Problème avec un cheval de troie.
Fermé
KumKm33
Messages postés
6
Date d'inscription
samedi 31 mai 2008
Statut
Membre
Dernière intervention
4 juin 2008
-
31 mai 2008 à 12:06
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 - 4 juin 2008 à 13:46
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 - 4 juin 2008 à 13:46
A voir également:
- Problème avec un cheval de troie.
- Cheval de troie virus download - Télécharger - Antivirus & Antimalwares
- Html/scrinject.b cheval de troie ✓ - Forum Virus / Sécurité
- Message cheval de troie ✓ - Forum Virus / Sécurité
- Supprimer cheval de troie windows defender - Forum Virus / Sécurité
- Mail menace cheval de troie ✓ - Forum Vos droits sur internet
4 réponses
ghuysmans99
Messages postés
2495
Date d'inscription
jeudi 14 juillet 2005
Statut
Contributeur
Dernière intervention
5 juin 2016
337
31 mai 2008 à 12:09
31 mai 2008 à 12:09
Passe un peu le HijackThis de ton PC.
Comme ça on saura voir ce qu'il y a comme problèmes.
Comme ça on saura voir ce qu'il y a comme problèmes.
chimay8
Messages postés
7720
Date d'inscription
jeudi 1 mai 2008
Statut
Contributeur sécurité
Dernière intervention
3 janvier 2014
60
31 mai 2008 à 18:40
31 mai 2008 à 18:40
hep,
ta version HiJackThis est obsolète
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
reposte stp,
merci
ta version HiJackThis est obsolète
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
reposte stp,
merci
KumKm33
Messages postés
6
Date d'inscription
samedi 31 mai 2008
Statut
Membre
Dernière intervention
4 juin 2008
1 juin 2008 à 13:26
1 juin 2008 à 13:26
Bonjour, voilà le nouveau résultat :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:49, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [48d482f4] rundll32.exe "C:\WINDOWS\system32\eveaqeyj.dll",b
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:49, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [48d482f4] rundll32.exe "C:\WINDOWS\system32\eveaqeyj.dll",b
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
chimay8
Messages postés
7720
Date d'inscription
jeudi 1 mai 2008
Statut
Contributeur sécurité
Dernière intervention
3 janvier 2014
60
2 juin 2008 à 14:14
2 juin 2008 à 14:14
bonjour,
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
KumKm33
Messages postés
6
Date d'inscription
samedi 31 mai 2008
Statut
Membre
Dernière intervention
4 juin 2008
2 juin 2008 à 15:08
2 juin 2008 à 15:08
Bonjour,
Voici le rapport de combofix :
ComboFix 08-06-01.6 - Kum Kum & Kateberry 2008-06-02 14:41:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\Kum Kum & Kateberry\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bHQtDfhk.ini
C:\WINDOWS\system32\bHQtDfhk.ini2
C:\WINDOWS\system32\jivyexto.ini
C:\WINDOWS\system32\jyeqaeve.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\otxeyvij.dll
C:\WINDOWS\system32\rtnkiqcu.ini
C:\WINDOWS\system32\WHQrCfhk.ini
C:\WINDOWS\system32\WHQrCfhk.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:17 . 2008-06-01 13:17 <REP> d-------- C:\Program Files\Trend Micro
2008-05-31 16:40 . 2008-05-31 16:40 324,864 --------- C:\WINDOWS\system32\khfDtQHb.dll_old
2008-05-31 16:20 . 2008-05-31 16:20 <REP> d-------- C:\Program Files\Avira
2008-05-31 16:20 . 2008-05-31 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-31 14:59 . 2008-06-02 13:38 200 --a------ C:\WINDOWS\wininit.ini
2008-05-30 11:26 . 2008-05-30 11:26 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Meridian93
2008-05-29 16:59 . 2008-05-29 16:59 41,864 --a------ C:\Documents and Settings\Kum Kum & Kateberry\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 15:49 . 2008-06-02 13:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 15:49 . 2008-05-29 15:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-28 12:23 . 2008-05-28 12:23 244 --ah----- C:\sqmnoopt19.sqm
2008-05-28 12:23 . 2008-05-28 12:23 232 --ah----- C:\sqmdata19.sqm
2008-05-28 00:35 . 2008-05-28 00:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 19:01 . 2008-05-25 19:01 244 --ah----- C:\sqmnoopt18.sqm
2008-05-25 19:01 . 2008-05-25 19:01 232 --ah----- C:\sqmdata18.sqm
2008-05-24 18:30 . 2008-05-24 18:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 18:30 . 2008-05-24 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 12:06 . 2008-05-24 12:06 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Grisoft
