Rapport hijackthis, cheval de troie et autres

jane761 Messages postés 20 Statut Membre -  
jane761 Messages postés 20 Statut Membre -
Bonjour,
La semaine passée, avira a détecté un cheval de Troie Troj/Banker.Je l'ai supprimé dans la poubelle.Malwarebyte ne fonctione plus même après réinstalltion et Spybot n'a rien vu.
Aujourd'hui, avira free edition scanne 5 malware?" contains recognition pattern of the Appl/Boonty games c/syst; D/yst; C/ progr files...

Je ne suis pas fort experte.Quelqu'un peut-il m'expliquer simplement ce que je peux faire

Voici le rappot hijackthisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:13, on 23/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Propriétaire.PRIV-656643ACE0\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\PROPRI~2.PRI\LOCALS~1\Temp\AVSETUP_49c935f9\basic\avupgsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9e2cfa34db4fa) (gupdate1c9e2cfa34db4fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9585 bytes
Un tout grand merci
Configuration: Windows XP
Firefox 3.0.11

5 réponses

  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bonjour,

    Pour voir ce qu'il y a dans ton PC :

    Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

    Ensuite :

    Télécharge GenProc sur ton bureau afin de voir ce qu'il à ton pc.

    Double-clique sur GenProc.exe

    et poste le contenu du rapport qui s'ouvre à la suite de la question êtes vous aider par quelqu'un, répondre oui. Merci.

    Si pas de rapport .txt, regarder sur le bureau, il doit y avoir une icône Genproc qui renvoie sur internet avec la procédure.

    Voir comment utiliser GenProc

    Pour ceux qui ont Vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    IMPORTANT : Poste la procédure Genproc et ne fais rien d'autre pour l'instant ( souvent il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement )

    0
    1. jane761 Messages postés 20 Statut Membre
       
      Voilà, j'ai nettoyé correctement avec C Cleaner
      Voici le rapport de genProc comme demandé
      Les explications étaient bien claires.Bravo
      Rapport GenProc 2.606 [1] - ven. 24/07/2009 à 9:18:01
      @ Windows XP Service Pack 3 - Mode normal
      @ Mozilla Firefox (3.0.11) [Navigateur par défaut]

      GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


      Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
      - coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
      - C:\Program Files\EsetOnlineScanner\log.txt




      ~~~~ INFORMATION COMPLEMENTAIRE ~~~~


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 9:20:26, on 24/07/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Belgacom\bin\sprtsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Belgacom\bin\sprtcmd.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\system32\cmd.exe
      C:\GenProc\outil\Propriétaire_GenProc.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\PROPRI~2.PRI\LOCALS~1\Temp\AVSETUP_49c935f9\basic\avupgsvc.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Service Google Update (gupdate1c9e2cfa34db4fa) (gupdate1c9e2cfa34db4fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
      O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  2. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonsoir

    Pas d'infections sur le log
    Voir éventuellement avec RSTI

    ++
    0
  3. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Pour voir qu'il n'y à pas de programmes néfastes :

    Télécharge malwarebytes

    NB : S'il te manque COMCTL32.OCX alors télécharge le ici

    Tu l´installe; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    Clic maintenant sur l´onglet recherche et coche la case : "exécuter un examen complet".

    Puis clic sur "rechercher".

    Laisse le scanner le pc...

    Si des éléments on été trouvés > clic sur supprimer la sélection.

    si il t´es demandé de redémarrer > clic sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l'onglet rapport/log

    Tutoriaux
    0
    1. jane761 Messages postés 20 Statut Membre
       
      1)Quand j'essaie d'installer malwarebyte et même le fichier que vous m'indiquez, j'ai un message d'erreur <gras>"runtime error, abnormal program termination"

      2) Devais-je poster un rapport Nod32 comme j'ai vu dans le rapport Genproc.Je n'ai jamais pu obtenir IE 7 ,encore moins le 8 malgré de multiples interventions sur votre site l'année passée.Donc, j'ai utilisé Firefox
      0
  4. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ça il ne faut pas c'est si il te manque ça : s'il te manque COMCTL32.OCX alors télécharge le ici
    0
    1. jane761 Messages postés 20 Statut Membre
       
      Qd je clique sur comc kl 32.ocx, malwarebyte me met tjs le même message d'erreur, runtime error...Mais par contre,ce lien ouvre spybot.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jane761 Messages postés 20 Statut Membre
     
    Par contre, j'ai pu faire un scan avec spybot et il me trouve encore un cheval de troie dans la clé du registre!!!
    Voici le rapport-- Search result list ---
    Win32.Banload.aghb: [SBI $4C93D42E] Extension de fichier (Clé du Registre, nothing done)
    HKEY_CLASSES_ROOT\.gbp

    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2008-07-07 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-02-26 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-07-14 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-07-14 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-07-14 Includes\HijackersC.sbi (*)
    2009-06-23 Includes\Keyloggers.sbi (*)
    2009-07-21 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-07-14 Includes\Malware.sbi (*)
    2009-07-21 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-07-21 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-06-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-07-07 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-07-22 Includes\Trojans.sbi (*)
    2009-07-21 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player: Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
    / Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    / Windows Media Player 11: Correctif pour Lecteur Windows Media 11 (KB939683)
    / Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
    / Windows Media Player 11: Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
    / Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    / Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
    / Windows XP: Mise à jour de sécurité pour Windows XP (KB941569)
    / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)
    / Windows XP / SP0: Mise à jour pour Windows Internet Explorer 8 (KB971180)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP3: Windows XP Service Pack 3
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB923561)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB938464)
    / Windows XP / SP4: Mise à jour pour Windows XP (KB942763)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB946648)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950759)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950760)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950762)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950974)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951066)
    / Windows XP / SP4: Mise à jour pour Windows XP (KB951072-v2)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951376-v2)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951698)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951748)
    / Windows XP / SP4: Mise à jour pour Windows XP (KB951978)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB952004)
    / Windows XP / SP4: Correctif pour Windows XP (KB952287)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB952954)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB953838)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB953839)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954211)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954459)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954600)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB955069)
    / Windows XP / SP4: Mise à jour pour Windows XP (KB955839)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956390)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956391)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956572)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956802)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956803)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956841)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB957095)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB957097)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958215)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958644)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958687)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958690)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB959426)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB960225)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB960714)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB960715)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB960803)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB961371)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB961373)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB961501)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB963027)
    / Windows XP / SP4: Mise à jour pour Windows XP (KB967715)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB968537)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB969897)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB969898)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB970238)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB971633)
    / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB973346)

    --- Startup entries list ---
    Located: HK_LM:Run, !AVG Anti-Spyware
    command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    size: 6731312
    MD5: CC6BC45DD5A58158645E7FB2953604FE

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    size: 35696
    MD5: 452FA961163EF4AEE4815796A13AB2CF

    Located: HK_LM:Run, Alcmtr
    command: ALCMTR.EXE
    file: C:\WINDOWS\ALCMTR.EXE
    size: 69632
    MD5: 8B4CBBA1EA526830C7F97E7822E2493A

    Located: HK_LM:Run, avgnt
    command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    size: 209153
    MD5: 29680A793F690EEF4AAA68479D2A6DF8

    Located: HK_LM:Run, Belgacom
    command: "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
    file: C:\Program Files\Belgacom\bin\sprtcmd.exe
    size: 202016
    MD5: E51925CE5017808EE8CB66BEAF25363F

    Located: HK_LM:Run, CHotkey
    command: mHotkey.exe
    file: C:\WINDOWS\mHotkey.exe
    size: 549376
    MD5: 644235E843359AEB70BC76CC84F72A2B

    Located: HK_LM:Run, CmUCRRun
    command: C:\WINDOWS\system32\CmUCReye.exe
    file: C:\WINDOWS\system32\CmUCReye.exe
    size: 237568
    MD5: 73F53075B35124D83479C29780BA6D73

    Located: HK_LM:Run, KernelFaultCheck
    command: %systemroot%\system32\dumprep 0 -k
    file: C:\WINDOWS\system32\dumprep 0 -k
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, ledpointer
    command: CNYHKey.exe
    file: C:\WINDOWS\CNYHKey.exe
    size: 5577216
    MD5: 12B292DCC5862C8DDD7830D44B81EC97

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    file: C:\WINDOWS\system32\NvCpl.dll
    size: 7282688
    MD5: 0743B9D5F36CF73C0913988D44A33AAF

    Located: HK_LM:Run, NvMediaCenter
    command: RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    file: C:\WINDOWS\system32\NvMCTray.dll
    size: 86016
    MD5: 73E6DAA9896E941228482770EC370A5C

    Located: HK_LM:Run, nwiz
    command: nwiz.exe /install
    file: C:\WINDOWS\system32\nwiz.exe
    size: 1519616
    MD5: 417289950CD871FC8B820BAABB76C6D3

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 413696
    MD5: FABAD2BFD44661D8CC627E5485BFAFAF

    Located: HK_LM:Run, RTHDCPL
    command: RTHDCPL.EXE
    file: C:\WINDOWS\RTHDCPL.EXE
    size: 14820864
    MD5: 0AF9324D43DF9DF59BB2B0F08223A26C

    Located: HK_LM:Run, TkBellExe
    command: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    file: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    size: 198160
    MD5: 5676E75F98FF8E0F81DFF604A09288BB

    Located: HK_LM:Run, ZoneAlarm Client
    command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 919016
    MD5: 8800130156B0642B15ECB75E7CC7E6F1

    Located: HK_LM:Run, GBMLite8AgentLaCie (DISABLED)
    command: C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
    file: C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
    size: 189056
    MD5: 4ADA227EC4E1BBAD144EAABF02221853

    Located: HK_LM:Run, HP Software Update (DISABLED)
    command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    size: 54840
    MD5: 21293443961A4E2597453EE7A9347F22

    Located: HK_LM:Run, InCD (DISABLED)
    command: C:\Program Files\Ahead\InCD\InCD.exe
    file: C:\Program Files\Ahead\InCD\InCD.exe
    size: 1397760
    MD5: 69A2D4D9EF785DEDAE0AB21248C8D34C

    Located: HK_LM:Run, iTunesHelper (DISABLED)
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 292136
    MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0

    Located: HK_LM:Run, MedionVFD (DISABLED)
    command: "C:\Program Files\Medion Info Display\MdionLCM.exe"
    file: C:\Program Files\Medion Info Display\MdionLCM.exe
    size: 126976
    MD5: 484522F6C66CF654864BCDFE468295BD

    Located: HK_LM:Run, NeroFilterCheck (DISABLED)
    command: C:\WINDOWS\system32\NeroCheck.exe
    file: C:\WINDOWS\system32\NeroCheck.exe
    size: 155648
    MD5: 3E4C03CEFAD8DE135263236B61A49C90

    Located: HK_CU:Run, CTFMON.EXE
    where: .DEFAULT...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: HK_CU:Run, CTFMON.EXE
    where: PE_C0_S-1-5-21-117609710-1563985344-839522115-500...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: HK_CU:Run, ctfmon.exe
    where: PE_C_JANS JANIE...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: HK_CU:Run, swg
    where: PE_C_JANS JANIE...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: E616A6A6E91B0A86F2F6217CDE835FFE

    Located: HK_CU:Run, MSMSGS (DISABLED)
    where: PE_C_JANS JANIE...
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1695232
    MD5: E13EA4860E8F2AA845B53BFD2B6FEC5B

    Located: HK_CU:Run, NBJ (DISABLED)
    where: PE_C_JANS JANIE...
    command: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    file: C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
    size: 1957888
    MD5: 9CAB916797D8D39F78B8800C2A23ADD6

    Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)
    where: PE_C_JANS JANIE...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

    Located: HK_CU:Run, WMPNSCFG (DISABLED)
    where: PE_C_JANS JANIE...
    command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    size: 204288
    MD5: 5011A24AECF4D573473BDC15EE84C178

    Located: HK_CU:RunOnce, RoboForm (DISABLED)
    where: PE_C_JANS JANIE...
    command: "C:\Program Files\Siber Systems\AI RoboForm\identities.exe" -fr
    file: C:\Program Files\Siber Systems\AI RoboForm\identities.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, CTFMON.EXE
    where: PE_C_PROPRIéTAIRE.PRIV-B94EE342E4...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-19...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-20...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-21-117609710-1563985344-839522115-1003...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: HK_CU:Run, NBJ
    where: S-1-5-21-117609710-1563985344-839522115-1003...
    command: "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
    file: C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe
    size: 1957888
    MD5: 9CAB916797D8D39F78B8800C2A23ADD6

    Located: HK_CU:Run, swg
    where: S-1-5-21-117609710-1563985344-839522115-1003...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: E616A6A6E91B0A86F2F6217CDE835FFE

    Located: HK_CU:Run, GBMLite8AgentLaCie (DISABLED)
    where: S-1-5-21-117609710-1563985344-839522115-1003...
    command: C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
    file: C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
    size: 189056
    MD5: 4ADA227EC4E1BBAD144EAABF02221853

    Located: HK_CU:Run, LaCie Backup (DISABLED)
    where: S-1-5-21-117609710-1563985344-839522115-1003...
    command: C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    file: C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe
    size: 2596864
    MD5: 51C10BE3813089E8EF51089746C49023

    Located: HK_CU:Run, spybot (DISABLED)
    where: S-1-5-21-117609710-1563985344-839522115-1003...
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)
    where: S-1-5-21-117609710-1563985344-839522115-1003...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-21-117609710-1563985344-839522115-500...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-18...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

    Located: Démarrage (tous utilisateurs), Démarrage rapide du logiciel HP Image Zone.lnk
    where: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    size: 73728
    MD5: 806EE198284D569253EB6A1D1180B37D

    Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk (DISABLED)
    where: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    size: 282624
    MD5: 5597D0075861CB0A6E6087752D205C0D

    Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
    where: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
    file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
    size: 83360
    MD5: 5BC65464354A9FD3BEAA28E18839734A

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, dimsntfy
    command: %SystemRoot%\System32\dimsntfy.dll
    file: %SystemRoot%\System32\dimsntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    --- Browser helper object list ---
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name: ACROIE~2.DLL
    Date (created): 27/02/2009 12:07:26
    Date (last access): 24/07/2009 18:44:56
    Date (last write): 27/02/2009 12:07:26
    Filesize: 75128
    Attributes:
    MD5: 5CF6190CD875DA6B35256FEE573E7908
    CRC32: 764BA81B
    Version: 9.1.0.163

    {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
    Path: C:\Program Files\Real\RealPlayer\
    Long name: rpbrowserrecordplugin.dll
    Short name: RPBROW~1.DLL
    Date (created): 20/12/2007 19:50:08
    Date (last access): 24/07/2009 18:44:56
    Date (last write): 3/03/2009 16:49:34
    Filesize: 312928
    Attributes:
    MD5: CB843FEFA68DF58A05D9F7CCDD9D25FB
    CRC32: 5B3A889F
    Version: 1.0.1.186

    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: WormRadar.com IESiteBlocker.NavFilter
    CLSID name:

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 21/08/2008 14:39:18
    Date (last access): 24/07/2009 18:43:16
    Date (last write): 26/01/2009 16:31:02
    Filesize: 1879896
    Attributes:
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
    Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 17/02/2009 17:11:04
    Date (last access): 24/07/2009 18:44:56
    Date (last write): 17/02/2009 17:11:04
    Filesize: 408440
    Attributes:
    MD5: 1A82C1B9BB43385695EFC3A84F6756A2
    CRC32: 75E558CA
    Version: 5.0.818.6

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://www.google.com/intl/fr/toolbar/ie/index.html
    info source: TonyKlein
    Path: c:\program files\google\
    Long name: GoogleToolbar1.dll
    Short name: GOOGLE~1.DLL
    Date (created): 11/07/2008 20:39:46
    Date (last access): 24/07/2009 18:17:48
    Date (last write): 11/07/2008 20:39:46
    Filesize: 2436160
    Attributes: readonly
    MD5: 6D44E0C3B43D27484FBB355E470C4188
    CRC32: 2DE875CD
    Version: 4.0.1601.4978

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Notifier BHO
    Path: C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\
    Long name: swg.dll
    Short name:
    Date (created): 18/09/2008 17:53:42
    Date (last access): 24/07/2009 18:44:58
    Date (last write): 18/09/2008 17:53:42
    Filesize: 737776
    Attributes:
    MD5: AB32387A8F8C696A0739768B6B913714
    CRC32: F4E76414
    Version: 3.1.807.1746

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Toolbar Helper
    Path: C:\Program Files\Windows Live Toolbar\
    Long name: msntb.dll
    Short name:
    Date (created): 19/10/2007 12:20:48
    Date (last access): 24/07/2009 18:17:48
    Date (last write): 19/10/2007 12:20:48
    Filesize: 546320
    Attributes:
    MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
    CRC32: 12446524
    Version: 3.1.0.146

    --- ActiveX list ---
    {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
    DPF name:
    CLSID name: Shockwave ActiveX Control
    Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
    Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    description: Macromedia ShockWave Flash Player 7
    classification: Legitimate
    known filename: SWDIR.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Adobe\Director\
    Long name: swdir.dll
    Short name:
    Date (created): 12/07/2008 22:34:14
    Date (last access): 24/07/2009 18:44:58
    Date (last write): 17/06/2008 16:23:02
    Filesize: 202168
    Attributes:
    MD5: 25F0A729215D2CAF61F0BF5092D07CF9
    CRC32: 93C62F10
    Version: 11.0.0.458

    {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
    DPF name:
    CLSID name: BDSCANONLINE Control
    Installer: C:\WINDOWS\Downloaded Program Files\oscan8.inf
    Codebase: http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    description:
    classification: Legitimate
    known filename: oscan8.ocx
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: oscan8.ocx
    Short name:
    Date (created): 25/10/2007 16:54:18
    Date (last access): 24/07/2009 18:44:58
    Date (last write): 25/10/2007 16:54:18
    Filesize: 471040
    Attributes:
    MD5: BC4E154A06C9208EF36669B1B9E5FDAD
    CRC32: DF08A08D
    Version: 1.0.0.1

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 648 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 728 ( 648) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 752 ( 648) \??\C:\WINDOWS\system32\winlogon.exe
    size: 512000
    PID: 796 ( 752) C:\WINDOWS\system32\services.exe
    size: 111104
    MD5: C3FB1D70CB88722267949694BA51759E
    PID: 808 ( 752) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 91E6024D6D4DCDECDB36C43ECF9BBECB
    PID: 984 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: E4BDF223CD75478BF44567B4D5C2634D
    PID: 1048 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: E4BDF223CD75478BF44567B4D5C2634D
    PID: 1116 ( 796) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: E4BDF223CD75478BF44567B4D5C2634D
    PID: 1136 ( 796) C:\Program Files\Ahead\InCD\InCDsrv.exe
    size: 869888
    MD5: 67AD1011F18AF0E3FAC38F2D7024FBC1
    PID: 1252 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: E4BDF223CD75478BF44567B4D5C2634D
    PID: 1324 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: E4BDF223CD75478BF44567B4D5C2634D
    PID: 1376 ( 796) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    size: 75304
    MD5: 4ABE946715D5E17C013D70FABB9E9780
    PID: 1596 (1564) C:\WINDOWS\Explorer.EXE
    size: 1037824
    MD5: F2317622D29F9FF0F88AEECD5F60F0DD
    PID: 1868 ( 796) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: 460E4CE148BD07218DA0B6A3D31885A9
    PID: 1924 ( 796) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    size: 108289
    MD5: 9015BC03F62940527EC92D45EE89E46F
    PID: 1940 ( 796) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    size: 185089
    MD5: 0964DDA80C33B6F542886128300FA404
    PID: 328 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: E4BDF223CD75478BF44567B4D5C2634D
    PID: 1524 ( 796) C:\WINDOWS\system32\agrsmsvc.exe
    size: 13312
    MD5: EFBC44FBD75E4F80BD927AEBF6E7EADE
    PID: 1544 ( 796) C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    size: 144712
    MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
    PID: 1572 ( 796) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    size: 312880
    MD5: 5DCD235C061022BCDA9AA48670B64211
    PID: 1592 ( 796) C:\Program Files\Bonjour\mDNSResponder.exe
    size: 238888
    MD5: 3F56903E124E820AEECE6D471583C6C1
    PID: 156 ( 796) C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    size: 53248
    MD5: 575ED0F5DCB34E5C243D2A7EBC860484
    PID: 276 ( 796) C:\WINDOWS\system32\nvsvc32.exe
    size: 131139
    MD5: 1BC6BCFC305270A73A91A2D2751E8FDB
    PID: 296 ( 796) C:\WINDOWS\system32\HPZipm12.exe
    size: 73728
    MD5: 2D091A99624FB9E7EEF0A86D872EC0C3
    PID: 448 ( 796) C:\Program Files\Belgacom\bin\sprtsvc.exe
    size: 202016
    MD5: 5F87F129EC8BFAE7C5EF456619047F22
    PID: 488 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: E4BDF223CD75478BF44567B4D5C2634D
    PID: 2652 (1596) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4
    PID: 2680 ( 796) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 5E9A6658A2A69AE7EB195113B7A2E7A9
    PID: 2932 (1596) C:\WINDOWS\system32\CmUCReye.exe
    size: 237568
    MD5: 73F53075B35124D83479C29780BA6D73
    PID: 3000 (1596) C:\WINDOWS\mHotkey.exe
    size: 549376
    MD5: 644235E843359AEB70BC76CC84F72A2B
    PID: 3052 (1596) C:\WINDOWS\CNYHKey.exe
    size: 5577216
    MD5: 12B292DCC5862C8DDD7830D44B81EC97
    PID: 3184 ( 796) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: E4BDF223CD75478BF44567B4D5C2634D
    PID: 3192 (1596) C:\Program Files\Belgacom\bin\sprtcmd.exe
    size: 202016
    MD5: E51925CE5017808EE8CB66BEAF25363F
    PID: 3316 (1596) C:\WINDOWS\RTHDCPL.EXE
    size: 14820864
    MD5: 0AF9324D43DF9DF59BB2B0F08223A26C
    PID: 3364 (1596) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 919016
    MD5: 8800130156B0642B15ECB75E7CC7E6F1
    PID: 3428 (1596) C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    size: 198160
    MD5: 5676E75F98FF8E0F81DFF604A09288BB
    PID: 3492 (1596) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    size: 6731312
    MD5: CC6BC45DD5A58158645E7FB2953604FE
    PID: 3508 (1596) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    size: 209153
    MD5: 29680A793F690EEF4AAA68479D2A6DF8
    PID: 3536 (1596) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: E616A6A6E91B0A86F2F6217CDE835FFE
    PID: 3956 (3684) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    size: 479232
    MD5: 1499435CDBDF07ACC38BDB49470BCA88
    PID: 2120 (1596) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 3944 (1596) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 307704
    MD5: F518C42B2EBBE4C7847914F9AE460AAB
    PID: 4 ( 0) System

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 24/07/2009 18:47:07

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    https://www.google.com/?gws_rd=ssl
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.google.com/toolbar/ie8/sidebar.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.google.com/toolbar/ie8/sidebar.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/toolbar/ie8/sidebar.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://www.google.com/search?q=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.msn.com/fr-fr/?ocid=iehp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    https://www.msn.com/fr-fr/?ocid=iehp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/toolbar/ie8/sidebar.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 6: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 7: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5C6BFF0A-C6BD-4751-AB01-89A3FAA3BC17}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5C6BFF0A-C6BD-4751-AB01-89A3FAA3BC17}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{49D0C142-1368-4290-B111-A4B4E69F4847}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{49D0C142-1368-4290-B111-A4B4E69F4847}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D58C080B-CE2D-4230-9845-7FC8AE4C34F1}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D58C080B-CE2D-4230-9845-7FC8AE4C34F1}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{ECBCAC46-96DC-4BCA-8BEB-D85A34948845}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{ECBCAC46-96DC-4BCA-8BEB-D85A34948845}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C6BFF0A-C6BD-4751-AB01-89A3FAA3BC17}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C6BFF0A-C6BD-4751-AB01-89A3FAA3BC17}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D58C080B-CE2D-4230-9845-7FC8AE4C34F1}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D58C080B-CE2D-4230-9845-7FC8AE4C34F1}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{49D0C142-1368-4290-B111-A4B4E69F4847}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{49D0C142-1368-4290-B111-A4B4E69F4847}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA6D8A56-95DB-4FC3-B3CD-9A6F76242827}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA6D8A56-95DB-4FC3-B3CD-9A6F76242827}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F46519A-8C9D-49F2-A757-66C9F76F82BB}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F46519A-8C9D-49F2-A757-66C9F76F82BB}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{537D715B-AB12-470D-82D4-418534C3E4D5}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{537D715B-AB12-470D-82D4-418534C3E4D5}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: TCP/IP
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP
    0
    1. jane761 Messages postés 20 Statut Membre
       
      J'ai pu remettre en activité malwarebyte en écrasant le mbam initial et en le remplaçant comme expliqué qqpart sur votre site mais le rapport est bien courtiii


      VoiciMalwarebytes' Anti-Malware 1.39
      Version de la base de données: 2494
      Windows 5.1.2600 Service Pack 3

      25/07/2009 8:01:48
      mbam-log-2009-07-25 (08-01-48).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|)
      Eléments examinés: 567769
      Temps écoulé: 3 hour(s), 51 minute(s), 44 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0