Problème avec un cheval de troie.
KumKm33
Messages postés
6
Statut
Membre
-
chimay8 Messages postés 7947 Statut Contributeur sécurité -
chimay8 Messages postés 7947 Statut Contributeur sécurité -
Bonjour,
Il y a 1 semaine je me suis amusé avec un pote à aller sur des sites X, bien malin que je suis, j'ai infecté mon pc.
J'ai donc fait une analyse avec mon anti virus (avast) ainsi que des analyses avec spybot et avg. Ils m'ont trouvé des spyware et autres vilaines choses que j'ai automatiquement mis en quarantaine comme ils me le proposés. Quant à Avast il m'a trouvé des trojan que j'ai mis en quarantaine également. Seulement, malgré des scans au démarrage et des analyses, j'ai toujours une fenêtre d'avast qui apparaît m'annonçant que j'ai un cheval de troie.
Je ne sais plus quoi faire et surtout que maintenant mon pc à des réactions étranges.
Pouvez vous m'aider ? Merci merci beaucoup.
Il y a 1 semaine je me suis amusé avec un pote à aller sur des sites X, bien malin que je suis, j'ai infecté mon pc.
J'ai donc fait une analyse avec mon anti virus (avast) ainsi que des analyses avec spybot et avg. Ils m'ont trouvé des spyware et autres vilaines choses que j'ai automatiquement mis en quarantaine comme ils me le proposés. Quant à Avast il m'a trouvé des trojan que j'ai mis en quarantaine également. Seulement, malgré des scans au démarrage et des analyses, j'ai toujours une fenêtre d'avast qui apparaît m'annonçant que j'ai un cheval de troie.
Je ne sais plus quoi faire et surtout que maintenant mon pc à des réactions étranges.
Pouvez vous m'aider ? Merci merci beaucoup.
A voir également:
- Problème avec un cheval de troie.
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Qu'est ce que le cheval au poker - Forum Virus
- Retrouver son cheval skyrim - Forum Jeux PC
4 réponses
hep,
ta version HiJackThis est obsolète
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
reposte stp,
merci
ta version HiJackThis est obsolète
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
reposte stp,
merci
Bonjour, voilà le nouveau résultat :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:49, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [48d482f4] rundll32.exe "C:\WINDOWS\system32\eveaqeyj.dll",b
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:49, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [48d482f4] rundll32.exe "C:\WINDOWS\system32\eveaqeyj.dll",b
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
bonjour,
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
Bonjour,
Voici le rapport de combofix :
ComboFix 08-06-01.6 - Kum Kum & Kateberry 2008-06-02 14:41:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\Kum Kum & Kateberry\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bHQtDfhk.ini
C:\WINDOWS\system32\bHQtDfhk.ini2
C:\WINDOWS\system32\jivyexto.ini
C:\WINDOWS\system32\jyeqaeve.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\otxeyvij.dll
C:\WINDOWS\system32\rtnkiqcu.ini
C:\WINDOWS\system32\WHQrCfhk.ini
C:\WINDOWS\system32\WHQrCfhk.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:17 . 2008-06-01 13:17 <REP> d-------- C:\Program Files\Trend Micro
2008-05-31 16:40 . 2008-05-31 16:40 324,864 --------- C:\WINDOWS\system32\khfDtQHb.dll_old
2008-05-31 16:20 . 2008-05-31 16:20 <REP> d-------- C:\Program Files\Avira
2008-05-31 16:20 . 2008-05-31 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-31 14:59 . 2008-06-02 13:38 200 --a------ C:\WINDOWS\wininit.ini
2008-05-30 11:26 . 2008-05-30 11:26 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Meridian93
2008-05-29 16:59 . 2008-05-29 16:59 41,864 --a------ C:\Documents and Settings\Kum Kum & Kateberry\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 15:49 . 2008-06-02 13:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 15:49 . 2008-05-29 15:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-28 12:23 . 2008-05-28 12:23 244 --ah----- C:\sqmnoopt19.sqm
2008-05-28 12:23 . 2008-05-28 12:23 232 --ah----- C:\sqmdata19.sqm
2008-05-28 00:35 . 2008-05-28 00:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 19:01 . 2008-05-25 19:01 244 --ah----- C:\sqmnoopt18.sqm
2008-05-25 19:01 . 2008-05-25 19:01 232 --ah----- C:\sqmdata18.sqm
2008-05-24 18:30 . 2008-05-24 18:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 18:30 . 2008-05-24 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 12:06 . 2008-05-24 12:06 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Grisoft
2008-05-24 12:05 . 2008-05-24 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-24 12:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-24 11:13 . 2008-05-24 11:13 244 --ah----- C:\sqmnoopt17.sqm
2008-05-24 11:13 . 2008-05-24 11:13 232 --ah----- C:\sqmdata17.sqm
2008-05-24 11:10 . 2008-05-24 11:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-24 09:07 . 2008-05-24 09:07 <REP> d-------- C:\Program Files\Lavasoft
2008-05-24 09:07 . 2008-05-24 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 02:27 . 2008-05-31 16:51 <REP> d-------- C:\Program Files\ColorUtility
2008-05-23 11:58 . 2008-05-23 11:58 244 --ah----- C:\sqmnoopt16.sqm
2008-05-23 11:58 . 2008-05-23 11:58 232 --ah----- C:\sqmdata16.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt15.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt14.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt13.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata15.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata14.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata13.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt12.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt11.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt10.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata12.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata11.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata10.sqm
2008-05-23 11:40 . 2008-05-23 11:40 244 --ah----- C:\sqmnoopt09.sqm
2008-05-23 11:40 . 2008-05-23 11:40 232 --ah----- C:\sqmdata09.sqm
2008-05-23 11:39 . 2008-05-23 11:39 244 --ah----- C:\sqmnoopt08.sqm
2008-05-23 11:39 . 2008-05-23 11:39 244 --ah----- C:\sqmnoopt07.sqm
2008-05-23 11:39 . 2008-05-23 11:39 232 --ah----- C:\sqmdata08.sqm
2008-05-23 11:39 . 2008-05-23 11:39 232 --ah----- C:\sqmdata07.sqm
2008-05-23 11:38 . 2008-05-23 11:38 244 --ah----- C:\sqmnoopt06.sqm
2008-05-23 11:38 . 2008-05-23 11:38 244 --ah----- C:\sqmnoopt05.sqm
2008-05-23 11:38 . 2008-05-23 11:38 232 --ah----- C:\sqmdata06.sqm
2008-05-23 11:38 . 2008-05-23 11:38 232 --ah----- C:\sqmdata05.sqm
2008-05-23 11:36 . 2008-05-23 11:36 244 --ah----- C:\sqmnoopt04.sqm
2008-05-23 11:36 . 2008-05-23 11:36 232 --ah----- C:\sqmdata04.sqm
2008-05-22 12:28 . 2008-05-22 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intenium
2008-05-22 12:26 . 2008-06-02 12:51 244 --ah----- C:\sqmnoopt03.sqm
2008-05-22 12:26 . 2008-06-02 12:51 232 --ah----- C:\sqmdata03.sqm
2008-05-20 12:22 . 2008-05-31 15:57 244 --ah----- C:\sqmnoopt02.sqm
2008-05-20 12:22 . 2008-05-31 15:57 232 --ah----- C:\sqmdata02.sqm
2008-05-19 14:22 . 2008-05-31 11:57 244 --ah----- C:\sqmnoopt01.sqm
2008-05-19 14:22 . 2008-05-31 11:57 232 --ah----- C:\sqmdata01.sqm
2008-05-17 09:49 . 2008-05-30 11:23 244 --ah----- C:\sqmnoopt00.sqm
2008-05-17 09:49 . 2008-05-30 11:23 232 --ah----- C:\sqmdata00.sqm
2008-05-16 11:07 . 2008-05-16 11:07 137,344 --a------ C:\WINDOWS\system32\drivers\litsgt.sys
2008-05-16 11:07 . 2008-05-16 11:07 12,032 --a------ C:\WINDOWS\system32\drivers\tansgt.sys
2008-05-16 10:26 . 2008-05-16 10:26 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys
2008-05-15 22:28 . 2008-05-15 22:29 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Super-Cow
2008-05-15 22:27 . 2008-05-15 22:28 <REP> d-------- C:\Program Files\Supercow Deluxe
2008-05-15 17:18 . 2008-06-01 13:21 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-14 17:40 . 2008-05-14 17:40 <REP> d-------- C:\Program Files\Alcohol Soft
2008-05-14 17:25 . 2008-05-14 17:25 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-14 15:51 . 2008-05-14 15:51 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-13 11:32 . 2006-11-10 10:55 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Fbus.sys
2008-05-13 11:32 . 2006-11-10 10:55 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Fwhnt.sys
2008-05-13 11:32 . 2006-11-10 10:55 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Fwh.sys
2008-05-10 11:58 . 2008-05-31 14:04 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\LimeWire
2008-05-09 11:08 . 2008-05-09 11:08 <REP> d-------- C:\Program Files\Chicken Invaders 2
2008-05-09 10:33 . 2008-05-09 10:33 <REP> d-------- C:\WINDOWS\HDF8
2008-05-09 10:31 . 2008-05-09 10:31 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\WINDOWS
2008-05-09 10:30 . 1995-12-08 15:42 33 --------- C:\WINDOWS\AMT.INI
2008-05-09 10:23 . 2008-05-09 10:24 24 ---hs---- C:\WINDOWS\SC225D99D.tmp
