Et la suite, le deuxième rapport principale de Deckard's System Scanner.
Deckard's System Scanner v20071014.68
Run by Propriétaire on 2008-07-28 09:35:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Performed disk cleanup.
-- HijackThis (run as Propriétaire.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:36, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PROPRI~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) -
http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: lstream - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 5712 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080627-104536-220 O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
backup-20080627-104536-543 O4 - Startup: userinit.exe
backup-20080627-104536-763 O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Administrateur\svchost.exe
backup-20080628-105426-480 O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Administrateur\svchost.exe
backup-20080628-105426-688 O4 - Startup: userinit.exe
backup-20080628-105426-700 O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
backup-20080628-105426-783 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not>
S3 catchme - c:\docume~1\propri~1\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not>
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\svchost.exe (pid 1428)
2006-05-14 10:48:16 181248 --a------ C:\WINDOWS\system32\rasmans.dll <Not>
C:\WINDOWS\system32\svchost.exe (pid 932)
2008-04-25 10:13:52 139264 --a------ C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll <Not>
2008-03-07 17:40:58 102400 --a------ C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_7100\bdcore.dll <Not>
2008-06-06 02:59:58 53248 --a------ C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_7100\avxdisk.dll
2008-04-14 17:20:22 90112 --a------ C:\Program Files\BitDefender\BitDefender 2008\quarcore.dll <Not>
2008-01-24 15:22:00 36864 --a------ C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\smartscn.dll <Not>
-- Files created between 2008-06-28 and 2008-07-28 -----------------------------
2008-07-27 23:16:17 0 dr-h----- C:\Documents and Settings\Propriétaire\Recent
2008-07-27 18:19:59 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-27 18:19:54 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not>
2008-07-27 18:19:52 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-27 18:19:51 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not>
2008-07-27 18:19:51 683520 --a------ C:\WINDOWS\system32\divx.dll <Not>
2008-07-27 18:19:49 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-27 18:19:47 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-27 18:19:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-07-27 17:38:20 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\DivX
2008-07-27 13:39:01 0 d-------- C:\WINDOWS\l2schemas
2008-07-27 13:39:00 0 d-------- C:\WINDOWS\system32\fr
2008-07-27 13:38:59 0 d-------- C:\WINDOWS\system32\bits
2008-07-27 13:25:44 1845376 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
2008-07-27 12:20:29 0 d-------- C:\WINDOWS\EHome
2008-07-26 17:35:22 0 d-------- C:\Program Files\Recuva
2008-07-25 09:58:33 0 d-------- C:\HaxFix
2008-07-25 09:58:33 466502 --a------ C:\HaxFix.exe <Not>
2008-07-10 16:20:05 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\BitDefender
2008-07-10 16:19:05 0 d-------- C:\Program Files\BitDefender
2008-07-10 16:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-10 16:18:06 0 d-------- C:\Program Files\Fichiers communs\BitDefender
2008-07-10 16:12:26 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-07-10 16:09:40 0 d-------- C:\Documents and Settings\All Users\Local Settings
2008-07-10 12:00:50 0 d-------- C:\temp_phw
2008-07-09 10:02:23 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-08 12:40:10 0 d-------- C:\scanbit
2008-07-08 12:30:26 0 d-------- C:\VundoFix Backups
2008-07-08 11:55:21 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-08 11:55:21 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not>
2008-07-08 11:55:21 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not>
2008-07-08 11:55:21 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not>
2008-06-28 22:02:41 33920 --a------ C:\WINDOWS\system32\adrn.bin
2008-06-28 14:31:39 26 --a------ C:\WINDOWS\system32\fsxxd.sys
2008-06-28 10:57:22 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-28 09:22:10 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-07-28 09:35:31 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-27 18:12:14 0 d-------- C:\Program Files\DivX
2008-07-27 17:51:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-27 13:50:10 0 d-------- C:\Program Files\Messenger
2008-07-27 13:46:10 0 d-------- C:\Program Files\Windows NT
2008-07-27 13:46:07 0 d-------- C:\Program Files\Movie Maker
2008-07-23 14:26:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 21:31:10 0 d-------- C:\Program Files\Lavasoft
2008-07-15 21:31:07 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-10 16:18:06 0 d-------- C:\Program Files\Fichiers communs
2008-07-08 12:10:08 594 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-30 15:51:00 0 --a----c- C:\WINDOWS\system32\ftp34.dll
2008-06-25 20:25:16 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-06-24 15:34:09 0 d-------- C:\Program Files\Trend Micro
2008-05-23 10:21:03 284 --a----c- C:\WINDOWS\system32co0100.dat
2008-05-23 00:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-18 16:09:29 28672 --a----c- C:\WINDOWS\system32\coclean.exe <Not>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [23/09/2004 21:27 C:\WINDOWS\SOUNDMAN.EXE]
"Alcmtr"="ALCMTR.EXE" [23/09/2004 23:44 C:\WINDOWS\ALCMTR.EXE]
"AlcWzrd"="ALCWZRD.EXE" [24/09/2004 20:06 C:\WINDOWS\ALCWZRD.EXE]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [17/03/2004 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 16:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [23/05/2008 19:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/05/2006 00:22]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 14:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/05/2005 23:23:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstream]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsxxd.sys"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan
-- Hosts -----------------------------------------------------------------------
127.0.0.1
www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com
127.0.0.1 008k.com
127.0.0.1
www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com
127.0.0.1 032439.com
8910 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-28 09:37:03 ------------
Merci pour ton temps,
A suivre,
JeanJean