2008-05-24 12:05 . 2008-05-24 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-24 12:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-24 11:13 . 2008-05-24 11:13 244 --ah----- C:\sqmnoopt17.sqm
2008-05-24 11:13 . 2008-05-24 11:13 232 --ah----- C:\sqmdata17.sqm
2008-05-24 11:10 . 2008-05-24 11:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-24 09:07 . 2008-05-24 09:07 <REP> d-------- C:\Program Files\Lavasoft
2008-05-24 09:07 . 2008-05-24 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 02:27 . 2008-05-31 16:51 <REP> d-------- C:\Program Files\ColorUtility
2008-05-23 11:58 . 2008-05-23 11:58 244 --ah----- C:\sqmnoopt16.sqm
2008-05-23 11:58 . 2008-05-23 11:58 232 --ah----- C:\sqmdata16.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt15.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt14.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt13.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata15.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata14.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata13.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt12.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt11.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt10.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata12.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata11.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata10.sqm
2008-05-23 11:40 . 2008-05-23 11:40 244 --ah----- C:\sqmnoopt09.sqm
2008-05-23 11:40 . 2008-05-23 11:40 232 --ah----- C:\sqmdata09.sqm
2008-05-23 11:39 . 2008-05-23 11:39 244 --ah----- C:\sqmnoopt08.sqm
2008-05-23 11:39 . 2008-05-23 11:39 244 --ah----- C:\sqmnoopt07.sqm
2008-05-23 11:39 . 2008-05-23 11:39 232 --ah----- C:\sqmdata08.sqm
2008-05-23 11:39 . 2008-05-23 11:39 232 --ah----- C:\sqmdata07.sqm
2008-05-23 11:38 . 2008-05-23 11:38 244 --ah----- C:\sqmnoopt06.sqm
2008-05-23 11:38 . 2008-05-23 11:38 244 --ah----- C:\sqmnoopt05.sqm
2008-05-23 11:38 . 2008-05-23 11:38 232 --ah----- C:\sqmdata06.sqm
2008-05-23 11:38 . 2008-05-23 11:38 232 --ah----- C:\sqmdata05.sqm
2008-05-23 11:36 . 2008-05-23 11:36 244 --ah----- C:\sqmnoopt04.sqm
2008-05-23 11:36 . 2008-05-23 11:36 232 --ah----- C:\sqmdata04.sqm
2008-05-22 12:28 . 2008-05-22 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intenium
2008-05-22 12:26 . 2008-06-02 12:51 244 --ah----- C:\sqmnoopt03.sqm
2008-05-22 12:26 . 2008-06-02 12:51 232 --ah----- C:\sqmdata03.sqm
2008-05-20 12:22 . 2008-05-31 15:57 244 --ah----- C:\sqmnoopt02.sqm
2008-05-20 12:22 . 2008-05-31 15:57 232 --ah----- C:\sqmdata02.sqm
2008-05-19 14:22 . 2008-05-31 11:57 244 --ah----- C:\sqmnoopt01.sqm
2008-05-19 14:22 . 2008-05-31 11:57 232 --ah----- C:\sqmdata01.sqm
2008-05-17 09:49 . 2008-05-30 11:23 244 --ah----- C:\sqmnoopt00.sqm
2008-05-17 09:49 . 2008-05-30 11:23 232 --ah----- C:\sqmdata00.sqm
2008-05-16 11:07 . 2008-05-16 11:07 137,344 --a------ C:\WINDOWS\system32\drivers\litsgt.sys
2008-05-16 11:07 . 2008-05-16 11:07 12,032 --a------ C:\WINDOWS\system32\drivers\tansgt.sys
2008-05-16 10:26 . 2008-05-16 10:26 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys
2008-05-15 22:28 . 2008-05-15 22:29 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Super-Cow
2008-05-15 22:27 . 2008-05-15 22:28 <REP> d-------- C:\Program Files\Supercow Deluxe
2008-05-15 17:18 . 2008-06-01 13:21 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-14 17:40 . 2008-05-14 17:40 <REP> d-------- C:\Program Files\Alcohol Soft
2008-05-14 17:25 . 2008-05-14 17:25 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-14 15:51 . 2008-05-14 15:51 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-13 11:32 . 2006-11-10 10:55 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Fbus.sys
2008-05-13 11:32 . 2006-11-10 10:55 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Fwhnt.sys
2008-05-13 11:32 . 2006-11-10 10:55 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Fwh.sys
2008-05-10 11:58 . 2008-05-31 14:04 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\LimeWire
2008-05-09 11:08 . 2008-05-09 11:08 <REP> d-------- C:\Program Files\Chicken Invaders 2
2008-05-09 10:33 . 2008-05-09 10:33 <REP> d-------- C:\WINDOWS\HDF8
2008-05-09 10:31 . 2008-05-09 10:31 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\WINDOWS
2008-05-09 10:30 . 1995-12-08 15:42 33 --------- C:\WINDOWS\AMT.INI
2008-05-09 10:23 . 2008-05-09 10:24 24 ---hs---- C:\WINDOWS\SC225D99D.tmp
2008-05-09 10:22 . 2008-05-09 10:22 <REP> d-------- C:\Program Files\SlySoft
2008-05-09 10:09 . 2008-05-09 10:09 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Encyclopedie Hachette
2008-05-09 09:54 . 2008-05-09 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-09 09:52 . 2008-05-09 09:52 <REP> d-------- C:\Program Files\Hachette
2008-05-08 17:57 . 2008-05-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-07 16:07 . 2008-05-07 16:08 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Mysteryville2
2008-05-07 13:12 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Mysteryville 2
2008-05-07 12:50 . 2008-05-07 12:50 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-05-07 07:15 . <REP> C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-05-06 11:38 . 2008-05-06 11:38 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-05-06 11:38 . 2008-05-06 11:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-05-05 16:09 . 2008-05-30 11:23 <REP> d-------- C:\Program Files\BoontyGames
2008-05-05 16:09 . 2008-05-10 12:33 <REP> d-------- C:\Program Files\Boonty
2008-05-05 15:00 . 2008-05-05 15:00 <REP> d-------- C:\WINDOWS\Sun
2008-05-05 15:00 . 2008-05-05 15:00 <REP> d-------- C:\Program Files\Java
2008-05-05 15:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 14:59 . 2008-05-05 14:59 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-05 10:57 . 2008-05-05 10:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-05 10:50 . 2008-05-05 10:55 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\GrabIt
2008-05-02 19:48 . 2002-03-15 22:37 196,608 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-02 19:48 . 2002-04-10 23:00 167,936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-02 19:48 . 2002-02-15 20:26 106,496 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-02 19:48 . 2002-03-15 22:37 81,920 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-02 19:48 . 2002-02-15 20:26 73,728 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-02 19:48 . 2002-02-15 20:26 69,632 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-02 19:48 . 2002-02-15 20:26 50,960 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-05-02 19:48 . 2002-03-21 19:37 16,112 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-02 19:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-02 19:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-02 19:47 . 2002-03-08 12:49 22,512 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-02 19:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-02 19:46 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-02 19:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-02 19:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-02 19:42 . 2008-05-02 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-02 19:40 . 2008-05-02 19:40 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-02 19:40 . 2008-05-02 19:40 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-05-02 19:38 . 2002-06-27 08:20 27,875 --------- C:\WINDOWS\hpoins01.dat
2008-05-02 19:38 . 2002-04-25 17:40 7,765 --------- C:\WINDOWS\hpomdl01.dat
2008-05-02 19:27 . 2008-05-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Fellowes
2008-05-02 19:24 . 2008-05-02 19:25 <REP> d-------- C:\Program Files\Pinnacle
2008-05-02 19:24 . 2008-05-02 19:24 1,816,779 --a------ C:\WINDOWS\Recorder.reg
2008-05-02 19:24 . 2008-05-02 19:24 2,423 --a------ C:\WINDOWS\NewRecorder.reg
2008-05-02 19:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-02 19:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-02 19:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-02 19:12 . 2008-05-02 19:12 <REP> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 09:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 09:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-07 05:15 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Dossier de téléchargement Share-to-Web
2008-05-03 12:56 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Apple Computer
2008-05-02 13:37 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Pirateville
2008-05-02 13:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-02 13:35 --------- d-----w C:\Program Files\Micro Application
2008-05-02 13:27 --------- d-----w C:\Program Files\7-Zip
2008-05-02 13:23 --------- d-----w C:\Program Files\QuickTime
2008-05-02 13:23 --------- d-----w C:\Program Files\iTunes
2008-05-02 13:23 --------- d-----w C:\Program Files\iPod
2008-05-02 13:23 --------- d-----w C:\Program Files\Bonjour
2008-05-02 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-02 13:21 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-05-02 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-02 13:18 --------- d-----w C:\Program Files\Audacity
2008-05-02 13:13 --------- d-----w C:\Program Files\CCleaner
2008-05-02 13:10 --------- d-----w C:\Program Files\VideoLAN
2008-05-02 13:08 --------- d-----w C:\Program Files\CursorXP
2008-05-02 13:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-02 12:05 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-05-02 11:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-02 11:44 --------- d-----w C:\Program Files\Services en ligne
2008-05-02 11:40 --------- d-----w C:\Program Files\Windows Plus
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2008-05-02 14:05 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5801A04D-C7CB-4F09-8DB2-D2A289FE9A54}]
C:\WINDOWS\system32\khfDtQHb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}]
C:\WINDOWS\system32\jkkIBUOF.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34 128000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 15:49 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}"= C:\WINDOWS\system32\jkkIBUOF.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIBUOF]
jkkIBUOF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\mcm2.exe"=
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2008-05-16 11:07]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2008-05-16 11:07]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-05-16 10:26]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-05-06 11:38]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 10:55]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-20 09:25:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-02 17:49:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1209750513.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 14:47:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 14:54:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 12:54:36
Pre-Run: 50,192,674,816 octets libres
Post-Run: 50,152,464,384 octets libres
270 --- E O F --- 2008-05-28 15:26:46
Voici le nouveau rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:09, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5801A04D-C7CB-4F09-8DB2-D2A289FE9A54} - C:\WINDOWS\system32\khfDtQHb.dll (file missing)
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - C:\WINDOWS\system32\jkkIBUOF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: jkkIBUOF - jkkIBUOF.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Voici le rapport de combofix :
ComboFix 08-06-01.6 - Kum Kum & Kateberry 2008-06-02 14:41:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\Kum Kum & Kateberry\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bHQtDfhk.ini
C:\WINDOWS\system32\bHQtDfhk.ini2
C:\WINDOWS\system32\jivyexto.ini
C:\WINDOWS\system32\jyeqaeve.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\otxeyvij.dll
C:\WINDOWS\system32\rtnkiqcu.ini
C:\WINDOWS\system32\WHQrCfhk.ini
C:\WINDOWS\system32\WHQrCfhk.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:17 . 2008-06-01 13:17 <REP> d-------- C:\Program Files\Trend Micro
2008-05-31 16:40 . 2008-05-31 16:40 324,864 --------- C:\WINDOWS\system32\khfDtQHb.dll_old
2008-05-31 16:20 . 2008-05-31 16:20 <REP> d-------- C:\Program Files\Avira
2008-05-31 16:20 . 2008-05-31 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-31 14:59 . 2008-06-02 13:38 200 --a------ C:\WINDOWS\wininit.ini
2008-05-30 11:26 . 2008-05-30 11:26 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Meridian93
2008-05-29 16:59 . 2008-05-29 16:59 41,864 --a------ C:\Documents and Settings\Kum Kum & Kateberry\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 15:49 . 2008-06-02 13:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 15:49 . 2008-05-29 15:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-28 12:23 . 2008-05-28 12:23 244 --ah----- C:\sqmnoopt19.sqm
2008-05-28 12:23 . 2008-05-28 12:23 232 --ah----- C:\sqmdata19.sqm
2008-05-28 00:35 . 2008-05-28 00:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 19:01 . 2008-05-25 19:01 244 --ah----- C:\sqmnoopt18.sqm
2008-05-25 19:01 . 2008-05-25 19:01 232 --ah----- C:\sqmdata18.sqm
2008-05-24 18:30 . 2008-05-24 18:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 18:30 . 2008-05-24 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 12:06 . 2008-05-24 12:06 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Grisoft
2008-05-24 12:05 . 2008-05-24 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-24 12:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-24 11:13 . 2008-05-24 11:13 244 --ah----- C:\sqmnoopt17.sqm
2008-05-24 11:13 . 2008-05-24 11:13 232 --ah----- C:\sqmdata17.sqm
2008-05-24 11:10 . 2008-05-24 11:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-24 09:07 . 2008-05-24 09:07 <REP> d-------- C:\Program Files\Lavasoft
2008-05-24 09:07 . 2008-05-24 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 02:27 . 2008-05-31 16:51 <REP> d-------- C:\Program Files\ColorUtility
2008-05-23 11:58 . 2008-05-23 11:58 244 --ah----- C:\sqmnoopt16.sqm
2008-05-23 11:58 . 2008-05-23 11:58 232 --ah----- C:\sqmdata16.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt15.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt14.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt13.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata15.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata14.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata13.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt12.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt11.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt10.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata12.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata11.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata10.sqm
2008-05-23 11:40 . 2008-05-23 11:40 244 --ah----- C:\sqmnoopt09.sqm
2008-05-23 11:40 . 2008-05-23 11:40 232 --ah----- C:\sqmdata09.sqm
2008-05-23 11:39 . 2008-05-23 11:39 244 --ah----- C:\sqmnoopt08.sqm
2008-05-23 11:39 . 2008-05-23 11:39 244 --ah----- C:\sqmnoopt07.sqm
2008-05-23 11:39 . 2008-05-23 11:39 232 --ah----- C:\sqmdata08.sqm
2008-05-23 11:39 . 2008-05-23 11:39 232 --ah----- C:\sqmdata07.sqm
2008-05-23 11:38 . 2008-05-23 11:38 244 --ah----- C:\sqmnoopt06.sqm
2008-05-23 11:38 . 2008-05-23 11:38 244 --ah----- C:\sqmnoopt05.sqm
2008-05-23 11:38 . 2008-05-23 11:38 232 --ah----- C:\sqmdata06.sqm
2008-05-23 11:38 . 2008-05-23 11:38 232 --ah----- C:\sqmdata05.sqm
2008-05-23 11:36 . 2008-05-23 11:36 244 --ah----- C:\sqmnoopt04.sqm
2008-05-23 11:36 . 2008-05-23 11:36 232 --ah----- C:\sqmdata04.sqm
2008-05-22 12:28 . 2008-05-22 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intenium
2008-05-22 12:26 . 2008-06-02 12:51 244 --ah----- C:\sqmnoopt03.sqm
2008-05-22 12:26 . 2008-06-02 12:51 232 --ah----- C:\sqmdata03.sqm
2008-05-20 12:22 . 2008-05-31 15:57 244 --ah----- C:\sqmnoopt02.sqm
2008-05-20 12:22 . 2008-05-31 15:57 232 --ah----- C:\sqmdata02.sqm
2008-05-19 14:22 . 2008-05-31 11:57 244 --ah----- C:\sqmnoopt01.sqm
2008-05-19 14:22 . 2008-05-31 11:57 232 --ah----- C:\sqmdata01.sqm
2008-05-17 09:49 . 2008-05-30 11:23 244 --ah----- C:\sqmnoopt00.sqm
2008-05-17 09:49 . 2008-05-30 11:23 232 --ah----- C:\sqmdata00.sqm
2008-05-16 11:07 . 2008-05-16 11:07 137,344 --a------ C:\WINDOWS\system32\drivers\litsgt.sys
2008-05-16 11:07 . 2008-05-16 11:07 12,032 --a------ C:\WINDOWS\system32\drivers\tansgt.sys
2008-05-16 10:26 . 2008-05-16 10:26 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys
2008-05-15 22:28 . 2008-05-15 22:29 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Super-Cow
2008-05-15 22:27 . 2008-05-15 22:28 <REP> d-------- C:\Program Files\Supercow Deluxe
2008-05-15 17:18 . 2008-06-01 13:21 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-14 17:40 . 2008-05-14 17:40 <REP> d-------- C:\Program Files\Alcohol Soft
2008-05-14 17:25 . 2008-05-14 17:25 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-14 15:51 . 2008-05-14 15:51 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-13 11:32 . 2006-11-10 10:55 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Fbus.sys
2008-05-13 11:32 . 2006-11-10 10:55 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Fwhnt.sys
2008-05-13 11:32 . 2006-11-10 10:55 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Fwh.sys
2008-05-10 11:58 . 2008-05-31 14:04 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\LimeWire
2008-05-09 11:08 . 2008-05-09 11:08 <REP> d-------- C:\Program Files\Chicken Invaders 2
2008-05-09 10:33 . 2008-05-09 10:33 <REP> d-------- C:\WINDOWS\HDF8
2008-05-09 10:31 . 2008-05-09 10:31 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\WINDOWS
2008-05-09 10:30 . 1995-12-08 15:42 33 --------- C:\WINDOWS\AMT.INI
2008-05-09 10:23 . 2008-05-09 10:24 24 ---hs---- C:\WINDOWS\SC225D99D.tmp
2008-05-09 10:22 . 2008-05-09 10:22 <REP> d-------- C:\Program Files\SlySoft
2008-05-09 10:09 . 2008-05-09 10:09 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Encyclopedie Hachette
2008-05-09 09:54 . 2008-05-09 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-09 09:52 . 2008-05-09 09:52 <REP> d-------- C:\Program Files\Hachette
2008-05-08 17:57 . 2008-05-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-07 16:07 . 2008-05-07 16:08 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Mysteryville2
2008-05-07 13:12 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Mysteryville 2
2008-05-07 12:50 . 2008-05-07 12:50 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-05-07 07:15 . <REP> C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-05-06 11:38 . 2008-05-06 11:38 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-05-06 11:38 . 2008-05-06 11:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-05-05 16:09 . 2008-05-30 11:23 <REP> d-------- C:\Program Files\BoontyGames
2008-05-05 16:09 . 2008-05-10 12:33 <REP> d-------- C:\Program Files\Boonty
2008-05-05 15:00 . 2008-05-05 15:00 <REP> d-------- C:\WINDOWS\Sun
2008-05-05 15:00 . 2008-05-05 15:00 <REP> d-------- C:\Program Files\Java
2008-05-05 15:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 14:59 . 2008-05-05 14:59 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-05 10:57 . 2008-05-05 10:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-05 10:50 . 2008-05-05 10:55 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\GrabIt
2008-05-02 19:48 . 2002-03-15 22:37 196,608 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-02 19:48 . 2002-04-10 23:00 167,936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-02 19:48 . 2002-02-15 20:26 106,496 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-02 19:48 . 2002-03-15 22:37 81,920 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-02 19:48 . 2002-02-15 20:26 73,728 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-02 19:48 . 2002-02-15 20:26 69,632 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-02 19:48 . 2002-02-15 20:26 50,960 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-05-02 19:48 . 2002-03-21 19:37 16,112 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-02 19:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-02 19:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-02 19:47 . 2002-03-08 12:49 22,512 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-02 19:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-02 19:46 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-02 19:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-02 19:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-02 19:42 . 2008-05-02 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-02 19:40 . 2008-05-02 19:40 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-02 19:40 . 2008-05-02 19:40 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-05-02 19:38 . 2002-06-27 08:20 27,875 --------- C:\WINDOWS\hpoins01.dat
2008-05-02 19:38 . 2002-04-25 17:40 7,765 --------- C:\WINDOWS\hpomdl01.dat
2008-05-02 19:27 . 2008-05-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Fellowes
2008-05-02 19:24 . 2008-05-02 19:25 <REP> d-------- C:\Program Files\Pinnacle
2008-05-02 19:24 . 2008-05-02 19:24 1,816,779 --a------ C:\WINDOWS\Recorder.reg
2008-05-02 19:24 . 2008-05-02 19:24 2,423 --a------ C:\WINDOWS\NewRecorder.reg
2008-05-02 19:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-02 19:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-02 19:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-02 19:12 . 2008-05-02 19:12 <REP> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 09:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 09:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-07 05:15 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Dossier de téléchargement Share-to-Web
2008-05-03 12:56 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Apple Computer
2008-05-02 13:37 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Pirateville
2008-05-02 13:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-02 13:35 --------- d-----w C:\Program Files\Micro Application
2008-05-02 13:27 --------- d-----w C:\Program Files\7-Zip
2008-05-02 13:23 --------- d-----w C:\Program Files\QuickTime
2008-05-02 13:23 --------- d-----w C:\Program Files\iTunes
2008-05-02 13:23 --------- d-----w C:\Program Files\iPod
2008-05-02 13:23 --------- d-----w C:\Program Files\Bonjour
2008-05-02 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-02 13:21 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-05-02 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-02 13:18 --------- d-----w C:\Program Files\Audacity
2008-05-02 13:13 --------- d-----w C:\Program Files\CCleaner
2008-05-02 13:10 --------- d-----w C:\Program Files\VideoLAN
2008-05-02 13:08 --------- d-----w C:\Program Files\CursorXP
2008-05-02 13:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-02 12:05 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-05-02 11:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-02 11:44 --------- d-----w C:\Program Files\Services en ligne
2008-05-02 11:40 --------- d-----w C:\Program Files\Windows Plus
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2008-05-02 14:05 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5801A04D-C7CB-4F09-8DB2-D2A289FE9A54}]
C:\WINDOWS\system32\khfDtQHb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}]
C:\WINDOWS\system32\jkkIBUOF.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34 128000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 15:49 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}"= C:\WINDOWS\system32\jkkIBUOF.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIBUOF]
jkkIBUOF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\mcm2.exe"=
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2008-05-16 11:07]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2008-05-16 11:07]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-05-16 10:26]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-05-06 11:38]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 10:55]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-20 09:25:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-02 17:49:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1209750513.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 14:47:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 14:54:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 12:54:36
Pre-Run: 50,192,674,816 octets libres
Post-Run: 50,152,464,384 octets libres
270 --- E O F --- 2008-05-28 15:26:46
Voici le nouveau rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:09, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5801A04D-C7CB-4F09-8DB2-D2A289FE9A54} - C:\WINDOWS\system32\khfDtQHb.dll (file missing)
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - C:\WINDOWS\system32\jkkIBUOF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: jkkIBUOF - jkkIBUOF.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
chimay8
Messages postés
7720
Date d'inscription
jeudi 1 mai 2008
Statut
Contributeur sécurité
Dernière intervention
3 janvier 2014
60
>
KumKm33
Messages postés
6
Date d'inscription
samedi 31 mai 2008
Statut
Membre
Dernière intervention
4 juin 2008
2 juin 2008 à 15:25
2 juin 2008 à 15:25
relance HiJackThis et fixe ces lignes;
C:\Program Files\Bonjour\mDNSResponder.exe
O2 - BHO: (no name) - {5801A04D-C7CB-4F09-8DB2-D2A289FE9A54} - C:\WINDOWS\system32\khfDtQHb.dll (file missing)
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - C:\WINDOWS\system32\jkkIBUOF.dll (file missing)
O20 - Winlogon Notify: jkkIBUOF - jkkIBUOF.dll (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
telecharge ccleaner
un bon gros nettoyage
puis dit moi comment le PC tourne?
C:\Program Files\Bonjour\mDNSResponder.exe
O2 - BHO: (no name) - {5801A04D-C7CB-4F09-8DB2-D2A289FE9A54} - C:\WINDOWS\system32\khfDtQHb.dll (file missing)
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - C:\WINDOWS\system32\jkkIBUOF.dll (file missing)
O20 - Winlogon Notify: jkkIBUOF - jkkIBUOF.dll (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
telecharge ccleaner
un bon gros nettoyage
puis dit moi comment le PC tourne?
KumKm33
Messages postés
6
Date d'inscription
samedi 31 mai 2008
Statut
Membre
Dernière intervention
4 juin 2008
>
chimay8
Messages postés
7720
Date d'inscription
jeudi 1 mai 2008
Statut
Contributeur sécurité
Dernière intervention
3 janvier 2014
3 juin 2008 à 11:17
3 juin 2008 à 11:17
Bonjour,
c'est super merci merci beaucoup, mon pc a l'air de trés bien tourner plus de problèmes.
ça m'apprendra à faire l'idiot sur internet.
En tous cas c'est trés gentil de m'avoir aider.
Bonne journée.
c'est super merci merci beaucoup, mon pc a l'air de trés bien tourner plus de problèmes.
ça m'apprendra à faire l'idiot sur internet.
En tous cas c'est trés gentil de m'avoir aider.
Bonne journée.
chimay8
Messages postés
7720
Date d'inscription
jeudi 1 mai 2008
Statut
Contributeur sécurité
Dernière intervention
3 janvier 2014
60
3 juin 2008 à 14:13
3 juin 2008 à 14:13
ok
dernier p'tit truc coche le post comme résolu
merci
@+
dernier p'tit truc coche le post comme résolu
merci
@+
KumKm33
Messages postés
6
Date d'inscription
samedi 31 mai 2008
Statut
Membre
Dernière intervention
4 juin 2008
4 juin 2008 à 12:42
4 juin 2008 à 12:42
Bonjour, c'est quoi "coche le post comme résolu" que dois-je faire ?
chimay8
Messages postés
7720
Date d'inscription
jeudi 1 mai 2008
Statut
Contributeur sécurité
Dernière intervention
3 janvier 2014
60
>
KumKm33
Messages postés
6
Date d'inscription
samedi 31 mai 2008
Statut
Membre
Dernière intervention
4 juin 2008
4 juin 2008 à 13:46
4 juin 2008 à 13:46
c'est rien, pas grave,
cela aurait mit l'icone de ton post(pour te désinfecté) en vert(qui veut dire que ton problème est résolu) dans le forum
@+
cela aurait mit l'icone de ton post(pour te désinfecté) en vert(qui veut dire que ton problème est résolu) dans le forum
@+
31 mai 2008 à 18:22
Voici le log généré par hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:19:57, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Kum Kum & Kateberry\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [48d482f4] rundll32.exe "C:\WINDOWS\system32\eveaqeyj.dll",b
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\KUMKUM~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2824] command /c del "C:\WINDOWS\gnowmebk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7311] cmd /c del "C:\WINDOWS\gnowmebk.dll_old"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe