Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Security Alert -- hijackthis log


  • Please log in to reply

#1
tiemin

tiemin

    New Member

  • Member
  • Pip
  • 2 posts
When start windows, there is a pop up window saying "Windows has detected an Internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses.Run full system scan now to protect your PC from Internet attacks,hijacking attempts and spyware!Click here to download spyware remover for total protection."

I ran hijackthis on my PC and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:09, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Administrateur\Bureau\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\tmp74828.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\tmp80375.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://be.msn.com/defaultf.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://be.msn.com/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/defaultf.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: RDL Rolex - {08C5643D-2E80-4568-BF54-97D32D0A71EB} - C:\WINDOWS\drnpfdxqpn.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: etlrlws - {1F8880CF-A3A0-4DD3-A757-A21DC5216C4B} - C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Thrustmaster USB PC Camera
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe" -lang 2052
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft] okiuy.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] file32.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] file32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Outlooker] C:\Program Files\Common Files\System\gd_bin_ini.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ·s¼W¦Ü¼s§i¾î´T¨¾Å@ - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: bokpkov - {0F63DDF3-7875-4CA9-A093-DCB9CC67569F} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {CCD2C976-3701-48FA-9D7B-7ED605BBD327} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: ServiceBoot - {f6763c22-776d-4373-b322-142f36024544} - C:\WINDOWS\Installer\{f6763c22-776d-4373-b322-142f36024544}\ServiceBoot.dll
O21 - SSODL: zip - {b1f6810e-d8c8-49a0-b1cb-bc3edb9d7baf} - C:\WINDOWS\Installer\{b1f6810e-d8c8-49a0-b1cb-bc3edb9d7baf}\zip.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Documents and Settings\Administrateur\Bureau\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - ???????????? - C:\Program Files\StormII\stormliv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: drwatson32 - Unknown owner - C:\WINDOWS\drwatson32bitss.exe (file missing)
O23 - Service: GFI FAXmaker Fax Server (FAXmaker Fax Server) - GFI FAX & VOICE - C:\Program Files\GFI\FAXmaker\fmservic.exe
O23 - Service: GFI FAXmaker Message Transfer Agent (FAXmaker MTA Service) - GFI Software Ltd. - C:\Program Files\GFI\FAXmaker\fmgwinet.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13826 bytes


Thank you very much for your help.

tiemin
  • 0

Advertisements


#2
tiemin

tiemin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here is Combofix log:

ComboFix 08-03-09.1 - Carlos 2008-03-09 22:55:39.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.381 [GMT 1:00]
Endroit: C:\Documents and Settings\Carlos\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\microsoft\iehelper
C:\Documents and Settings\Carlos\Application Data\addon.dat
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\#SharedObjects\442SAVLH\www.inter-focus.cn
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\#SharedObjects\442SAVLH\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\Documents and Settings\Carlos\Bureau\Error Cleaner.url
C:\Documents and Settings\Carlos\Bureau\Privacy Protector.url
C:\Documents and Settings\Carlos\Bureau\Spyware&Malware Protection.url
C:\Documents and Settings\Carlos\Favoris\Error Cleaner.url
C:\Documents and Settings\Carlos\Favoris\Privacy Protector.url
C:\Documents and Settings\Carlos\Favoris\Spyware&Malware Protection.url
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\NPF


((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.

2008-03-09 23:02 . 2008-03-09 23:02 16,504 -r-hs---- C:\Program Files\tmp59968.exe
2008-03-09 23:02 . 2008-03-09 23:02 16,504 -r-hs---- C:\Program Files\tmp54750.exe
2008-03-09 21:34 . 2008-03-09 21:34 16,504 -r-hs---- C:\Program Files\tmp80375.exe
2008-03-09 21:34 . 2008-03-09 21:34 16,504 -r-hs---- C:\Program Files\tmp74828.exe
2008-03-09 18:33 . 2008-03-09 18:33 16,504 -r-hs---- C:\Program Files\tmp81359.exe
2008-03-09 18:33 . 2008-03-09 18:33 16,504 -r-hs---- C:\Program Files\tmp75562.exe
2008-03-09 15:23 . 2008-03-09 15:23 16,504 -r-hs---- C:\Program Files\tmp97031.exe
2008-03-09 15:23 . 2008-03-09 15:23 16,504 -r-hs---- C:\Program Files\tmp91453.exe
2008-03-09 11:24 . 2008-03-09 11:24 16,504 -r-hs---- C:\Program Files\tmp79984.exe
2008-03-09 11:24 . 2008-03-09 11:24 16,504 -r-hs---- C:\Program Files\tmp74796.exe
2008-03-08 21:48 . 2008-03-08 17:55 319,488 --a------ C:\WINDOWS\altvxvm.dll
2008-03-08 21:48 . 2008-03-08 17:55 221,184 --a------ C:\WINDOWS\drnpfdxqpn.dll
2008-03-08 21:48 . 2008-03-08 17:55 217,088 --a------ C:\WINDOWS\bokpkov.dll
2008-03-08 21:48 . 2008-03-08 17:55 172,032 --a------ C:\WINDOWS\etlrlws.dll
2008-03-08 21:48 . 2008-03-08 17:55 86,016 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-08 21:48 . 2008-03-08 21:48 21,628 --a------ C:\Program Files\antiviirus.exe
2008-03-04 22:51 . 2008-03-04 22:51 <REP> d-------- C:\WINDOWS\system32\Exercices
2008-03-04 22:51 . 2008-03-04 22:51 <REP> d-------- C:\Program Files\Harmony Practice
2008-03-02 20:22 . 2008-03-02 20:22 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-02 08:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 08:43 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-02 08:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-01 15:51 . 2008-03-01 15:51 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-01 15:50 . 2008-03-01 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-12 19:10 . 2008-02-12 19:10 <REP> d-------- C:\Documents and Settings\Carlos\Application Data\Symantec
2008-02-12 19:06 . 2005-09-17 09:20 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-12 19:06 . 2005-09-17 09:20 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-12 19:06 . 2008-02-12 19:06 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-02-11 13:33 . 2008-02-12 19:07 <REP> d-------- C:\Program Files\Symantec
2008-02-11 13:33 . 2008-02-12 19:31 <REP> d-------- C:\Program Files\Norton AntiVirus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 20:35 --------- d-----w C:\Program Files\FlashGet
2008-03-09 08:53 --------- d-----w C:\Program Files\a-squared Free
2008-03-08 14:56 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-07 10:31 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Skype
2008-03-03 16:35 --------- d-----w C:\Program Files\config
2008-03-03 16:33 344 ----a-w C:\Program Files\downloads.txt
2008-03-03 16:33 --------- d-----w C:\Program Files\Temp
2008-03-03 16:33 --------- d-----r C:\Program Files\Incoming
2008-03-03 11:47 570 ----a-w C:\Program Files\downloads.bak
2008-03-02 16:57 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Corel
2008-03-02 16:50 3,662 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-01 14:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-01 14:51 --------- d-----w C:\Program Files\Windows Live
2008-02-29 23:38 --------- d-----w C:\Program Files\World of Warcraft
2008-02-24 19:51 --------- d-----w C:\Program Files\SmartScore
2008-02-15 21:33 --------- d-----w C:\Program Files\webserver
2008-02-12 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-11 14:05 --------- d-----w C:\Program Files\QuickTime
2008-02-11 12:39 728 ----a-w C:\Documents and Settings\Carlos\Emails.dat
2008-02-08 10:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 10:01 --------- d-----w C:\Program Files\VideoLAN
2008-02-04 18:03 --------- d-----w C:\Program Files\eMule
2008-02-01 10:57 --------- d-----w C:\Documents and Settings\Carlos\Application Data\vlc
2008-01-31 22:52 --------- d-----w C:\Program Files\AnalogX
2008-01-29 22:41 --------- d-----w C:\Program Files\Zetafax Server
2008-01-29 22:39 --------- d-----w C:\Program Files\Zetafax
2008-01-26 18:19 --------- d-----w C:\Program Files\Google
2008-01-26 00:15 --------- d-----w C:\Program Files\Fichiers communs\GFI
2008-01-25 23:53 --------- d-----w C:\Program Files\GFI
2008-01-23 23:43 --------- d-----w C:\Program Files\DivX
2008-01-22 10:05 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Uniblue
2008-01-20 19:15 --------- d-----w C:\Program Files\StormII
2008-01-20 15:27 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Annotation Control
2008-01-20 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-20 14:14 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Equisys
2008-01-13 10:51 --------- d-----w C:\Program Files\OkFax
2008-01-12 11:36 --------- d-----w C:\Program Files\ISO Commander
2007-11-02 20:09 10 ----a-w C:\Documents and Settings\Carlos\user.dat
2007-05-13 18:27 744 ----a-w C:\Program Files\Template.Notifier.ini
2007-05-13 14:35 250,259 ----a-w C:\Program Files\changelog.ger.txt
2007-05-13 11:48 277,862 ----a-w C:\Program Files\changelog.txt
2007-05-13 11:30 15,146 ----a-w C:\Program Files\Template.eMuleSkin.ini
2007-04-30 16:47 72,220 ----a-w C:\Program Files\eMule Light.tmpl
2007-03-25 13:24 13,046 ----a-w C:\Program Files\readme.txt
2006-09-27 21:11 62,132 ----a-w C:\Program Files\Uninstall.exe
2006-09-08 16:13 4,997,120 ----a-w C:\Program Files\emule.exe
2006-07-03 11:26 115,247 ----a-w C:\Program Files\eMule.tmpl
2006-05-05 10:31 4,704 ----a-w C:\Program Files\Track 01.bin
2006-05-05 10:28 686,921,728 ----a-w C:\Program Files\CD.ibq
2006-05-05 10:27 42,347 ----a-w C:\Program Files\CD.ibp
2006-03-22 21:12 270,336 ----a-w C:\Program Files\LinkCreator.exe
2005-07-16 09:47 65,622 ----a-w C:\Program Files\AUTORUN.EXE
2005-02-24 07:27 1,118,208 ----a-w C:\Program Files\Movie Clone.exe
2003-07-18 14:40 40,960 ----a-w C:\Program Files\setup.exe
2002-10-08 16:10 18,401 ----a-w C:\Program Files\license-GER.txt
2002-10-08 16:10 14,971 ----a-w C:\Program Files\license.txt
2006-12-13 10:23 88 --sh--r C:\WINDOWS\system32\E158283508.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08C5643D-2E80-4568-BF54-97D32D0A71EB}]
2008-03-08 17:55 221184 --a------ C:\WINDOWS\drnpfdxqpn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1F8880CF-A3A0-4DD3-A757-A21DC5216C4B}"= "C:\WINDOWS\etlrlws.dll" [2008-03-08 17:55 172032]

[HKEY_CLASSES_ROOT\clsid\{1f8880cf-a3a0-4dd3-a757-a21dc5216c4b}]
[HKEY_CLASSES_ROOT\etlrlws.1]
[HKEY_CLASSES_ROOT\TypeLib\{49677AEC-0EF1-4BBA-AB80-FF7B0F1342F8}]
[HKEY_CLASSES_ROOT\etlrlws]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 20:57 15360]
"Outlooker"="C:\Program Files\Common Files\System\gd_bin_ini.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 20:59 208952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-11 17:10 4583424]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-21 20:52 180269]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 15:19 40960]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-08-04 10:00 462336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 20:59 455168]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 18:14 35328]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54 57344]
"DAEMON Tools-2052"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 20:59 455168]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05 122939]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00 267064]
"Microsoft DLL Verifier"="file32.exe" []
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 10:29 2007088]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-17 09:27 52848]
"antiviirus"="C:\Program Files\antiviirus.exe" [2008-03-08 21:48 21628]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft DLL Verifier"="file32.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 20:57 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bokpkov"= {0F63DDF3-7875-4CA9-A093-DCB9CC67569F} - C:\WINDOWS\bokpkov.dll [2008-03-08 17:55 217088]
"altvxvm"= {CCD2C976-3701-48FA-9D7B-7ED605BBD327} - C:\WINDOWS\altvxvm.dll [2008-03-08 17:55 319488]
"ServiceBoot"= {f6763c22-776d-4373-b322-142f36024544} - C:\WINDOWS\Installer\{f6763c22-776d-4373-b322-142f36024544}\ServiceBoot.dll [2008-03-08 21:48 18586]
"zip"= {b1f6810e-d8c8-49a0-b1cb-bc3edb9d7baf} - C:\WINDOWS\Installer\{b1f6810e-d8c8-49a0-b1cb-bc3edb9d7baf}\zip.dll [2008-03-08 21:49 23266]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\orbd.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmid.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmiregistry.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\tnameserv.exe"=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\emule.exe"=
"C:\\Program Files\\JetAudio\\JcServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Carlos\\Bureau\\David\\Dossier\\Wow\\WoW-BurningCrusade-frFR-Installer-downloader.exe"=
"C:\\Python25\\pythonw.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ccosm;Contrl Center of Storm Media;C:\Program Files\StormII\stormliv.exe [2008-01-11 11:41]
R2 IOSLINK;IOSLINK;C:\WINDOWS\system32\drivers\IosLink.sys [1998-11-19 14:55]
S2 drwatson32;drwatson32;"C:\WINDOWS\drwatson32bitss.exe" []
S2 FAXmaker Fax Server;GFI FAXmaker Fax Server;"C:\Program Files\GFI\FAXmaker\fmservic.exe" [2000-11-06 13:14]
S2 FAXmaker MTA Service;GFI FAXmaker Message Transfer Agent;"C:\Program Files\GFI\FAXmaker\fmgwinet.exe" -service []
S3 vcddev;VCD VNC Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vcdvnic.sys [2006-03-09 07:04]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 19:00:27 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Carlos.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-09 15:25:33 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 23:03:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\bokpkov.dll
-> C:\WINDOWS\Installer\{f6763c22-776d-4373-b322-142f36024544}\ServiceBoot.dll
-> C:\WINDOWS\Installer\{b1f6810e-d8c8-49a0-b1cb-bc3edb9d7baf}\zip.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Administrateur\Bureau\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\tmp54750.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\tmp59968.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-09 23:06:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 22:06:22
.
2008-03-02 19:22:34 --- E O F ---
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP