335-743

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

backup-20061113-171335-414

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

backup-20061113-171335-260

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

backup-20061113-171335-239

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll

backup-20061103-113717-680

O23 - Service: Local Network Service (algs) - Unknown owner - C:\WINDOWS\scvh0st.exe (file missing)

backup-20061103-113707-921

O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

backup-20061103-113707-827

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll

backup-20061103-113707-285

O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

backup-20061016-180557-331

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

backup-20061016-180557-122

O23 - Service: Local Network Service (algs) - Unknown owner - C:\WINDOWS\scvh0st.exe (file missing)

backup-20061016-180557-150

O23 - Service: Microsoft Star Window Service - Unknown owner - C:\WINDOWS\System32\dllcache\starwin32.exe

backup-20061016-180554-976

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

backup-20061016-180554-588

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

backup-20061016-180554-527

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

backup-20061016-180554-487

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

backup-20061016-180554-561

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

backup-20061016-180554-400

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

backup-20061016-180554-246

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

backup-20061016-180554-599

O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

backup-20061016-180554-541

O4 - HKCU\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /M "Stylus C48" /EF "HKCU"

backup-20061016-180554-979

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

backup-20061016-180554-364

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

backup-20061016-180554-476

O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"

backup-20061016-180554-950

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

backup-20061016-180554-398

O4 - HKLM\..\Run: [newname] C:\\nwnmff_e28.exe

backup-20061016-180554-330

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

backup-20061016-180554-570

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

backup-20061016-180554-704

O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

backup-20061016-180554-903

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

backup-20061016-180554-796

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

backup-20061016-180554-473

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

backup-20061016-180554-465

O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe

backup-20061016-180554-458

O4 - HKLM\..\Run: [WinDLL (dsaxd.dll)] rundll32.exe C:\WINDOWS\System32\dsaxd.dll,start

backup-20061016-180554-420

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

backup-20061016-180554-213

O4 - HKLM\..\Run: [ncw80004] RUNDLL32.EXE w00a5ae1.dll,n 003800010000000a00a5ae1

backup-20061016-180554-206

O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e29.exe

backup-20061016-180554-144

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

backup-20061016-180554-597

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

backup-20061016-180554-127

O4 - HKLM\..\Run: [defender] C:\\dfndrff_e29.exe

backup-20061016-180554-581

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll

backup-20061016-180554-360

F2 - REG:system.ini: UserInit=userinit.exe

backup-20061016-180554-726

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

backup-20061016-180554-755

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

Completion time: 06-11-14 23:01:11.98

C:\ComboFix.txt ... 06-11-14 23:01

que faire à présent ?

bruce lee · le 16 novembre 2006

bonjour metziarr,

as tu deja un autre sujet d'ouvert?

Si non, telecharge la version original de hijackthis http://www.merijn.org/files/hijackthis.zip

déconnecte toi du net et installe le et installe le sur ton bureau

fais un clique droit sur hijackthis.exe puis choisis renommer et appelle le scan .

lance le en cliquant sur Do a system scan and save a logfile a la fin du scan le bloc note va s'ouvrir tu fais un copier coller de tout son contenu.

Connexion

Pas encore inscrit ?

eradiquage deluxecommunications

Messages recommandés

metziarr

Lien vers le commentaire

Partager sur d’autres sites

bruce lee

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer