Virus inconnu (rapport HijackThis)

Résolu
jtb -  
ananie32 Messages postés 9 Statut Membre -
Bonjour,
Depuis hier, je suis infecté par un virus. Avast me détecte JWZPQNG.SYS comme infecté. Mais, à chaque fois que je le supprime, il revient quelques secondes après ! J'ai déjà fait plusieurs analyses anti virus et pas moyen d'en être quitte. J'ai essayé plusieurs logiciels (Avast, Malwaresbyte, Spybot, Ewido) et quasi tous me le détecte mais doivent laisser échapper un autre fichier, puisqu'il s'autocopie quand même.

Voici le rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:47, on 12/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\EmvSmartCardReader\SmartMON.exe
C:\Program Files\EmvSmartCardReader\BePCSC.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jonathan\Bureau\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {68da1884-655b-47c3-ae5c-8f49008457b1} - C:\WINDOWS\system32\wvUkJcAS.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Windows Update Service] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [WintelUpdate] c:\tqwkrav.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Rechercher sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://gathol.forumgaming.fr/
O15 - Trusted Zone: http://drenai.realbb.net
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: https://www.slayersonline.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CSIScanner (csiscanner) - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 13124 bytes

Merci beaucoup, je compte sur votre compétence.

A toute,
Configuration: Windows XP
Internet Explorer 7.0

37 réponses

  • 1
  • 2
Résumé de la discussion

Infection virale sous Windows XP où Avast identifie JWZPQNG.SYS comme fichier infecté et où les suppressions échouent, le fichier se répliquant après chaque nettoyage malgré plusieurs analyses antivirus. Plusieurs éléments du rapport HijackThis et l'utilisation simultanée d'antivirus comme Malwarebytes' Anti-Malware, Spybot ou Ewido orientent les pistes de résolution, malgré des détections répétées et des composants qui se réinstallent. Parmi les recommandations figure relancer HijackThis pour fixer entrées problématiques comme les BHOs d'Adobe PDF Reader, puis désinstaller et mettre à jour Java et Adobe Reader, et lancer Malwarebytes ainsi qu'un outil comme DSS. En cas de persistance, des mesures complémentaires comme des sauvegardes préalables, une analyse en mode sans échec et une réinstallation partielle des composants critiques peuvent être envisagées.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Salut ,

    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    → Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.

    → A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

    → Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

    → Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

    → MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

    → Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

    → MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

    → A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

    → Si des malwares ont été détectés, leur liste s'affiche.
    En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    → MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

    → Ferme MBAM en cliquant sur Quitter.

    → Poste le rapport dans ta réponse

    **********************************************************


    → Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

    (choisis enregistrer, puis Bureau comme emplacement)

    Ferme toutes les applications en cours.

    → Double-clic sur DSS.exe pour lancer l'outil.

    → Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

    → A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

    Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
    Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    A+
    0
  2. jtb Messages postés 154 Statut Membre 1
     
    Salut à toi !

    Tout d'abord, merci beaucoup pour le temps que tu me consacres. :-)

    Je rajoute que mon virus envoie des mails par l'application Services.exe, qu'il m'est impossible de couper par le gestionnaire des tâches, elle est bloquée.

    Voici le rapport de Malware, qui m'a trouvé deux objets :

    Malwarebytes' Anti-Malware 1.17
    Version de la base de données: 851

    14:59:50 13/06/2008
    mbam-log-6-13-2008 (14-59-50).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 164709
    Temps écoulé: 25 minute(s), 12 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\66.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jwzpqng.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.

    Pour ce qui est de JWZPQNG.SYS; il réapparaît tout le temps. Il revient deux secondes après sa suppresion.

    Et voici le rapport de DSS :

    Deckard's System Scanner v20071014.68
    Run by Jonathan on 2008-06-13 15:13:34
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    -- Last 3 Restore Point(s) --
    3: 2008-06-13 13:00:45 UTC - RP3 - Deckard's System Scanner Restore Point
    2: 2008-06-12 20:36:00 UTC - RP2 - ComboFix created restore point
    1: 2008-06-12 20:35:47 UTC - RP1 - Point de vérification système

    Backed up registry hives.
    Performed disk cleanup.

    -- HijackThis (run as Jonathan.exe) --------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:14:49, on 13/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\beidservicecrl.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\beidservicepcsc.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Belgium Identity Card\beidsystemtray.exe
    C:\Program Files\EmvSmartCardReader\SmartMON.exe
    C:\Program Files\EmvSmartCardReader\BePCSC.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Jonathan\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {68da1884-655b-47c3-ae5c-8f49008457b1} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
    O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
    O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Rechercher sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://gathol.forumgaming.fr/
    O15 - Trusted Zone: http://drenai.realbb.net
    O15 - Trusted Zone: http://www.secuser.com
    O15 - Trusted Zone: https://www.slayersonline.net/
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
    O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  3. Utilisateur anonyme
     
    Re ,

    *************************************************************

    /!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\

    _________________________________________________

    1)Désactive ta restauration système
    Clic sur « Démarrer »
    Clic droit sur « Poste de travail », puis sur « Propriétés »,
    Vas sur l’onglet « Restauration système »
    Tu y coches la case « Désactiver la restauration »
    Termine par [Appliquer] [OK]


    _________________________________________________

    2)Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

    Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl

    AVANT d'utiliser ComboFix :
    → Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
    → Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

    3)Sur ton bureau double clic sur Combofix.exe.
    Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

    /!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

    Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

    En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

    Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

    (Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

    _________________________________________________

    4)Ensuite réactive ta restauration système
    Clic droit sur « Poste de travail », puis sur « Propriétés »,
    Vas sur l’onglet « Restauration système »
    Tu décoches la case « Désactiver la restauration »
    Termine par [Appliquer] [OK]


    _________________________________________________

    Tutorial ( aide ):

    http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    *************************************************************

    A++
    0
  4. jtb Messages postés 154 Statut Membre 1
     
    Re, et encore merci :-)

    Pour la restauration, pas de problème, je ne l'active jamais.

    Rapport de ComboFix :
    ComboFix 08-06-11.7 - Jonathan 2008-06-13 16:23:58.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1439 [GMT 2:00]
    Endroit: C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Fonts\CALIBRIB.TTF

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-13 15:00 . 2008-06-13 15:00 <REP> d-------- C:\Deckard
    2008-06-13 14:30 . 2008-06-13 14:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-13 14:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-13 14:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-12 22:13 . 2008-06-12 22:13 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-12 22:10 . 2008-06-12 22:10 <REP> d-------- C:\VundoFix Backups
    2008-06-12 22:07 . 2008-06-12 22:07 0 --a------ C:\owhjmpsv
    2008-06-12 21:58 . 2008-06-12 21:58 <REP> d-------- C:\Program Files\Unlocker
    2008-06-12 18:16 . 2008-06-12 18:17 <REP> d-------- C:\Program Files\Glary Utilities
    2008-06-12 05:42 . 2008-06-12 07:30 209 --a------ C:\WINDOWS\wininit.ini
    2008-06-11 22:01 . 2008-06-11 22:01 29 --a------ C:\WINDOWS\system32\sddswuuw.tmp
    2008-06-11 22:00 . 2008-06-11 22:00 131,584 --a------ C:\WINDOWS\system32\drivers\Hgfe40.sys
    2008-06-11 22:00 . 2008-06-13 16:28 63,922 --a------ C:\WINDOWS\system32\jwzpqng.sys
    2008-06-11 12:53 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-11 12:53 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Program Files\Free Download Manager
    2008-06-09 20:59 . 2008-06-09 21:03 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Free Download Manager
    2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
    2008-06-06 16:47 . 2008-06-06 16:48 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\beid-cache
    2008-06-06 16:45 . 2008-06-06 16:45 <REP> d-------- C:\Program Files\EmvSmartCardReader
    2008-06-06 16:45 . 2008-06-06 16:42 46 --a------ C:\WINDOWS\Hbci0606144556.bak
    2008-06-06 16:42 . 2008-06-06 16:40 277 --a------ C:\WINDOWS\Hbci0606144256.bak
    2008-06-06 16:40 . 2008-06-06 16:37 42 --a------ C:\WINDOWS\Hbci0606144036.bak
    2008-06-06 16:37 . 2008-06-06 15:35 273 --a------ C:\WINDOWS\Hbci0606143743.bak
    2008-06-06 16:33 . 2008-06-06 16:33 <REP> d-------- C:\Program Files\Belgium Identity Card
    2008-06-06 16:33 . 2007-02-19 15:15 352,256 --a------ C:\WINDOWS\system32\eidlib.dll
    2008-06-06 16:33 . 2007-02-19 15:16 114,688 --a------ C:\WINDOWS\system32\EIDLibCtrl.dll
    2008-06-06 16:33 . 2006-05-29 14:32 77,905 --a------ C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
    2008-06-06 16:33 . 2007-02-19 15:16 40,960 --a------ C:\WINDOWS\system32\eidlibj.dll
    2008-06-06 15:35 . 2008-06-06 15:30 269 --a------ C:\WINDOWS\Hbci0606133531.bak
    2008-06-06 15:35 . 2008-06-06 15:35 38 --a------ C:\WINDOWS\Hbci0606133532.bak
    2008-06-06 15:30 . 2008-06-06 15:27 34 --a------ C:\WINDOWS\Hbci0606133048.bak
    2008-06-06 15:27 . 2008-06-06 15:13 265 --a------ C:\WINDOWS\Hbci0606132745.bak
    2008-06-06 15:13 . 2008-06-06 15:09 30 --a------ C:\WINDOWS\Hbci0606131327.bak
    2008-06-06 15:09 . 2008-06-06 15:04 261 --a------ C:\WINDOWS\Hbci0606130940.bak
    2008-06-06 15:04 . 2008-06-06 14:46 26 --a------ C:\WINDOWS\Hbci0606130441.bak
    2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124645.bak
    2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124644.bak
    2008-06-06 14:46 . 2008-06-06 14:43 22 --a------ C:\WINDOWS\Hbci0606124642.bak
    2008-06-06 14:43 . 2008-06-06 14:43 253 --a------ C:\WINDOWS\Hbci0606124317.bak
    2008-06-06 14:43 . 2008-06-06 14:35 253 --a------ C:\WINDOWS\Hbci0606124316.bak
    2008-06-06 14:35 . 2008-06-06 14:32 18 --a------ C:\WINDOWS\Hbci0606123537.bak
    2008-06-06 14:32 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcitmp.ini
    2008-06-06 14:32 . 2008-06-06 14:10 249 --a------ C:\WINDOWS\Hbci0606123231.bak
    2008-06-06 14:10 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcikrnl.ini
    2008-06-03 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-06-01 12:59 . 2008-06-01 13:00 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
    2008-06-01 12:59 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
    2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-05-29 00:00 . 2008-05-29 00:01 <REP> d-------- C:\Documents and Settings\Jonathan\.dvdcss
    2008-05-28 23:16 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\neodivxlazarus
    2008-05-28 23:02 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\Ripp-it_AM
    2008-05-28 19:26 . 2008-05-28 19:26 <REP> d-------- C:\Program Files\Intel Corporation
    2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
    2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-20 21:29 . 2008-05-20 21:29 <REP> d-------- C:\Program Files\Audacity
    2008-05-19 00:03 . 2008-06-11 21:33 <REP> d-------- C:\Program Files\eChanblard
    2008-05-18 12:44 . 2008-05-18 12:44 <REP> d-------- C:\Program Files\Free Audio Pack
    2008-05-18 12:44 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
    2008-05-18 12:44 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
    2008-05-18 12:44 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
    2008-05-18 12:44 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-05-18 12:44 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
    2008-05-18 12:44 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2008-05-18 12:44 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
    2008-05-18 12:35 . 2000-10-06 07:17 163,600 --a------ C:\WINDOWS\system32\Wmaudsdk.dll
    2008-05-13 21:53 . 2008-05-13 21:53 <REP> d-------- C:\Program Files\3ivx
    2008-05-13 21:37 . 2008-05-13 21:37 <REP> d-------- C:\WINDOWS\system32\Logs

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-06-12 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-12 20:14 296,690 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2008-06-12 03:17 --------- d-----w C:\Program Files\PowerArchiver
    2008-06-11 20:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
    2008-06-11 20:30 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Azureus
    2008-06-11 20:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-09 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-08 10:44 --------- d-----w C:\Program Files\DivX
    2008-06-01 10:59 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-30 13:35 --------- d-----w C:\Program Files\SpeedFan
    2008-05-28 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-05-24 10:55 --------- d-----w C:\Program Files\IEPro
    2008-05-20 16:12 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-17 16:40 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Tunebite
    2008-05-13 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-05-05 21:04 --------- d-----w C:\Program Files\Personal Reminder
    2008-05-02 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
    2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
    2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
    2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
    2008-04-30 20:49 --------- d-----w C:\Program Files\Astase
    2008-04-27 21:23 --------- d-----w C:\Program Files\EAGLE-4.16r2
    2008-04-25 20:38 --------- d-----w C:\Program Files\GXTranscoder.net AWE
    2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-23 19:37 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AccurateRip
    2008-04-23 19:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2008-04-22 20:34 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ma-config.com
    2008-04-22 20:26 --------- d-----w C:\Program Files\ma-config.com
    2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-04-20 19:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-20 19:48 22,328 ----a-w C:\Documents and Settings\Jonathan\Application Data\PnkBstrK.sys
    2008-04-20 19:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-20 16:59 --------- d-----w C:\Program Files\Azureus
    2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-04-15 19:40 --------- d-----w C:\Program Files\eRightSoft
    2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
    2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
    2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll
    2008-04-14 02:32 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
    2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-14 02:32 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
    2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-14 02:32 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll
    2008-04-14 02:32 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
    2008-04-14 02:32 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
    2008-04-14 02:32 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
    2008-04-14 02:32 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
    2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
    2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
    2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
    2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
    2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
    2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
    2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
    2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
    2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
    2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
    2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
    2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
    2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
    2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
    2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
    2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
    2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
    2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-12_22.46.37.01 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-12 20:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-13 14:17:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-13 14:17:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68da1884-655b-47c3-ae5c-8f49008457b1}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-18 22:29 68856]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
    "beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 15:15 188416]
    "SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 15:18 73826]
    "BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 11:56 27136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22 288472]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/03/2008 16:59:32 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [01/06/2008 12:59:27 805392]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe"
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\eChanblard\\emule.exe"=
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\IEPro\\MiniDM.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "33515:TCP"= 33515:TCP:Windows Update Service Helper

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 Hgfe40;Hgfe40;C:\WINDOWS\system32\drivers\Hgfe40.sys [2008-06-11 22:00]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 15:16]
    R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 15:16]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-05-07 15:15]
    R3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2006-09-18 15:12]
    S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 11:21]
    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 08:14]
    S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Jonathan\Bureau\Nouveau dossier\NRKCTL32.SYS []
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04b5bafe-f736-11db-b03a-0015e9a33727}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d97d80-ffbb-11db-b064-0015e9a33727}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - catchme
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-13 14:17:46 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-13 16:28:04
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-13 16:29:51
    ComboFix-quarantined-files.txt 2008-06-13 14:29:46
    ComboFix2.txt 2008-06-12 20:47:38

    Pre-Run: 205,254,553,600 octets libres
    Post-Run: 205,244,964,864 octets libres

    337 --- E O F --- 2008-06-11 10:57:27

    Bonne journée à toi !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Re ,
    Va sur ce site --> https://www.virustotal.com/gui/

    Copie/colle cette ligne en gras dans le champs de saisie :

    C:\WINDOWS\Hbci0606144556.bak


    Clique sur ' Envoyer le fichier '

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    -> Poste le moi stp.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


    Recommence avec :


    C:\WINDOWS\system32\eidlibj.dll

    C:\WINDOWS\hbcikrnl.ini

    C:\WINDOWS\system32\dpufr.qm



    A++
    0
  7. jtb Messages postés 154 Statut Membre 1
     
    Re et j'en profite pour encore te remercier de ton aide. =)

    D'abord, j'ai la protection résidente d'Avast Édition Familiale n'apparaît plus dans la barre des tâches. Le virus me l'aurait réduite à néant ?

    Sinon, voici les rapports du site, je ne pense pas qu'il y ait quelques chose d'intéressant mais enfin :

    C:\WINDOWS\Hbci0606144556.bak

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.13.1 2008.06.13 -
    AntiVir 7.8.0.55 2008.06.13 -
    Authentium 5.1.0.4 2008.06.12 -
    Avast 4.8.1195.0 2008.06.13 -
    AVG 7.5.0.516 2008.06.13 -
    BitDefender 7.2 2008.06.13 -
    CAT-QuickHeal 9.50 2008.06.13 -
    ClamAV 0.92.1 2008.06.13 -
    DrWeb 4.44.0.09170 2008.06.13 -
    eSafe 7.0.15.0 2008.06.12 -
    eTrust-Vet 31.6.5870 2008.06.13 -
    Ewido 4.0 2008.06.13 -
    F-Prot 4.4.4.56 2008.06.12 -
    F-Secure 6.70.13260.0 2008.06.13 -
    Fortinet 3.14.0.0 2008.06.13 -
    GData 2.0.7306.1023 2008.06.13 -
    Ikarus T3.1.1.26.0 2008.06.13 -
    Kaspersky 7.0.0.125 2008.06.13 -
    McAfee 5317 2008.06.13 -
    Microsoft None 2008.06.13 -
    NOD32v2 3185 2008.06.13 -
    Norman 5.80.02 2008.06.13 -
    Panda 9.0.0.4 2008.06.12 -
    Prevx1 V2 2008.06.13 -
    Rising 20.48.42.00 2008.06.13 -
    Sophos 4.30.0 2008.06.13 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.13 -
    TheHacker 6.2.92.346 2008.06.12 -
    VBA32 3.12.6.7 2008.06.12 -
    VirusBuster 4.3.26:9 2008.06.12 -
    Webwasher-Gateway 6.6.2 2008.06.13 -
    Information additionnelle
    File size: 46 bytes
    MD5...: 8fe040caef178bae750d487506d43be6
    SHA1..: 5c074bc8e3913a7e42cc7522656b1ec329900c9f
    SHA256: b4b06e91d00b00c18fee217d8d3caba776537ae268f815739165d5c284e3e3c3
    SHA512: 02ab66ff8cd2577a965bd379f63cbf3f4e279cc5143b5b1d53b2b704f608449c
    3e1db6962d827c2c9c3141a7e8bbd99d6f201bd100be570baf9559142a43635c
    PEiD..: -
    PEInfo: -

    C:\WINDOWS\system32\eidlibj.dll

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.13.1 2008.06.13 -
    AntiVir 7.8.0.55 2008.06.13 -
    Authentium 5.1.0.4 2008.06.12 -
    Avast 4.8.1195.0 2008.06.13 -
    AVG 7.5.0.516 2008.06.13 -
    BitDefender 7.2 2008.06.13 -
    CAT-QuickHeal 9.50 2008.06.13 -
    ClamAV 0.92.1 2008.06.13 -
    DrWeb 4.44.0.09170 2008.06.13 -
    eSafe 7.0.15.0 2008.06.12 -
    eTrust-Vet 31.6.5871 2008.06.13 -
    Ewido 4.0 2008.06.13 -
    F-Prot 4.4.4.56 2008.06.12 -
    F-Secure 6.70.13260.0 2008.06.13 -
    Fortinet 3.14.0.0 2008.06.13 -
    GData 2.0.7306.1023 2008.06.13 -
    Ikarus T3.1.1.26.0 2008.06.13 -
    Kaspersky 7.0.0.125 2008.06.13 -
    McAfee 5317 2008.06.13 -
    Microsoft None 2008.06.13 -
    NOD32v2 3185 2008.06.13 -
    Norman 5.80.02 2008.06.13 -
    Panda 9.0.0.4 2008.06.12 -
    Prevx1 V2 2008.06.13 -
    Rising 20.48.42.00 2008.06.13 -
    Sophos 4.30.0 2008.06.13 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.13 -
    TheHacker 6.2.92.346 2008.06.12 -
    VBA32 3.12.6.7 2008.06.12 -
    VirusBuster 4.3.26:9 2008.06.12 -
    Webwasher-Gateway 6.6.2 2008.06.13 -
    Information additionnelle
    File size: 40960 bytes
    MD5...: 2a648191e7250089fbcf5d427426cf1a
    SHA1..: 8844a0a312334d5cf4dcfb95a4cb9ff549c04321
    SHA256: 954a0d5f3273f3a711804d64741876894c96f146035fa3592f7931b5e245a81a
    SHA512: d8efc7a305b0463e6ab89d6ab480c265bd44b16a34985b9219c1b684b80f7b19
    aaa9e5f5fe1d52cd30c9c82c18e48fc5cc6ef01b17325f0abfefd639e2b4e8cb
    PEiD..: Armadillo v1.xx - v2.xx
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x62003c09
    timedatestamp.....: 0x45d9b13c (Mon Feb 19 14:16:28 2007)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x2d1d 0x3000 5.83 e9d9ecbb5da61e12221fd9cc17601ced
    .rdata 0x4000 0x2c04 0x3000 5.09 1f7c575c7b7703c96c52bb9d9e085c26
    .data 0x7000 0x15c 0x1000 0.65 162a65c5eb152e7cf8a468d732dd4596
    .rsrc 0x8000 0x458 0x1000 1.13 5d0c3c794322b46aecd2d8b7efdc853b
    .reloc 0x9000 0x30a 0x1000 1.52 166e4c6d8705ab4f5ce79747d4fb00fe

    ( 4 imports )
    > qt_mt334.dll: _setProperty@QObject@@UAE_NPBDABVQVariant@@@Z, _removeChild@QObject@@UAEXPAV1@@Z, _wakeUpGuiThread@QApplication@@QAEXXZ, __1QApplication@@UAE@XZ, _qApp@@3PAVQApplication@@A, __0QApplication@@QAE@AAHPAPAD@Z, _metaObject@QApplication@@UBEPAVQMetaObject@@XZ, _className@QApplication@@UBEPBDXZ, _qt_cast@QApplication@@UAEPAXPBD@Z, _qt_invoke@QApplication@@UAE_NHPAUQUObject@@@Z, _qt_emit@QApplication@@UAE_NHPAUQUObject@@@Z, _qt_property@QApplication@@UAE_NHHPAVQVariant@@@Z, _event@QApplication@@MAE_NPAVQEvent@@@Z, _eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z, _setName@QObject@@UAEXPBD@Z, _insertChild@QObject@@UAEXPAV1@@Z, _property@QObject@@UBE_AVQVariant@@PBD@Z, _timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z, _childEvent@QObject@@MAEXPAVQChildEvent@@@Z, _customEvent@QObject@@MAEXPAVQCustomEvent@@@Z, _connectNotify@QObject@@MAEXPBD@Z, _disconnectNotify@QObject@@MAEXPBD@Z, _checkConnectArgs@QObject@@MAE_NPBDPBV1@0@Z, _setMainWidget@QApplication@@UAEXPAVQWidget@@@Z, _polish@QApplication@@UAEXPAVQWidget@@@Z, _notify@QApplication@@UAE_NPAVQObject@@PAVQEvent@@@Z, _commitData@QApplication@@UAEXAAVQSessionManager@@@Z, _winEventFilter@QApplication@@UAE_NPAUtagMSG@@@Z, _saveState@QApplication@@UAEXAAVQSessionManager@@@Z
    > beidlib.dll: BEID_GetAddress, BEID_SendAPDU, BEID_FlushCache, BEID_WriteFile, BEID_ReadFile, BEID_GetPINStatus, BEID_ChangePIN, BEID_VerifyPIN, BEID_SelectApplication, BEID_EndTransaction, BEID_BeginTransaction, BEID_GetVersionInfo, BEID_SetRawData, BEID_GetRawData, BEID_GetPicture, BEID_GetID, BEID_Exit, BEID_InitEx
    > MSVCRT.dll: _initterm, _onexit, __dllonexit, memmove, malloc, free, calloc, __CxxFrameHandler, __2@YAPAXI@Z, __3@YAXPAX@Z, _adjust_fdiv
    > KERNEL32.dll: DisableThreadLibraryCalls

    ( 120 exports )
    _Java_be_belgium_eid_eidlibJNI_BEID_1BeginTransaction@8, _Java_be_belgium_eid_eidlibJNI_BEID_1ChangePIN@32, _Java_be_belgium_eid_eidlibJNI_BEID_1EndTransaction@8, _Java_be_belgium_eid_eidlibJNI_BEID_1Exit@8, _Java_be_belgium_eid_eidlibJNI_BEID_1FlushCache@8, _Java_be_belgium_eid_eidlibJNI_BEID_1GetAddress@24, _Java_be_belgium_eid_eidlibJNI_BEID_1GetID@24, _Java_be_belgium_eid_eidlibJNI_BEID_1GetPINStatus@36, _Java_be_belgium_eid_eidlibJNI_BEID_1GetPicture@24, _Java_be_belgium_eid_eidlibJNI_BEID_1GetRawData@16, _Java_be_belgium_eid_eidlibJNI_BEID_1GetVersionInfo@28, _Java_be_belgium_eid_eidlibJNI_BEID_1Init@28, _Java_be_belgium_eid_eidlibJNI_BEID_1ReadFile@28, _Java_be_belgium_eid_eidlibJNI_BEID_1SelectApplication@12, _Java_be_belgium_eid_eidlibJNI_BEID_1SendAPDU@28, _Java_be_belgium_eid_eidlibJNI_BEID_1SetRawData@16, _Java_be_belgium_eid_eidlibJNI_BEID_1VerifyPIN@28, _Java_be_belgium_eid_eidlibJNI_BEID_1WriteFile@24, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Address@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Bytes@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Certif@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Certif_1Check@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1ID_1Data@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Long@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Pin@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Raw@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Status@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1VersionInfo@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1boxNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1country@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1municipality@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1street@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1streetNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1version@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1zip@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Bytes_1data@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1Check_1certificate@20, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1Check_1certificatesLength@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1Check_1signatureCheck@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1Check_1usedPolicy@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1certif@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1certifLabel@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1certifStatus@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1birthDate@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1birthLocation@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1cardNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1chipNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1documentType@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1extendedMinority@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1firstName1@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1firstName2@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1firstName3@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1hashPhoto@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1municipality@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1name@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1nationalNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1nationality@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1nobleCondition@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1sex@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1validityDateBegin@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1validityDateEnd@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1version@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1whiteCane@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1yellowCane@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Long_1data@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1addrData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1addrSigData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1cardData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1certRN@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1challenge@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1idData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1idSigData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1pictureData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1response@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1tokenInfo@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Status_1cardSW@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Status_1general@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Status_1pcsc@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Status_1system@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1AppletInterfaceVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1AppletVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1ApplicationLifeCycle@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1ComponentCode@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1ElecPerso@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1ElecPersoInterface@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1GlobalOSVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1GraphPerso@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1KeyExchangeVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1OSNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1OSVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1PKCS1Support@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1Reserved@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1SerialNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1SoftmaskNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1SoftmaskVersion@16, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Address@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Bytes@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Certif@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Certif_1Check@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1ID_1Data@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Long@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Pin@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Raw@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Status@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1VersionInfo@8, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1id@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1longUsage@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1pinType@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1shortUsage@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1usageCode@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1addrData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1addrSigData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1cardData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1certRN@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1challenge@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1idData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1idSigData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1pictureData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1response@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1tokenInfo@20

    C:\WINDOWS\hbcikrnl.ini

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.13.1 2008.06.13 -
    AntiVir 7.8.0.55 2008.06.13 -
    Authentium 5.1.0.4 2008.06.12 -
    Avast 4.8.1195.0 2008.06.13 -
    AVG 7.5.0.516 2008.06.13 -
    BitDefender 7.2 2008.06.13 -
    CAT-QuickHeal 9.50 2008.06.13 -
    ClamAV 0.92.1 2008.06.13 -
    DrWeb 4.44.0.09170 2008.06.13 -
    eSafe 7.0.15.0 2008.06.12 -
    eTrust-Vet 31.6.5871 2008.06.13 -
    Ewido 4.0 2008.06.13 -
    F-Prot 4.4.4.56 2008.06.12 -
    F-Secure 6.70.13260.0 2008.06.13 -
    Fortinet 3.14.0.0 2008.06.13 -
    GData 2.0.7306.1023 2008.06.13 -
    Ikarus T3.1.1.26.0 2008.06.13 -
    Kaspersky 7.0.0.125 2008.06.13 -
    McAfee 5317 2008.06.13 -
    Microsoft None 2008.06.13 -
    NOD32v2 3185 2008.06.13 -
    Norman 5.80.02 2008.06.13 -
    Panda 9.0.0.4 2008.06.12 -
    Prevx1 V2 2008.06.13 -
    Rising 20.48.42.00 2008.06.13 -
    Sophos 4.30.0 2008.06.13 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.13 -
    TheHacker 6.2.92.346 2008.06.12 -
    VBA32 3.12.6.7 2008.06.12 -
    VirusBuster 4.3.26:9 2008.06.12 -
    Webwasher-Gateway 6.6.2 2008.06.13 -
    Information additionnelle
    File size: 281 bytes
    MD5...: de0bd9ab932619c5baf3673f79d9bd6b
    SHA1..: 25522fd2ad8ccb4b26472af6e1709731f41f6dfc
    SHA256: 016651251abe6e1734f4a4449c172f7d0a45c41ba86131f249c1229ba668e639
    SHA512: cc754fefcd7821940e2ee7c40e503a830b5890b73f746cbba326229e7be42737
    35fcbaa6a8217fd55fc1ce0ab29315cdabf4d81c8a6245670353b90eb7dd2ca5
    PEiD..: -
    PEInfo: -

    C:\WINDOWS\system32\dpufr.qm

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.13.1 2008.06.13 -
    AntiVir 7.8.0.55 2008.06.13 -
    Authentium 5.1.0.4 2008.06.12 -
    Avast 4.8.1195.0 2008.06.13 -
    AVG 7.5.0.516 2008.06.13 -
    BitDefender 7.2 2008.06.13 -
    CAT-QuickHeal 9.50 2008.06.13 -
    ClamAV 0.92.1 2008.06.13 -
    DrWeb 4.44.0.09170 2008.06.13 -
    eSafe 7.0.15.0 2008.06.12 -
    eTrust-Vet 31.6.5871 2008.06.13 -
    Ewido 4.0 2008.06.13 -
    F-Prot 4.4.4.56 2008.06.12 -
    F-Secure 6.70.13260.0 2008.06.13 -
    Fortinet 3.14.0.0 2008.06.13 -
    GData 2.0.7306.1023 2008.06.13 -
    Ikarus T3.1.1.26.0 2008.06.13 -
    Kaspersky 7.0.0.125 2008.06.13 -
    McAfee 5317 2008.06.13 -
    Microsoft None 2008.06.13 -
    NOD32v2 3185 2008.06.13 -
    Norman 5.80.02 2008.06.13 -
    Panda 9.0.0.4 2008.06.12 -
    Prevx1 V2 2008.06.13 -
    Rising 20.48.42.00 2008.06.13 -
    Sophos 4.30.0 2008.06.13 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.13 -
    TheHacker 6.2.92.346 2008.06.12 -
    VBA32 3.12.6.7 2008.06.12 -
    VirusBuster 4.3.26:9 2008.06.12 -
    Webwasher-Gateway 6.6.2 2008.06.13 -
    Information additionnelle
    File size: 8835 bytes
    MD5...: 85a8e6d974beb73e6f22d473eff6e7ab
    SHA1..: 36cc2a2da7b9575098a0ca0428f4143476a81142
    SHA256: b4d039db14518f5233611e65885532ef5ea42e42a96c1c44bd93351940bb143e
    SHA512: 6f2a689075636659c5ab1cde6a3a36ff6189388deb9994f01697acce82df72b5
    ac9fa46380e419d88e92d55faf1d52f496045bcd8ea7f5302985ef000998304f
    PEiD..: -
    PEInfo: -

    J'espère ne pas avoir posté des données personnelles concernant ma carte d'identité électronique pour le fichier C:\WINDOWS\system32\eidlibj.dll, sinon dit le moi.

    Merci encore et bonne soirée, :-)
    0
  8. Utilisateur anonyme
     
    Re , !

    non c'est bon ;)))

    Re ,

    ****************************************************

    /!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

    Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

    Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

    Driver::
    Hgfe40

    File::
    C:\WINDOWS\system32\sddswuuw.tmp
    C:\WINDOWS\system32\jwzpqng.sys
    C:\WINDOWS\system32\drivers\Hgfe40.sys

    Folder::
    C:\Program Files\Malwarebytes' Anti-Malware
    C:\VundoFix Backups
    C:\owhjmpsv



    Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport DSS.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    ****************************************************

    A++
    0
    1. jtb Messages postés 154 Statut Membre 1
       
      Voilà ! Tes instructions sont très claires, merci de ta sollicitude. Mon PC bien redémarré avant la compilation du rapport. Voici le rapport ComboFix :

      ComboFix 08-06-11.7 - Jonathan 2008-06-13 20:42:01.3 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1388 [GMT 2:00]
      Endroit: C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Jonathan\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\WINDOWS\system32\drivers\Hgfe40.sys
      C:\WINDOWS\system32\jwzpqng.sys
      C:\WINDOWS\system32\sddswuuw.tmp
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\owhjmpsv\
      C:\Program Files\Malwarebytes' Anti-Malware
      C:\Program Files\Malwarebytes' Anti-Malware\changes.rtf
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\albanian.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\danish.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng
      C:\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng
      C:\Program Files\Malwarebytes' Anti-Malware\license.txt
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
      C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
      C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat
      C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
      C:\Program Files\Malwarebytes' Anti-Malware\unins000.msg
      C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
      C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
      C:\VundoFix Backups
      C:\WINDOWS\system32\drivers\Hgfe40.sys
      C:\WINDOWS\system32\jwzpqng.sys
      C:\WINDOWS\system32\sddswuuw.tmp

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_hgfe40
      -------\Service_Hgfe40
      -------\Service_jwzpqng


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
      .

      2008-06-13 15:00 . 2008-06-13 15:00 <REP> d-------- C:\Deckard
      2008-06-13 14:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-13 14:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-06-12 22:13 . 2008-06-12 22:13 <REP> d-------- C:\Program Files\Trend Micro
      2008-06-12 22:07 . 2008-06-12 22:07 0 --a------ C:\owhjmpsv
      2008-06-12 21:58 . 2008-06-12 21:58 <REP> d-------- C:\Program Files\Unlocker
      2008-06-12 18:16 . 2008-06-12 18:17 <REP> d-------- C:\Program Files\Glary Utilities
      2008-06-12 05:42 . 2008-06-12 07:30 209 --a------ C:\WINDOWS\wininit.ini
      2008-06-11 12:53 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-06-11 12:53 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
      2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Program Files\Free Download Manager
      2008-06-09 20:59 . 2008-06-09 21:03 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Free Download Manager
      2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
      2008-06-06 16:47 . 2008-06-06 16:48 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\beid-cache
      2008-06-06 16:45 . 2008-06-06 16:45 <REP> d-------- C:\Program Files\EmvSmartCardReader
      2008-06-06 16:45 . 2008-06-06 16:42 46 --a------ C:\WINDOWS\Hbci0606144556.bak
      2008-06-06 16:42 . 2008-06-06 16:40 277 --a------ C:\WINDOWS\Hbci0606144256.bak
      2008-06-06 16:40 . 2008-06-06 16:37 42 --a------ C:\WINDOWS\Hbci0606144036.bak
      2008-06-06 16:37 . 2008-06-06 15:35 273 --a------ C:\WINDOWS\Hbci0606143743.bak
      2008-06-06 16:33 . 2008-06-06 16:33 <REP> d-------- C:\Program Files\Belgium Identity Card
      2008-06-06 16:33 . 2007-02-19 15:15 352,256 --a------ C:\WINDOWS\system32\eidlib.dll
      2008-06-06 16:33 . 2007-02-19 15:16 114,688 --a------ C:\WINDOWS\system32\EIDLibCtrl.dll
      2008-06-06 16:33 . 2006-05-29 14:32 77,905 --a------ C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
      2008-06-06 16:33 . 2007-02-19 15:16 40,960 --a------ C:\WINDOWS\system32\eidlibj.dll
      2008-06-06 15:35 . 2008-06-06 15:30 269 --a------ C:\WINDOWS\Hbci0606133531.bak
      2008-06-06 15:35 . 2008-06-06 15:35 38 --a------ C:\WINDOWS\Hbci0606133532.bak
      2008-06-06 15:30 . 2008-06-06 15:27 34 --a------ C:\WINDOWS\Hbci0606133048.bak
      2008-06-06 15:27 . 2008-06-06 15:13 265 --a------ C:\WINDOWS\Hbci0606132745.bak
      2008-06-06 15:13 . 2008-06-06 15:09 30 --a------ C:\WINDOWS\Hbci0606131327.bak
      2008-06-06 15:09 . 2008-06-06 15:04 261 --a------ C:\WINDOWS\Hbci0606130940.bak
      2008-06-06 15:04 . 2008-06-06 14:46 26 --a------ C:\WINDOWS\Hbci0606130441.bak
      2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124645.bak
      2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124644.bak
      2008-06-06 14:46 . 2008-06-06 14:43 22 --a------ C:\WINDOWS\Hbci0606124642.bak
      2008-06-06 14:43 . 2008-06-06 14:43 253 --a------ C:\WINDOWS\Hbci0606124317.bak
      2008-06-06 14:43 . 2008-06-06 14:35 253 --a------ C:\WINDOWS\Hbci0606124316.bak
      2008-06-06 14:35 . 2008-06-06 14:32 18 --a------ C:\WINDOWS\Hbci0606123537.bak
      2008-06-06 14:32 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcitmp.ini
      2008-06-06 14:32 . 2008-06-06 14:10 249 --a------ C:\WINDOWS\Hbci0606123231.bak
      2008-06-06 14:10 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcikrnl.ini
      2008-06-03 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
      2008-06-01 12:59 . 2008-06-01 13:00 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
      2008-06-01 12:59 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
      2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
      2008-05-29 00:00 . 2008-05-29 00:01 <REP> d-------- C:\Documents and Settings\Jonathan\.dvdcss
      2008-05-28 23:16 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\neodivxlazarus
      2008-05-28 23:02 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\Ripp-it_AM
      2008-05-28 19:26 . 2008-05-28 19:26 <REP> d-------- C:\Program Files\Intel Corporation
      2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
      2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
      2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
      2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
      2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
      2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
      2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
      2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
      2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
      2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
      2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
      2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
      2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
      2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
      2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Program Files\Alwil Software
      2008-05-20 21:29 . 2008-05-20 21:29 <REP> d-------- C:\Program Files\Audacity
      2008-05-19 00:03 . 2008-06-11 21:33 <REP> d-------- C:\Program Files\eChanblard
      2008-05-18 12:44 . 2008-05-18 12:44 <REP> d-------- C:\Program Files\Free Audio Pack
      2008-05-18 12:44 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
      2008-05-18 12:44 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
      2008-05-18 12:44 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
      2008-05-18 12:44 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
      2008-05-18 12:44 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
      2008-05-18 12:44 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
      2008-05-18 12:44 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
      2008-05-18 12:35 . 2000-10-06 07:17 163,600 --a------ C:\WINDOWS\system32\Wmaudsdk.dll
      2008-05-13 21:53 . 2008-05-13 21:53 <REP> d-------- C:\Program Files\3ivx
      2008-05-13 21:37 . 2008-05-13 21:37 <REP> d-------- C:\WINDOWS\system32\Logs

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-13 18:11 296,950 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
      2008-06-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
      2008-06-12 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-06-12 03:17 --------- d-----w C:\Program Files\PowerArchiver
      2008-06-11 20:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
      2008-06-11 20:30 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Azureus
      2008-06-11 20:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-06-09 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-06-08 10:44 --------- d-----w C:\Program Files\DivX
      2008-06-01 10:59 --------- d-----w C:\Program Files\Fichiers communs\Logitech
      2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
      2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2008-05-30 13:35 --------- d-----w C:\Program Files\SpeedFan
      2008-05-28 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
      2008-05-24 10:55 --------- d-----w C:\Program Files\IEPro
      2008-05-20 16:12 --------- d-----w C:\Program Files\Microsoft Silverlight
      2008-05-17 16:40 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Tunebite
      2008-05-13 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
      2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
      2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
      2008-05-05 21:04 --------- d-----w C:\Program Files\Personal Reminder
      2008-05-02 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
      2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
      2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
      2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
      2008-04-30 20:49 --------- d-----w C:\Program Files\Astase
      2008-04-27 21:23 --------- d-----w C:\Program Files\EAGLE-4.16r2
      2008-04-25 20:38 --------- d-----w C:\Program Files\GXTranscoder.net AWE
      2008-04-23 19:37 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AccurateRip
      2008-04-23 19:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
      2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-04-22 20:34 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ma-config.com
      2008-04-22 20:26 --------- d-----w C:\Program Files\ma-config.com
      2008-04-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      2008-04-20 19:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-04-20 19:48 22,328 ----a-w C:\Documents and Settings\Jonathan\Application Data\PnkBstrK.sys
      2008-04-20 19:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2008-04-20 16:59 --------- d-----w C:\Program Files\Azureus
      2008-04-15 19:40 --------- d-----w C:\Program Files\eRightSoft
      2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
      2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
      2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
      2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
      2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
      2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
      2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
      2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
      2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
      2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
      2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
      2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
      2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
      2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
      2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
      2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
      2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
      2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
      2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
      2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
      2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
      2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
      2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
      2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
      2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
      2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
      2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
      2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
      2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
      2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
      2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
      2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
      2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
      2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
      2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
      2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
      2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
      2008-04-14 01:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
      2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
      2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
      2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
      2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
      2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
      2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
      2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
      2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
      2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
      2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
      2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
      2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
      .

      ((((((((((((((((((((((((((((( snapshot@2008-06-12_22.46.37.01 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-06-12 20:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-06-13 18:47:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-18 22:29 68856]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
      "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
      "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
      "beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 15:15 188416]
      "SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 15:18 73826]
      "BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 11:56 27136]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMBalloonTip"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
      c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.I420"= i420vfw.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      "H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe"
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
      "C:\\Program Files\\eChanblard\\emule.exe"=
      "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\Program Files\\IEPro\\MiniDM.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
      "33515:TCP"= 33515:TCP:Windows Update Service Helper

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
      R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 15:16]
      R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 15:16]
      R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
      R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-05-07 15:15]
      R3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2006-09-18 15:12]
      S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 11:21]
      S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 08:14]
      S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Jonathan\Bureau\Nouveau dossier\NRKCTL32.SYS []
      S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
      S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
      S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
      S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
      S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04b5bafe-f736-11db-b03a-0015e9a33727}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d97d80-ffbb-11db-b064-0015e9a33727}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-06-13 18:47:56 C:\WINDOWS\Tasks\GlaryInitialize.job"
      - C:\Program Files\Glary Utilities\initialize.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-13 20:49:49
      Windows 5.1.2600 Service Pack 3 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\oodag.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\WINDOWS\system32\scardsvr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
      C:\WINDOWS\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-06-13 20:52:41 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-06-13 18:52:34
      ComboFix2.txt 2008-06-13 14:29:53
      ComboFix3.txt 2008-06-12 20:47:38

      Pre-Run: 205,192,343,552 octets libres
      Post-Run: 205,169,258,496 octets libres

      399 --- E O F --- 2008-06-11 10:57:27

      Le nouveau rapport DSS :

      Deckard's System Scanner v20071014.68
      Run by Jonathan on 2008-06-13 20:55:55
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------



      -- HijackThis (run as Jonathan.exe) --------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:56:00, on 13/06/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\beidservicecrl.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\oodag.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\beidservicepcsc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Belgium Identity Card\beidsystemtray.exe
      C:\Program Files\EmvSmartCardReader\SmartMON.exe
      C:\Program Files\EmvSmartCardReader\BePCSC.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Documents and Settings\Jonathan\Bureau\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
      O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
      O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
      O8 - Extra context menu item: Rechercher sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
      O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
      O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
      O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
      O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
      O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
      O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: https://gathol.forumgaming.fr/
      O15 - Trusted Zone: http://drenai.realbb.net
      O15 - Trusted Zone: http://www.secuser.com
      O15 - Trusted Zone: https://www.slayersonline.net/
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
      O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
      O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
      O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      0
  9. Utilisateur anonyme
     
    Re ,

    Recommence la manip du CFScript avec toute les précautions d'usage avec :

    driver::
    hgfe40
    Hgfe40
    jwzpqng


    ********************************

    Mais ne poste pas le rapport DSS.

    ********************************

    Télécharge The Avenger par Swandog46 sur ton Bureau:

    Fait un clique droit sur ' Avenger.zip ' > extraire tout ( toujours sur le bureau )

    Copie tout le texte en gras ci-dessous (CTRL+C) :


    Begin copying here:

    Folders to delete:
    C:\owhjmpsv



    → Maintenant, lance The Avenger en cliquant sur son icône du bureau.

    Un message en anglais va te demander de confirmer , répond ' OK '
    Dans le cadre qui apparait sous 'input script there ' Colle le texte copié précédemment ( CTRL +V )
    Vérifie que les cases ' Scan for rootkit ' & 'Automatically disable any rootkits found ' soient cochées.
    Clique sur ' Execute '

    ...........The Avenger va automatiquement faire ce qui suit:

    → Redémarrage du pc .....
    → Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau -> NORMAL.
    → Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
    → Copie-en le contenu et poste le moi.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    A+++
    0
  10. jtb Messages postés 154 Statut Membre 1
     
    Petite question concernant le CFScript : Ce que tu m'a marqué en gras dans ton précédent message, dois-je l'ajouter à l'ancien que tu m'a donné ? Ou bien dois-je créer un nouveau CFScript qu'avec ces lignes-là ?

    Merci,
    0
  11. Utilisateur anonyme
     
    oups j'ai oublié de préciser ,

    Un nouveau :)
    ( supprime l'ancien )
    A++
    0
    1. ananie32 Messages postés 9 Statut Membre 1
       
      Bonjour,
      Je vous envoie ce mess a tout hazard j'ai un soucis au démarrage de windows une fenetre s'ouvre avec en haut a gauche marqué reader_sl.exe puis un message qui dit l'application n'a pas pu démarrer correctement erreur 0xc0000103 ca me le faisait quand je veut telecharger msn messenger merci d'avance
      0
  12. jtb Messages postés 154 Statut Membre 1
     
    Re :-)

    Voici le Log de ComboFix avec le nouveau script :

    ComboFix 08-06-11.7 - Jonathan 2008-06-13 21:30:44.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1422 [GMT 2:00]
    Endroit: C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Jonathan\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-13 15:00 . 2008-06-13 15:00 <REP> d-------- C:\Deckard
    2008-06-13 14:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-13 14:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-12 22:13 . 2008-06-12 22:13 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-12 22:07 . 2008-06-12 22:07 0 --a------ C:\owhjmpsv
    2008-06-12 21:58 . 2008-06-12 21:58 <REP> d-------- C:\Program Files\Unlocker
    2008-06-12 18:16 . 2008-06-12 18:17 <REP> d-------- C:\Program Files\Glary Utilities
    2008-06-12 05:42 . 2008-06-12 07:30 209 --a------ C:\WINDOWS\wininit.ini
    2008-06-11 12:53 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-11 12:53 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Program Files\Free Download Manager
    2008-06-09 20:59 . 2008-06-09 21:03 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Free Download Manager
    2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
    2008-06-06 16:47 . 2008-06-06 16:48 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\beid-cache
    2008-06-06 16:45 . 2008-06-06 16:45 <REP> d-------- C:\Program Files\EmvSmartCardReader
    2008-06-06 16:45 . 2008-06-06 16:42 46 --a------ C:\WINDOWS\Hbci0606144556.bak
    2008-06-06 16:42 . 2008-06-06 16:40 277 --a------ C:\WINDOWS\Hbci0606144256.bak
    2008-06-06 16:40 . 2008-06-06 16:37 42 --a------ C:\WINDOWS\Hbci0606144036.bak
    2008-06-06 16:37 . 2008-06-06 15:35 273 --a------ C:\WINDOWS\Hbci0606143743.bak
    2008-06-06 16:33 . 2008-06-06 16:33 <REP> d-------- C:\Program Files\Belgium Identity Card
    2008-06-06 16:33 . 2007-02-19 15:15 352,256 --a------ C:\WINDOWS\system32\eidlib.dll
    2008-06-06 16:33 . 2007-02-19 15:16 114,688 --a------ C:\WINDOWS\system32\EIDLibCtrl.dll
    2008-06-06 16:33 . 2006-05-29 14:32 77,905 --a------ C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
    2008-06-06 16:33 . 2007-02-19 15:16 40,960 --a------ C:\WINDOWS\system32\eidlibj.dll
    2008-06-06 15:35 . 2008-06-06 15:30 269 --a------ C:\WINDOWS\Hbci0606133531.bak
    2008-06-06 15:35 . 2008-06-06 15:35 38 --a------ C:\WINDOWS\Hbci0606133532.bak
    2008-06-06 15:30 . 2008-06-06 15:27 34 --a------ C:\WINDOWS\Hbci0606133048.bak
    2008-06-06 15:27 . 2008-06-06 15:13 265 --a------ C:\WINDOWS\Hbci0606132745.bak
    2008-06-06 15:13 . 2008-06-06 15:09 30 --a------ C:\WINDOWS\Hbci0606131327.bak
    2008-06-06 15:09 . 2008-06-06 15:04 261 --a------ C:\WINDOWS\Hbci0606130940.bak
    2008-06-06 15:04 . 2008-06-06 14:46 26 --a------ C:\WINDOWS\Hbci0606130441.bak
    2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124645.bak
    2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124644.bak
    2008-06-06 14:46 . 2008-06-06 14:43 22 --a------ C:\WINDOWS\Hbci0606124642.bak
    2008-06-06 14:43 . 2008-06-06 14:43 253 --a------ C:\WINDOWS\Hbci0606124317.bak
    2008-06-06 14:43 . 2008-06-06 14:35 253 --a------ C:\WINDOWS\Hbci0606124316.bak
    2008-06-06 14:35 . 2008-06-06 14:32 18 --a------ C:\WINDOWS\Hbci0606123537.bak
    2008-06-06 14:32 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcitmp.ini
    2008-06-06 14:32 . 2008-06-06 14:10 249 --a------ C:\WINDOWS\Hbci0606123231.bak
    2008-06-06 14:10 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcikrnl.ini
    2008-06-03 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-06-01 12:59 . 2008-06-01 13:00 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
    2008-06-01 12:59 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
    2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-05-29 00:00 . 2008-05-29 00:01 <REP> d-------- C:\Documents and Settings\Jonathan\.dvdcss
    2008-05-28 23:16 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\neodivxlazarus
    2008-05-28 23:02 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\Ripp-it_AM
    2008-05-28 19:26 . 2008-05-28 19:26 <REP> d-------- C:\Program Files\Intel Corporation
    2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
    2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-20 21:29 . 2008-05-20 21:29 <REP> d-------- C:\Program Files\Audacity
    2008-05-19 00:03 . 2008-06-11 21:33 <REP> d-------- C:\Program Files\eChanblard
    2008-05-18 12:44 . 2008-05-18 12:44 <REP> d-------- C:\Program Files\Free Audio Pack
    2008-05-18 12:44 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
    2008-05-18 12:44 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
    2008-05-18 12:44 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
    2008-05-18 12:44 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-05-18 12:44 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
    2008-05-18 12:44 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2008-05-18 12:44 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
    2008-05-18 12:35 . 2000-10-06 07:17 163,600 --a------ C:\WINDOWS\system32\Wmaudsdk.dll
    2008-05-13 21:53 . 2008-05-13 21:53 <REP> d-------- C:\Program Files\3ivx
    2008-05-13 21:37 . 2008-05-13 21:37 <REP> d-------- C:\WINDOWS\system32\Logs

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-13 19:14 --------- d-----w C:\Program Files\PowerArchiver
    2008-06-13 18:11 296,950 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2008-06-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-06-12 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-11 20:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
    2008-06-11 20:30 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Azureus
    2008-06-11 20:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-09 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-08 10:44 --------- d-----w C:\Program Files\DivX
    2008-06-01 10:59 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-30 13:35 --------- d-----w C:\Program Files\SpeedFan
    2008-05-28 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-05-24 10:55 --------- d-----w C:\Program Files\IEPro
    2008-05-20 16:12 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-17 16:40 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Tunebite
    2008-05-13 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-05-05 21:04 --------- d-----w C:\Program Files\Personal Reminder
    2008-05-02 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
    2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
    2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
    2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
    2008-04-30 20:49 --------- d-----w C:\Program Files\Astase
    2008-04-27 21:23 --------- d-----w C:\Program Files\EAGLE-4.16r2
    2008-04-25 20:38 --------- d-----w C:\Program Files\GXTranscoder.net AWE
    2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-23 19:37 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AccurateRip
    2008-04-23 19:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2008-04-22 20:34 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ma-config.com
    2008-04-22 20:26 --------- d-----w C:\Program Files\ma-config.com
    2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-04-20 19:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-20 19:48 22,328 ----a-w C:\Documents and Settings\Jonathan\Application Data\PnkBstrK.sys
    2008-04-20 19:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-20 16:59 --------- d-----w C:\Program Files\Azureus
    2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-04-15 19:40 --------- d-----w C:\Program Files\eRightSoft
    2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
    2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
    2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll
    2008-04-14 02:32 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
    2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-14 02:32 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
    2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-14 02:32 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll
    2008-04-14 02:32 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
    2008-04-14 02:32 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
    2008-04-14 02:32 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
    2008-04-14 02:32 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
    2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
    2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
    2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
    2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
    2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
    2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
    2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
    2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
    2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
    2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
    2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
    2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
    2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
    2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
    2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
    2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
    2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
    2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-12_22.46.37.01 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-12 20:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-13 19:24:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-13 19:25:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_488.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-18 22:29 68856]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
    "beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 15:15 188416]
    "SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 15:18 73826]
    "BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 11:56 27136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22 288472]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/03/2008 16:59:32 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [01/06/2008 12:59:27 805392]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe"
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\eChanblard\\emule.exe"=
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\IEPro\\MiniDM.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "33515:TCP"= 33515:TCP:Windows Update Service Helper

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 15:16]
    R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 15:16]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-05-07 15:15]
    R3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2006-09-18 15:12]
    S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 11:21]
    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 08:14]
    S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Jonathan\Bureau\Nouveau dossier\NRKCTL32.SYS []
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04b5bafe-f736-11db-b03a-0015e9a33727}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d97d80-ffbb-11db-b064-0015e9a33727}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - catchme
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-13 19:25:12 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-13 21:34:51
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-13 21:36:31
    ComboFix-quarantined-files.txt 2008-06-13 19:36:25
    ComboFix2.txt 2008-06-13 18:52:43
    ComboFix3.txt 2008-06-13 14:29:53
    ComboFix4.txt 2008-06-12 20:47:38

    Pre-Run: 205,109,104,640 octets libres
    Post-Run: 205,089,792,000 octets libres

    330 --- E O F --- 2008-06-11 10:57:27

    Le Log de Avanger :

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Error: "C:\owhjmpsv" is not a folder! It may instead be a file.
    Deletion of folder "C:\owhjmpsv" failed!
    Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
    --> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file

    Completed script processing.

    *******************

    Finished! Terminate.

    Merci à toi,
    0
  13. Utilisateur anonyme
     
    Re ,

    Mais c'est pas vrai ça =(

    bon une derniere tentative ,

    recommence le CFScript avec :

    DirLook::
    C:\owhjmpsv


    A++
    0
  14. jtb Messages postés 154 Statut Membre 1
     
    Re,

    Voici ce que tu m'as demandé :

    ComboFix 08-06-11.7 - Jonathan 2008-06-13 21:54:33.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1421 [GMT 2:00]
    Endroit: C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Jonathan\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-13 15:00 . 2008-06-13 15:00 <REP> d-------- C:\Deckard
    2008-06-13 14:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-13 14:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-12 22:13 . 2008-06-12 22:13 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-12 22:07 . 2008-06-12 22:07 0 --a------ C:\owhjmpsv
    2008-06-12 21:58 . 2008-06-12 21:58 <REP> d-------- C:\Program Files\Unlocker
    2008-06-12 18:16 . 2008-06-12 18:17 <REP> d-------- C:\Program Files\Glary Utilities
    2008-06-12 05:42 . 2008-06-12 07:30 209 --a------ C:\WINDOWS\wininit.ini
    2008-06-11 12:53 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-11 12:53 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Program Files\Free Download Manager
    2008-06-09 20:59 . 2008-06-09 21:03 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Free Download Manager
    2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
    2008-06-06 16:47 . 2008-06-06 16:48 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\beid-cache
    2008-06-06 16:45 . 2008-06-06 16:45 <REP> d-------- C:\Program Files\EmvSmartCardReader
    2008-06-06 16:45 . 2008-06-06 16:42 46 --a------ C:\WINDOWS\Hbci0606144556.bak
    2008-06-06 16:42 . 2008-06-06 16:40 277 --a------ C:\WINDOWS\Hbci0606144256.bak
    2008-06-06 16:40 . 2008-06-06 16:37 42 --a------ C:\WINDOWS\Hbci0606144036.bak
    2008-06-06 16:37 . 2008-06-06 15:35 273 --a------ C:\WINDOWS\Hbci0606143743.bak
    2008-06-06 16:33 . 2008-06-06 16:33 <REP> d-------- C:\Program Files\Belgium Identity Card
    2008-06-06 16:33 . 2007-02-19 15:15 352,256 --a------ C:\WINDOWS\system32\eidlib.dll
    2008-06-06 16:33 . 2007-02-19 15:16 114,688 --a------ C:\WINDOWS\system32\EIDLibCtrl.dll
    2008-06-06 16:33 . 2006-05-29 14:32 77,905 --a------ C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
    2008-06-06 16:33 . 2007-02-19 15:16 40,960 --a------ C:\WINDOWS\system32\eidlibj.dll
    2008-06-06 15:35 . 2008-06-06 15:30 269 --a------ C:\WINDOWS\Hbci0606133531.bak
    2008-06-06 15:35 . 2008-06-06 15:35 38 --a------ C:\WINDOWS\Hbci0606133532.bak
    2008-06-06 15:30 . 2008-06-06 15:27 34 --a------ C:\WINDOWS\Hbci0606133048.bak
    2008-06-06 15:27 . 2008-06-06 15:13 265 --a------ C:\WINDOWS\Hbci0606132745.bak
    2008-06-06 15:13 . 2008-06-06 15:09 30 --a------ C:\WINDOWS\Hbci0606131327.bak
    2008-06-06 15:09 . 2008-06-06 15:04 261 --a------ C:\WINDOWS\Hbci0606130940.bak
    2008-06-06 15:04 . 2008-06-06 14:46 26 --a------ C:\WINDOWS\Hbci0606130441.bak
    2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124645.bak
    2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124644.bak
    2008-06-06 14:46 . 2008-06-06 14:43 22 --a------ C:\WINDOWS\Hbci0606124642.bak
    2008-06-06 14:43 . 2008-06-06 14:43 253 --a------ C:\WINDOWS\Hbci0606124317.bak
    2008-06-06 14:43 . 2008-06-06 14:35 253 --a------ C:\WINDOWS\Hbci0606124316.bak
    2008-06-06 14:35 . 2008-06-06 14:32 18 --a------ C:\WINDOWS\Hbci0606123537.bak
    2008-06-06 14:32 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcitmp.ini
    2008-06-06 14:32 . 2008-06-06 14:10 249 --a------ C:\WINDOWS\Hbci0606123231.bak
    2008-06-06 14:10 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcikrnl.ini
    2008-06-03 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-06-01 12:59 . 2008-06-01 13:00 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
    2008-06-01 12:59 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
    2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-05-29 00:00 . 2008-05-29 00:01 <REP> d-------- C:\Documents and Settings\Jonathan\.dvdcss
    2008-05-28 23:16 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\neodivxlazarus
    2008-05-28 23:02 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\Ripp-it_AM
    2008-05-28 19:26 . 2008-05-28 19:26 <REP> d-------- C:\Program Files\Intel Corporation
    2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
    2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-20 21:29 . 2008-05-20 21:29 <REP> d-------- C:\Program Files\Audacity
    2008-05-19 00:03 . 2008-06-11 21:33 <REP> d-------- C:\Program Files\eChanblard
    2008-05-18 12:44 . 2008-05-18 12:44 <REP> d-------- C:\Program Files\Free Audio Pack
    2008-05-18 12:44 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
    2008-05-18 12:44 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
    2008-05-18 12:44 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
    2008-05-18 12:44 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-05-18 12:44 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
    2008-05-18 12:44 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2008-05-18 12:44 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
    2008-05-18 12:35 . 2000-10-06 07:17 163,600 --a------ C:\WINDOWS\system32\Wmaudsdk.dll
    2008-05-13 21:53 . 2008-05-13 21:53 <REP> d-------- C:\Program Files\3ivx
    2008-05-13 21:37 . 2008-05-13 21:37 <REP> d-------- C:\WINDOWS\system32\Logs

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-13 19:53 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Azureus
    2008-06-13 19:14 --------- d-----w C:\Program Files\PowerArchiver
    2008-06-13 18:11 296,950 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2008-06-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-06-12 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-11 20:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
    2008-06-11 20:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-09 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-08 10:44 --------- d-----w C:\Program Files\DivX
    2008-06-01 10:59 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-30 13:35 --------- d-----w C:\Program Files\SpeedFan
    2008-05-28 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-05-24 10:55 --------- d-----w C:\Program Files\IEPro
    2008-05-20 16:12 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-17 16:40 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Tunebite
    2008-05-13 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-05-05 21:04 --------- d-----w C:\Program Files\Personal Reminder
    2008-05-02 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
    2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
    2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
    2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
    2008-04-30 20:49 --------- d-----w C:\Program Files\Astase
    2008-04-27 21:23 --------- d-----w C:\Program Files\EAGLE-4.16r2
    2008-04-25 20:38 --------- d-----w C:\Program Files\GXTranscoder.net AWE
    2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-23 19:37 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AccurateRip
    2008-04-23 19:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2008-04-22 20:34 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ma-config.com
    2008-04-22 20:26 --------- d-----w C:\Program Files\ma-config.com
    2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-04-20 19:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-20 19:48 22,328 ----a-w C:\Documents and Settings\Jonathan\Application Data\PnkBstrK.sys
    2008-04-20 19:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-20 16:59 --------- d-----w C:\Program Files\Azureus
    2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-04-15 19:40 --------- d-----w C:\Program Files\eRightSoft
    2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
    2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
    2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll
    2008-04-14 02:32 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
    2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-14 02:32 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
    2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-14 02:32 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll
    2008-04-14 02:32 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
    2008-04-14 02:32 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
    2008-04-14 02:32 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
    2008-04-14 02:32 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
    2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
    2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
    2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
    2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
    2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
    2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
    2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
    2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
    2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
    2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
    2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
    2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
    2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
    2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
    2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
    2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
    2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
    2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\owhjmpsv ----

    C:\owhjmpsv\

    ((((((((((((((((((((((((((((( snapshot@2008-06-12_22.46.37.01 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-12 20:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-13 19:40:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-13 19:40:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_47c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-18 22:29 68856]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
    "beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 15:15 188416]
    "SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 15:18 73826]
    "BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 11:56 27136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22 288472]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/03/2008 16:59:32 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [01/06/2008 12:59:27 805392]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe"
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\eChanblard\\emule.exe"=
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\IEPro\\MiniDM.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "33515:TCP"= 33515:TCP:Windows Update Service Helper

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 15:16]
    R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 15:16]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-05-07 15:15]
    R3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2006-09-18 15:12]
    S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 11:21]
    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 08:14]
    S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Jonathan\Bureau\Nouveau dossier\NRKCTL32.SYS []
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04b5bafe-f736-11db-b03a-0015e9a33727}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d97d80-ffbb-11db-b064-0015e9a33727}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-13 19:40:14 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-13 21:58:41
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-13 22:00:16
    ComboFix-quarantined-files.txt 2008-06-13 20:00:10
    ComboFix2.txt 2008-06-13 19:36:34
    ComboFix3.txt 2008-06-13 18:52:43
    ComboFix4.txt 2008-06-13 14:29:53
    ComboFix5.txt 2008-06-12 20:47:38

    Pre-Run: 205,072,531,456 octets libres
    Post-Run: 205,052,174,336 octets libres

    334 --- E O F --- 2008-06-11 10:57:27
    0
  15. Utilisateur anonyme
     
    Re ,

    Va dans C:\

    Supprime ce dossier :

    owhjmpsv


    Des soucis a la suppression ?

    a++
    0
  16. jtb Messages postés 154 Statut Membre 1
     
    Re,

    J'ai trouvé un fichier et un Le fichier était dans C:/ et le dossier dans C:\QooBox\Quarantine\C.

    J'ai donc réussi à les supprimer et il ne sont pas revenus.

    A+
    0
  17. Utilisateur anonyme
     
    Re ,

    Reposte un rapport DSS.

    A++
    0
  18. jtb Messages postés 154 Statut Membre 1
     
    Re,

    Voilà msieur :

    Deckard's System Scanner v20071014.68
    Run by Jonathan on 2008-06-13 22:49:55
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- HijackThis (run as Jonathan.exe) --------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:50:03, on 13/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\beidservicecrl.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Belgium Identity Card\beidsystemtray.exe
    C:\Program Files\EmvSmartCardReader\SmartMON.exe
    C:\Program Files\EmvSmartCardReader\BePCSC.exe
    C:\WINDOWS\system32\beidservicepcsc.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Jonathan\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
    O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
    O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Rechercher sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://gathol.forumgaming.fr/
    O15 - Trusted Zone: http://drenai.realbb.net
    O15 - Trusted Zone: http://www.secuser.com
    O15 - Trusted Zone: https://www.slayersonline.net/
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
    O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  19. Utilisateur anonyme
     
    Re !

    avant toute chose , as-tu encore des soucis ?

    a++
    0
  20. jtb Messages postés 154 Statut Membre 1
     
    (je verrai pour les problèmes demain, je ferai une analyse Spybot (qui me détectait des trucs, avast, etc)

    Seulement, sais-tu pourquoi le résident d'avast a disparu de ma barre des tâches ? Et comment le remettre, je n'ai rien trouvé.

    Merci pour tout et passe une très bonne nuit !

    Jtb
    0
  21. Utilisateur anonyme
     
    Re ,

    Pour Avast à mon avis , faudra le réinstaller.

    On verra demain ;)))

    bonne nuit
    A++
    0
  • 1
  • 2