2008-05-09 10:22 . 2008-05-09 10:22 <REP> d-------- C:\Program Files\SlySoft
2008-05-09 10:09 . 2008-05-09 10:09 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Encyclopedie Hachette
2008-05-09 09:54 . 2008-05-09 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-09 09:52 . 2008-05-09 09:52 <REP> d-------- C:\Program Files\Hachette
2008-05-08 17:57 . 2008-05-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-07 16:07 . 2008-05-07 16:08 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Mysteryville2
2008-05-07 13:12 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Mysteryville 2
2008-05-07 12:50 . 2008-05-07 12:50 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-05-07 07:15 . <REP> C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-05-06 11:38 . 2008-05-06 11:38 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-05-06 11:38 . 2008-05-06 11:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-05-05 16:09 . 2008-05-30 11:23 <REP> d-------- C:\Program Files\BoontyGames
2008-05-05 16:09 . 2008-05-10 12:33 <REP> d-------- C:\Program Files\Boonty
2008-05-05 15:00 . 2008-05-05 15:00 <REP> d-------- C:\WINDOWS\Sun
2008-05-05 15:00 . 2008-05-05 15:00 <REP> d-------- C:\Program Files\Java
2008-05-05 15:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 14:59 . 2008-05-05 14:59 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-05 10:57 . 2008-05-05 10:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-05 10:50 . 2008-05-05 10:55 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\GrabIt
2008-05-02 19:48 . 2002-03-15 22:37 196,608 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-02 19:48 . 2002-04-10 23:00 167,936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-02 19:48 . 2002-02-15 20:26 106,496 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-02 19:48 . 2002-03-15 22:37 81,920 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-02 19:48 . 2002-02-15 20:26 73,728 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-02 19:48 . 2002-02-15 20:26 69,632 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-02 19:48 . 2002-02-15 20:26 50,960 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-05-02 19:48 . 2002-03-21 19:37 16,112 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-02 19:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-02 19:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-02 19:47 . 2002-03-08 12:49 22,512 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-02 19:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-02 19:46 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-02 19:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-02 19:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-02 19:42 . 2008-05-02 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-02 19:40 . 2008-05-02 19:40 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-02 19:40 . 2008-05-02 19:40 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-05-02 19:38 . 2002-06-27 08:20 27,875 --------- C:\WINDOWS\hpoins01.dat
2008-05-02 19:38 . 2002-04-25 17:40 7,765 --------- C:\WINDOWS\hpomdl01.dat
2008-05-02 19:27 . 2008-05-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Fellowes
2008-05-02 19:24 . 2008-05-02 19:25 <REP> d-------- C:\Program Files\Pinnacle
2008-05-02 19:24 . 2008-05-02 19:24 1,816,779 --a------ C:\WINDOWS\Recorder.reg
2008-05-02 19:24 . 2008-05-02 19:24 2,423 --a------ C:\WINDOWS\NewRecorder.reg
2008-05-02 19:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-02 19:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-02 19:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-02 19:12 . 2008-05-02 19:12 <REP> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 09:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 09:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-07 05:15 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Dossier de téléchargement Share-to-Web
2008-05-03 12:56 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Apple Computer
2008-05-02 13:37 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Pirateville
2008-05-02 13:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-02 13:35 --------- d-----w C:\Program Files\Micro Application
2008-05-02 13:27 --------- d-----w C:\Program Files\7-Zip
2008-05-02 13:23 --------- d-----w C:\Program Files\QuickTime
2008-05-02 13:23 --------- d-----w C:\Program Files\iTunes
2008-05-02 13:23 --------- d-----w C:\Program Files\iPod
2008-05-02 13:23 --------- d-----w C:\Program Files\Bonjour
2008-05-02 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-02 13:21 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-05-02 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-02 13:18 --------- d-----w C:\Program Files\Audacity
2008-05-02 13:13 --------- d-----w C:\Program Files\CCleaner
2008-05-02 13:10 --------- d-----w C:\Program Files\VideoLAN
2008-05-02 13:08 --------- d-----w C:\Program Files\CursorXP
2008-05-02 13:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-02 12:05 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-05-02 11:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-02 11:44 --------- d-----w C:\Program Files\Services en ligne
2008-05-02 11:40 --------- d-----w C:\Program Files\Windows Plus
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2008-05-02 14:05 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5801A04D-C7CB-4F09-8DB2-D2A289FE9A54}]
C:\WINDOWS\system32\khfDtQHb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}]
C:\WINDOWS\system32\jkkIBUOF.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34 128000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 15:49 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}"= C:\WINDOWS\system32\jkkIBUOF.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIBUOF]
jkkIBUOF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\mcm2.exe"=
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2008-05-16 11:07]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2008-05-16 11:07]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-05-16 10:26]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-05-06 11:38]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 10:55]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-20 09:25:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-02 17:49:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1209750513.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 14:47:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 14:54:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 12:54:36
Pre-Run: 50,192,674,816 octets libres
Post-Run: 50,152,464,384 octets libres
270 --- E O F --- 2008-05-28 15:26:46
Voici le nouveau rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:09, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5801A04D-C7CB-4F09-8DB2-D2A289FE9A54} - C:\WINDOWS\system32\khfDtQHb.dll (file missing)
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - C:\WINDOWS\system32\jkkIBUOF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: jkkIBUOF - jkkIBUOF.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Voici le rapport de combofix :
ComboFix 08-06-01.6 - Kum Kum & Kateberry 2008-06-02 14:41:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\Kum Kum & Kateberry\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bHQtDfhk.ini
C:\WINDOWS\system32\bHQtDfhk.ini2
C:\WINDOWS\system32\jivyexto.ini
C:\WINDOWS\system32\jyeqaeve.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\otxeyvij.dll
C:\WINDOWS\system32\rtnkiqcu.ini
C:\WINDOWS\system32\WHQrCfhk.ini
C:\WINDOWS\system32\WHQrCfhk.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:17 . 2008-06-01 13:17 <REP> d-------- C:\Program Files\Trend Micro
2008-05-31 16:40 . 2008-05-31 16:40 324,864 --------- C:\WINDOWS\system32\khfDtQHb.dll_old
2008-05-31 16:20 . 2008-05-31 16:20 <REP> d-------- C:\Program Files\Avira
2008-05-31 16:20 . 2008-05-31 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-31 14:59 . 2008-06-02 13:38 200 --a------ C:\WINDOWS\wininit.ini
2008-05-30 11:26 . 2008-05-30 11:26 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Meridian93
2008-05-29 16:59 . 2008-05-29 16:59 41,864 --a------ C:\Documents and Settings\Kum Kum & Kateberry\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 15:49 . 2008-06-02 13:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 15:49 . 2008-05-29 15:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-28 12:23 . 2008-05-28 12:23 244 --ah----- C:\sqmnoopt19.sqm
2008-05-28 12:23 . 2008-05-28 12:23 232 --ah----- C:\sqmdata19.sqm
2008-05-28 00:35 . 2008-05-28 00:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 19:01 . 2008-05-25 19:01 244 --ah----- C:\sqmnoopt18.sqm
2008-05-25 19:01 . 2008-05-25 19:01 232 --ah----- C:\sqmdata18.sqm
2008-05-24 18:30 . 2008-05-24 18:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 18:30 . 2008-05-24 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 12:06 . 2008-05-24 12:06 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Grisoft
2008-05-24 12:05 . 2008-05-24 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-24 12:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-24 11:13 . 2008-05-24 11:13 244 --ah----- C:\sqmnoopt17.sqm
2008-05-24 11:13 . 2008-05-24 11:13 232 --ah----- C:\sqmdata17.sqm
2008-05-24 11:10 . 2008-05-24 11:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-24 09:07 . 2008-05-24 09:07 <REP> d-------- C:\Program Files\Lavasoft
2008-05-24 09:07 . 2008-05-24 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 02:27 . 2008-05-31 16:51 <REP> d-------- C:\Program Files\ColorUtility
2008-05-23 11:58 . 2008-05-23 11:58 244 --ah----- C:\sqmnoopt16.sqm
2008-05-23 11:58 . 2008-05-23 11:58 232 --ah----- C:\sqmdata16.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt15.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt14.sqm
2008-05-23 11:42 . 2008-05-23 11:42 244 --ah----- C:\sqmnoopt13.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata15.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata14.sqm
2008-05-23 11:42 . 2008-05-23 11:42 232 --ah----- C:\sqmdata13.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt12.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt11.sqm
2008-05-23 11:41 . 2008-05-23 11:41 244 --ah----- C:\sqmnoopt10.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata12.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata11.sqm
2008-05-23 11:41 . 2008-05-23 11:41 232 --ah----- C:\sqmdata10.sqm
2008-05-23 11:40 . 2008-05-23 11:40 244 --ah----- C:\sqmnoopt09.sqm
2008-05-23 11:40 . 2008-05-23 11:40 232 --ah----- C:\sqmdata09.sqm
2008-05-23 11:39 . 2008-05-23 11:39 244 --ah----- C:\sqmnoopt08.sqm
2008-05-23 11:39 . 2008-05-23 11:39 244 --ah----- C:\sqmnoopt07.sqm
2008-05-23 11:39 . 2008-05-23 11:39 232 --ah----- C:\sqmdata08.sqm
2008-05-23 11:39 . 2008-05-23 11:39 232 --ah----- C:\sqmdata07.sqm
2008-05-23 11:38 . 2008-05-23 11:38 244 --ah----- C:\sqmnoopt06.sqm
2008-05-23 11:38 . 2008-05-23 11:38 244 --ah----- C:\sqmnoopt05.sqm
2008-05-23 11:38 . 2008-05-23 11:38 232 --ah----- C:\sqmdata06.sqm
2008-05-23 11:38 . 2008-05-23 11:38 232 --ah----- C:\sqmdata05.sqm
2008-05-23 11:36 . 2008-05-23 11:36 244 --ah----- C:\sqmnoopt04.sqm
2008-05-23 11:36 . 2008-05-23 11:36 232 --ah----- C:\sqmdata04.sqm
2008-05-22 12:28 . 2008-05-22 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intenium
2008-05-22 12:26 . 2008-06-02 12:51 244 --ah----- C:\sqmnoopt03.sqm
2008-05-22 12:26 . 2008-06-02 12:51 232 --ah----- C:\sqmdata03.sqm
2008-05-20 12:22 . 2008-05-31 15:57 244 --ah----- C:\sqmnoopt02.sqm
2008-05-20 12:22 . 2008-05-31 15:57 232 --ah----- C:\sqmdata02.sqm
2008-05-19 14:22 . 2008-05-31 11:57 244 --ah----- C:\sqmnoopt01.sqm
2008-05-19 14:22 . 2008-05-31 11:57 232 --ah----- C:\sqmdata01.sqm
2008-05-17 09:49 . 2008-05-30 11:23 244 --ah----- C:\sqmnoopt00.sqm
2008-05-17 09:49 . 2008-05-30 11:23 232 --ah----- C:\sqmdata00.sqm
2008-05-16 11:07 . 2008-05-16 11:07 137,344 --a------ C:\WINDOWS\system32\drivers\litsgt.sys
2008-05-16 11:07 . 2008-05-16 11:07 12,032 --a------ C:\WINDOWS\system32\drivers\tansgt.sys
2008-05-16 10:26 . 2008-05-16 10:26 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys
2008-05-15 22:28 . 2008-05-15 22:29 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Super-Cow
2008-05-15 22:27 . 2008-05-15 22:28 <REP> d-------- C:\Program Files\Supercow Deluxe
2008-05-15 17:18 . 2008-06-01 13:21 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-14 17:40 . 2008-05-14 17:40 <REP> d-------- C:\Program Files\Alcohol Soft
2008-05-14 17:25 . 2008-05-14 17:25 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-14 15:51 . 2008-05-14 15:51 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-13 11:32 . 2006-11-10 10:55 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Fbus.sys
2008-05-13 11:32 . 2006-11-10 10:55 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Fwhnt.sys
2008-05-13 11:32 . 2006-11-10 10:55 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Fwh.sys
2008-05-10 11:58 . 2008-05-31 14:04 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\LimeWire
2008-05-09 11:08 . 2008-05-09 11:08 <REP> d-------- C:\Program Files\Chicken Invaders 2
2008-05-09 10:33 . 2008-05-09 10:33 <REP> d-------- C:\WINDOWS\HDF8
2008-05-09 10:31 . 2008-05-09 10:31 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\WINDOWS
2008-05-09 10:30 . 1995-12-08 15:42 33 --------- C:\WINDOWS\AMT.INI
2008-05-09 10:23 . 2008-05-09 10:24 24 ---hs---- C:\WINDOWS\SC225D99D.tmp
2008-05-09 10:22 . 2008-05-09 10:22 <REP> d-------- C:\Program Files\SlySoft
2008-05-09 10:09 . 2008-05-09 10:09 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Encyclopedie Hachette
2008-05-09 09:54 . 2008-05-09 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-09 09:52 . 2008-05-09 09:52 <REP> d-------- C:\Program Files\Hachette
2008-05-08 17:57 . 2008-05-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-07 16:07 . 2008-05-07 16:08 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Mysteryville2
2008-05-07 13:12 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Mysteryville 2
2008-05-07 12:50 . 2008-05-07 12:50 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-05-07 07:15 . <REP> C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Dossier de t‚l‚chargement Share-to-Web
2008-05-06 11:38 . 2008-05-06 11:38 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-05-06 11:38 . 2008-05-06 11:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-05-05 16:09 . 2008-05-30 11:23 <REP> d-------- C:\Program Files\BoontyGames
2008-05-05 16:09 . 2008-05-10 12:33 <REP> d-------- C:\Program Files\Boonty
2008-05-05 15:00 . 2008-05-05 15:00 <REP> d-------- C:\WINDOWS\Sun
2008-05-05 15:00 . 2008-05-05 15:00 <REP> d-------- C:\Program Files\Java
2008-05-05 15:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 14:59 . 2008-05-05 14:59 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-05 10:57 . 2008-05-05 10:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-05 10:50 . 2008-05-05 10:55 <REP> d-------- C:\Documents and Settings\Kum Kum & Kateberry\Application Data\GrabIt
2008-05-02 19:48 . 2002-03-15 22:37 196,608 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-02 19:48 . 2002-04-10 23:00 167,936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-02 19:48 . 2002-02-15 20:26 106,496 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-02 19:48 . 2002-03-15 22:37 81,920 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-02 19:48 . 2002-02-15 20:26 73,728 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-02 19:48 . 2002-02-15 20:26 69,632 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-02 19:48 . 2002-02-15 20:26 50,960 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-05-02 19:48 . 2002-03-21 19:37 16,112 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-02 19:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-02 19:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-02 19:47 . 2002-03-08 12:49 22,512 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-02 19:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-02 19:46 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-02 19:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-02 19:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-02 19:42 . 2008-05-02 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-02 19:40 . 2008-05-02 19:40 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-02 19:40 . 2008-05-02 19:40 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-05-02 19:38 . 2002-06-27 08:20 27,875 --------- C:\WINDOWS\hpoins01.dat
2008-05-02 19:38 . 2002-04-25 17:40 7,765 --------- C:\WINDOWS\hpomdl01.dat
2008-05-02 19:27 . 2008-05-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Fellowes
2008-05-02 19:24 . 2008-05-02 19:25 <REP> d-------- C:\Program Files\Pinnacle
2008-05-02 19:24 . 2008-05-02 19:24 1,816,779 --a------ C:\WINDOWS\Recorder.reg
2008-05-02 19:24 . 2008-05-02 19:24 2,423 --a------ C:\WINDOWS\NewRecorder.reg
2008-05-02 19:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-02 19:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-02 19:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-02 19:12 . 2008-05-02 19:12 <REP> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 09:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 09:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-07 05:15 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Dossier de téléchargement Share-to-Web
2008-05-03 12:56 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Apple Computer
2008-05-02 13:37 --------- d-----w C:\Documents and Settings\Kum Kum & Kateberry\Application Data\Pirateville
2008-05-02 13:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-02 13:35 --------- d-----w C:\Program Files\Micro Application
2008-05-02 13:27 --------- d-----w C:\Program Files\7-Zip
2008-05-02 13:23 --------- d-----w C:\Program Files\QuickTime
2008-05-02 13:23 --------- d-----w C:\Program Files\iTunes
2008-05-02 13:23 --------- d-----w C:\Program Files\iPod
2008-05-02 13:23 --------- d-----w C:\Program Files\Bonjour
2008-05-02 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-02 13:21 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-05-02 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-02 13:18 --------- d-----w C:\Program Files\Audacity
2008-05-02 13:13 --------- d-----w C:\Program Files\CCleaner
2008-05-02 13:10 --------- d-----w C:\Program Files\VideoLAN
2008-05-02 13:08 --------- d-----w C:\Program Files\CursorXP
2008-05-02 13:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-02 12:05 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-05-02 11:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-02 11:44 --------- d-----w C:\Program Files\Services en ligne
2008-05-02 11:40 --------- d-----w C:\Program Files\Windows Plus
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.
------- Sigcheck -------
2008-05-02 14:05 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5801A04D-C7CB-4F09-8DB2-D2A289FE9A54}]
C:\WINDOWS\system32\khfDtQHb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}]
C:\WINDOWS\system32\jkkIBUOF.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34 128000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 15:49 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}"= C:\WINDOWS\system32\jkkIBUOF.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIBUOF]
jkkIBUOF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\mcm2.exe"=
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2008-05-16 11:07]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2008-05-16 11:07]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-05-16 10:26]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-05-06 11:38]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 10:55]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-20 09:25:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-02 17:49:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1209750513.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 14:47:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 14:54:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 12:54:36
Pre-Run: 50,192,674,816 octets libres
Post-Run: 50,152,464,384 octets libres
270 --- E O F --- 2008-05-28 15:26:46
Voici le nouveau rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:09, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5801A04D-C7CB-4F09-8DB2-D2A289FE9A54} - C:\WINDOWS\system32\khfDtQHb.dll (file missing)
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - C:\WINDOWS\system32\jkkIBUOF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: jkkIBUOF - jkkIBUOF.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
relance HiJackThis et fixe ces lignes;
C:\Program Files\Bonjour\mDNSResponder.exe
O2 - BHO: (no name) - {5801A04D-C7CB-4F09-8DB2-D2A289FE9A54} - C:\WINDOWS\system32\khfDtQHb.dll (file missing)
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - C:\WINDOWS\system32\jkkIBUOF.dll (file missing)
O20 - Winlogon Notify: jkkIBUOF - jkkIBUOF.dll (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
telecharge ccleaner
un bon gros nettoyage
puis dit moi comment le PC tourne?
C:\Program Files\Bonjour\mDNSResponder.exe
O2 - BHO: (no name) - {5801A04D-C7CB-4F09-8DB2-D2A289FE9A54} - C:\WINDOWS\system32\khfDtQHb.dll (file missing)
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - C:\WINDOWS\system32\jkkIBUOF.dll (file missing)
O20 - Winlogon Notify: jkkIBUOF - jkkIBUOF.dll (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
telecharge ccleaner
un bon gros nettoyage
puis dit moi comment le PC tourne?
Voici le log généré par hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:19:57, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Kum Kum & Kateberry\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [48d482f4] rundll32.exe "C:\WINDOWS\system32\eveaqeyj.dll",b
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\KUMKUM~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2824] command /c del "C:\WINDOWS\gnowmebk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7311] cmd /c del "C:\WINDOWS\gnowmebk.dll_old"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe