Le main.txt de Deckard :
Deckard's System Scanner v20071014.68
Run by mel on 2008-07-20 10:57:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Performed disk cleanup.
-- HijackThis (run as mel.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:09, on 2008-07-20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\mel\Bureau\dss.exe
C:\PROGRA~1\HIJACK~1\mel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: (no name) - {E066FB99-2E3B-477A-91AE-80C045A3DB79} - c:\windows\system32\dbmsrpcnf.dll
O2 - BHO: (no name) - {E28B868A-09DA-4234-833C-63982C7166E1} - C:\WINDOWS\System32\catsrvf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 20-20 Shortcut Bar.lnk = C:\Program Files\cuisine\Mswin\60\SCBar.Exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O20 - Winlogon Notify: rzlywkbj - C:\WINDOWS\SYSTEM32\dbmsrpcnf.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6144 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------
backup-20080709-195704-327 O4 - HKCU\..\Run: [4xyn] C:\WINDOWS\system32\4xyn.exe
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 dwazjein - c:\windows\system32\drivers\czyjfmhd.dat
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not>
R2 KeyP - c:\windows\system32\drivers\keyp.sys <Not>
R3 AR5211 (NETGEAR WPN311 V1H3 Wireless Adapter Service) - c:\windows\system32\drivers\wpn311.sys <Not>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not>
S3 alcan5ln (SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS)) - c:\windows\system32\drivers\alcan5ln.sys <Not>
S3 catchme - c:\docume~1\mel\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contrôleur de bus USB
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_80A11043&REV_82\3&61AAA01&0&83
Manufacturer:
Name: Contrôleur de bus USB
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_80A11043&REV_82\3&61AAA01&0&83
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Carte Fast Ethernet compatible VIA
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80A11043&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: Carte Fast Ethernet compatible VIA
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80A11043&REV_74\3&61AAA01&0&90
Service: FETNDIS
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Miniport de pont MAC
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: Miniport de pont MAC
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 540)
2002-11-06 20:00:38 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not>
C:\WINDOWS\system32\svchost.exe (pid 760)
2002-11-06 20:00:38 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not>
C:\WINDOWS\system32\svchost.exe (pid 784)
2002-11-06 20:00:38 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not>
2002-05-23 09:34:28 310272 --a------ C:\WINDOWS\system32\winhttp.dll <Not>
C:\WINDOWS\explorer.exe (pid 1208)
2002-11-06 20:00:38 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not>
2003-05-15 14:43:24 119808 --a------ C:\Program Files\WinRAR\RarExt.dll
2006-09-12 12:10:00 53248 --a------ C:\Program Files\UltraEdit-32\ue32ctmn.dll <Not>
-- Files created between 2008-06-20 and 2008-07-20 -----------------------------
2008-07-20 10:06:57 0 d-------- C:\Documents and Settings\mel\Application Data\Malwarebytes
2008-07-20 10:06:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 10:06:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 13:05:38 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-07-16 21:01:02 0 dr-h----- C:\Documents and Settings\mel\Recent
2008-07-09 20:02:30 61440 --a------ C:\WINDOWS\System32\drivers\ixqx.sys
2008-07-07 23:44:50 0 d-------- C:\Program Files\Navilog1
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Voisinage réseau
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Voisinage d'impression
2008-07-06 11:28:21 0 dr-h----- C:\Documents and Settings\Administrateur.MEL.000\SendTo
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Recent
2008-07-06 11:28:21 237568 --ah----- C:\Documents and Settings\Administrateur.MEL.000\NTUSER.DAT
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Modèles
2008-07-06 11:28:21 0 d-------- C:\Documents and Settings\Administrateur.MEL.000\Mes documents
2008-07-06 11:28:21 0 dr------- C:\Documents and Settings\Administrateur.MEL.000\Menu Démarrer
2008-07-06 11:28:21 0 d--h----- C:\Documents and Settings\Administrateur.MEL.000\Local Settings
2008-07-06 11:28:21 0 d-------- C:\Documents and Settings\Administrateur.MEL.000\Favoris
2008-07-06 11:28:21 0 d---s---- C:\Documents and Settings\Administrateur.MEL.000\Cookies
2008-07-06 11:28:21 0 d-------- C:\Documents and Settings\Administrateur.MEL.000\Bureau
2008-07-06 11:28:21 0 dr-h----- C:\Documents and Settings\Administrateur.MEL.000\Application Data
2008-07-06 11:28:21 0 d---s---- C:\Documents and Settings\Administrateur.MEL.000\Application Data\Microsoft
2008-07-06 11:28:11 0 d--hs---- C:\WINDOWS\CSC
2008-07-06 11:11:54 0 d-------- C:\VundoFix Backups
2008-07-06 11:03:51 0 d-------- C:\Program Files\CCleaner
2008-07-06 09:35:50 0 d-------- C:\KILLTROJANs <KILLTR>
2008-07-03 20:07:30 0 d-------- C:\Program Files\Audacity
-- Find3M Report ---------------------------------------------------------------
2008-07-19 15:58:16 0 d-------- C:\Program Files\eMule
2008-07-16 21:03:05 3154 --a------ C:\WINDOWS\System32\tmp.reg
2008-07-15 18:26:12 101632 --a------ C:\WINDOWS\System32\catsrvf.dll
2008-07-09 20:02:30 1298 --a------ C:\Program Files\mvtf.txt
2008-07-06 14:08:42 0 d-------- C:\Program Files\Java
2008-07-06 11:24:32 0 d-------- C:\Program Files\Yahoo!
2008-07-06 11:24:00 0 d-------- C:\Program Files\Fichiers communs
2008-07-06 11:23:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 11:22:51 0 d-------- C:\Program Files\Panda Security
2008-06-16 19:09:01 4861 --a----c- C:\WINDOWS\mozver.dat
2008-06-10 23:07:16 0 d-------- C:\Program Files\IKEA HomePlanner
2008-06-10 23:05:36 0 d-------- C:\Program Files\Cuisine Astuce
2008-05-25 15:58:38 0 d-------- C:\Program Files\Avant Browser
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E066FB99-2E3B-477A-91AE-80C045A3DB79}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E28B868A-09DA-4234-833C-63982C7166E1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 14:05]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe" [2004-07-22 22:53]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-02 22:49]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-07-15 22:52]
"CloneCDTray"="C:\Program Files\CloneCD\CloneCDTray.exe" [2004-09-02 23:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-11-01 02:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rzlywkbj]
dbmsrpcnf.dll 2001-08-28 14:00 83968 C:\WINDOWS\system32\dbmsrpcnf.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-BP]
"C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kyrreyam
-- End of Deckard's System Scanner: finished at 2008-07-20 10:59:04 ------------