Virus inconnu (rapport HijackThis) [Résolu/Fermé]

Signaler
-
Messages postés
9
Date d'inscription
dimanche 26 octobre 2008
Statut
Membre
Dernière intervention
15 mai 2009
-
Bonjour,
Depuis hier, je suis infecté par un virus. Avast me détecte JWZPQNG.SYS comme infecté. Mais, à chaque fois que je le supprime, il revient quelques secondes après ! J'ai déjà fait plusieurs analyses anti virus et pas moyen d'en être quitte. J'ai essayé plusieurs logiciels (Avast, Malwaresbyte, Spybot, Ewido) et quasi tous me le détecte mais doivent laisser échapper un autre fichier, puisqu'il s'autocopie quand même.

Voici le rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:47, on 12/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\EmvSmartCardReader\SmartMON.exe
C:\Program Files\EmvSmartCardReader\BePCSC.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jonathan\Bureau\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {68da1884-655b-47c3-ae5c-8f49008457b1} - C:\WINDOWS\system32\wvUkJcAS.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Windows Update Service] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [WintelUpdate] c:\tqwkrav.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Rechercher sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://gathol.forumgaming.fr/
O15 - Trusted Zone: http://drenai.realbb.net
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.slayersonline.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CSIScanner (csiscanner) - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

37 réponses


Salut ,

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.

→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

→ Ferme MBAM en cliquant sur Quitter.

→ Poste le rapport dans ta réponse

**********************************************************


→ Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

→ Double-clic sur DSS.exe pour lancer l'outil.

→ Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

→ A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )



A+
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Salut à toi !

Tout d'abord, merci beaucoup pour le temps que tu me consacres. :-)

Je rajoute que mon virus envoie des mails par l'application Services.exe, qu'il m'est impossible de couper par le gestionnaire des tâches, elle est bloquée.

Voici le rapport de Malware, qui m'a trouvé deux objets :

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 851

14:59:50 13/06/2008
mbam-log-6-13-2008 (14-59-50).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 164709
Temps écoulé: 25 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\66.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwzpqng.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.

Pour ce qui est de JWZPQNG.SYS; il réapparaît tout le temps. Il revient deux secondes après sa suppresion.

Et voici le rapport de DSS :

Deckard's System Scanner v20071014.68
Run by Jonathan on 2008-06-13 15:13:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 3 Restore Point(s) --
3: 2008-06-13 13:00:45 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-06-12 20:36:00 UTC - RP2 - ComboFix created restore point
1: 2008-06-12 20:35:47 UTC - RP1 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jonathan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:49, on 13/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\EmvSmartCardReader\SmartMON.exe
C:\Program Files\EmvSmartCardReader\BePCSC.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jonathan\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {68da1884-655b-47c3-ae5c-8f49008457b1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Rechercher sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://gathol.forumgaming.fr/
O15 - Trusted Zone: http://drenai.realbb.net
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.slayersonline.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Re ,

*************************************************************

/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\


_________________________________________________

1)Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]


_________________________________________________


2)Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl

AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

3)Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)


_________________________________________________

4)Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]


_________________________________________________

Tutorial ( aide ):

http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


*************************************************************


A++
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Re, et encore merci :-)

Pour la restauration, pas de problème, je ne l'active jamais.

Rapport de ComboFix :
ComboFix 08-06-11.7 - Jonathan 2008-06-13 16:23:58.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1439 [GMT 2:00]
Endroit: C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\CALIBRIB.TTF

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.

2008-06-13 15:00 . 2008-06-13 15:00 <REP> d-------- C:\Deckard
2008-06-13 14:30 . 2008-06-13 14:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 14:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-13 14:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 22:13 . 2008-06-12 22:13 <REP> d-------- C:\Program Files\Trend Micro
2008-06-12 22:10 . 2008-06-12 22:10 <REP> d-------- C:\VundoFix Backups
2008-06-12 22:07 . 2008-06-12 22:07 0 --a------ C:\owhjmpsv
2008-06-12 21:58 . 2008-06-12 21:58 <REP> d-------- C:\Program Files\Unlocker
2008-06-12 18:16 . 2008-06-12 18:17 <REP> d-------- C:\Program Files\Glary Utilities
2008-06-12 05:42 . 2008-06-12 07:30 209 --a------ C:\WINDOWS\wininit.ini
2008-06-11 22:01 . 2008-06-11 22:01 29 --a------ C:\WINDOWS\system32\sddswuuw.tmp
2008-06-11 22:00 . 2008-06-11 22:00 131,584 --a------ C:\WINDOWS\system32\drivers\Hgfe40.sys
2008-06-11 22:00 . 2008-06-13 16:28 63,922 --a------ C:\WINDOWS\system32\jwzpqng.sys
2008-06-11 12:53 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 12:53 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Program Files\Free Download Manager
2008-06-09 20:59 . 2008-06-09 21:03 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Free Download Manager
2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-06 16:47 . 2008-06-06 16:48 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\beid-cache
2008-06-06 16:45 . 2008-06-06 16:45 <REP> d-------- C:\Program Files\EmvSmartCardReader
2008-06-06 16:45 . 2008-06-06 16:42 46 --a------ C:\WINDOWS\Hbci0606144556.bak
2008-06-06 16:42 . 2008-06-06 16:40 277 --a------ C:\WINDOWS\Hbci0606144256.bak
2008-06-06 16:40 . 2008-06-06 16:37 42 --a------ C:\WINDOWS\Hbci0606144036.bak
2008-06-06 16:37 . 2008-06-06 15:35 273 --a------ C:\WINDOWS\Hbci0606143743.bak
2008-06-06 16:33 . 2008-06-06 16:33 <REP> d-------- C:\Program Files\Belgium Identity Card
2008-06-06 16:33 . 2007-02-19 15:15 352,256 --a------ C:\WINDOWS\system32\eidlib.dll
2008-06-06 16:33 . 2007-02-19 15:16 114,688 --a------ C:\WINDOWS\system32\EIDLibCtrl.dll
2008-06-06 16:33 . 2006-05-29 14:32 77,905 --a------ C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
2008-06-06 16:33 . 2007-02-19 15:16 40,960 --a------ C:\WINDOWS\system32\eidlibj.dll
2008-06-06 15:35 . 2008-06-06 15:30 269 --a------ C:\WINDOWS\Hbci0606133531.bak
2008-06-06 15:35 . 2008-06-06 15:35 38 --a------ C:\WINDOWS\Hbci0606133532.bak
2008-06-06 15:30 . 2008-06-06 15:27 34 --a------ C:\WINDOWS\Hbci0606133048.bak
2008-06-06 15:27 . 2008-06-06 15:13 265 --a------ C:\WINDOWS\Hbci0606132745.bak
2008-06-06 15:13 . 2008-06-06 15:09 30 --a------ C:\WINDOWS\Hbci0606131327.bak
2008-06-06 15:09 . 2008-06-06 15:04 261 --a------ C:\WINDOWS\Hbci0606130940.bak
2008-06-06 15:04 . 2008-06-06 14:46 26 --a------ C:\WINDOWS\Hbci0606130441.bak
2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124645.bak
2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124644.bak
2008-06-06 14:46 . 2008-06-06 14:43 22 --a------ C:\WINDOWS\Hbci0606124642.bak
2008-06-06 14:43 . 2008-06-06 14:43 253 --a------ C:\WINDOWS\Hbci0606124317.bak
2008-06-06 14:43 . 2008-06-06 14:35 253 --a------ C:\WINDOWS\Hbci0606124316.bak
2008-06-06 14:35 . 2008-06-06 14:32 18 --a------ C:\WINDOWS\Hbci0606123537.bak
2008-06-06 14:32 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcitmp.ini
2008-06-06 14:32 . 2008-06-06 14:10 249 --a------ C:\WINDOWS\Hbci0606123231.bak
2008-06-06 14:10 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcikrnl.ini
2008-06-03 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-01 12:59 . 2008-06-01 13:00 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
2008-06-01 12:59 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-29 00:00 . 2008-05-29 00:01 <REP> d-------- C:\Documents and Settings\Jonathan\.dvdcss
2008-05-28 23:16 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\neodivxlazarus
2008-05-28 23:02 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-05-28 19:26 . 2008-05-28 19:26 <REP> d-------- C:\Program Files\Intel Corporation
2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Program Files\Alwil Software
2008-05-20 21:29 . 2008-05-20 21:29 <REP> d-------- C:\Program Files\Audacity
2008-05-19 00:03 . 2008-06-11 21:33 <REP> d-------- C:\Program Files\eChanblard
2008-05-18 12:44 . 2008-05-18 12:44 <REP> d-------- C:\Program Files\Free Audio Pack
2008-05-18 12:44 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-18 12:44 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-05-18 12:44 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-05-18 12:44 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-05-18 12:44 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-05-18 12:44 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-05-18 12:44 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-05-18 12:35 . 2000-10-06 07:17 163,600 --a------ C:\WINDOWS\system32\Wmaudsdk.dll
2008-05-13 21:53 . 2008-05-13 21:53 <REP> d-------- C:\Program Files\3ivx
2008-05-13 21:37 . 2008-05-13 21:37 <REP> d-------- C:\WINDOWS\system32\Logs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-12 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 20:14 296,690 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-12 03:17 --------- d-----w C:\Program Files\PowerArchiver
2008-06-11 20:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-06-11 20:30 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Azureus
2008-06-11 20:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-09 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 10:44 --------- d-----w C:\Program Files\DivX
2008-06-01 10:59 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 13:35 --------- d-----w C:\Program Files\SpeedFan
2008-05-28 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-24 10:55 --------- d-----w C:\Program Files\IEPro
2008-05-20 16:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 16:40 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Tunebite
2008-05-13 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 21:04 --------- d-----w C:\Program Files\Personal Reminder
2008-05-02 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
2008-04-30 20:49 --------- d-----w C:\Program Files\Astase
2008-04-27 21:23 --------- d-----w C:\Program Files\EAGLE-4.16r2
2008-04-25 20:38 --------- d-----w C:\Program Files\GXTranscoder.net AWE
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 19:37 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AccurateRip
2008-04-23 19:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-04-22 20:34 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ma-config.com
2008-04-22 20:26 --------- d-----w C:\Program Files\ma-config.com
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-20 19:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 19:48 22,328 ----a-w C:\Documents and Settings\Jonathan\Application Data\PnkBstrK.sys
2008-04-20 19:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-20 16:59 --------- d-----w C:\Program Files\Azureus
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-15 19:40 --------- d-----w C:\Program Files\eRightSoft
2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll
2008-04-14 02:32 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll
2008-04-14 02:32 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 02:32 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 02:32 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
2008-04-14 02:32 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_22.46.37.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 20:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 14:17:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 14:17:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68da1884-655b-47c3-ae5c-8f49008457b1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-18 22:29 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 15:15 188416]
"SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 15:18 73826]
"BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 11:56 27136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22 288472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/03/2008 16:59:32 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [01/06/2008 12:59:27 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"33515:TCP"= 33515:TCP:Windows Update Service Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Hgfe40;Hgfe40;C:\WINDOWS\system32\drivers\Hgfe40.sys [2008-06-11 22:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 15:16]
R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 15:16]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-05-07 15:15]
R3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2006-09-18 15:12]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 11:21]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 08:14]
S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Jonathan\Bureau\Nouveau dossier\NRKCTL32.SYS []
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04b5bafe-f736-11db-b03a-0015e9a33727}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d97d80-ffbb-11db-b064-0015e9a33727}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - catchme
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-13 14:17:46 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 16:28:04
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-13 16:29:51
ComboFix-quarantined-files.txt 2008-06-13 14:29:46
ComboFix2.txt 2008-06-12 20:47:38

Pre-Run: 205,254,553,600 octets libres
Post-Run: 205,244,964,864 octets libres

337 --- E O F --- 2008-06-11 10:57:27

Bonne journée à toi !

Re ,
Va sur ce site --> https://www.virustotal.com/gui/

Copie/colle cette ligne en gras dans le champs de saisie :

C:\WINDOWS\Hbci0606144556.bak




Clique sur ' Envoyer le fichier '

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

-> Poste le moi stp.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


Recommence avec :


C:\WINDOWS\system32\eidlibj.dll

C:\WINDOWS\hbcikrnl.ini

C:\WINDOWS\system32\dpufr.qm





A++
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Re et j'en profite pour encore te remercier de ton aide. =)

D'abord, j'ai la protection résidente d'Avast Édition Familiale n'apparaît plus dans la barre des tâches. Le virus me l'aurait réduite à néant ?

Sinon, voici les rapports du site, je ne pense pas qu'il y ait quelques chose d'intéressant mais enfin :

C:\WINDOWS\Hbci0606144556.bak

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.13.1 2008.06.13 -
AntiVir 7.8.0.55 2008.06.13 -
Authentium 5.1.0.4 2008.06.12 -
Avast 4.8.1195.0 2008.06.13 -
AVG 7.5.0.516 2008.06.13 -
BitDefender 7.2 2008.06.13 -
CAT-QuickHeal 9.50 2008.06.13 -
ClamAV 0.92.1 2008.06.13 -
DrWeb 4.44.0.09170 2008.06.13 -
eSafe 7.0.15.0 2008.06.12 -
eTrust-Vet 31.6.5870 2008.06.13 -
Ewido 4.0 2008.06.13 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.13 -
Fortinet 3.14.0.0 2008.06.13 -
GData 2.0.7306.1023 2008.06.13 -
Ikarus T3.1.1.26.0 2008.06.13 -
Kaspersky 7.0.0.125 2008.06.13 -
McAfee 5317 2008.06.13 -
Microsoft None 2008.06.13 -
NOD32v2 3185 2008.06.13 -
Norman 5.80.02 2008.06.13 -
Panda 9.0.0.4 2008.06.12 -
Prevx1 V2 2008.06.13 -
Rising 20.48.42.00 2008.06.13 -
Sophos 4.30.0 2008.06.13 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.13 -
TheHacker 6.2.92.346 2008.06.12 -
VBA32 3.12.6.7 2008.06.12 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.13 -
Information additionnelle
File size: 46 bytes
MD5...: 8fe040caef178bae750d487506d43be6
SHA1..: 5c074bc8e3913a7e42cc7522656b1ec329900c9f
SHA256: b4b06e91d00b00c18fee217d8d3caba776537ae268f815739165d5c284e3e3c3
SHA512: 02ab66ff8cd2577a965bd379f63cbf3f4e279cc5143b5b1d53b2b704f608449c
3e1db6962d827c2c9c3141a7e8bbd99d6f201bd100be570baf9559142a43635c
PEiD..: -
PEInfo: -

C:\WINDOWS\system32\eidlibj.dll


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.13.1 2008.06.13 -
AntiVir 7.8.0.55 2008.06.13 -
Authentium 5.1.0.4 2008.06.12 -
Avast 4.8.1195.0 2008.06.13 -
AVG 7.5.0.516 2008.06.13 -
BitDefender 7.2 2008.06.13 -
CAT-QuickHeal 9.50 2008.06.13 -
ClamAV 0.92.1 2008.06.13 -
DrWeb 4.44.0.09170 2008.06.13 -
eSafe 7.0.15.0 2008.06.12 -
eTrust-Vet 31.6.5871 2008.06.13 -
Ewido 4.0 2008.06.13 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.13 -
Fortinet 3.14.0.0 2008.06.13 -
GData 2.0.7306.1023 2008.06.13 -
Ikarus T3.1.1.26.0 2008.06.13 -
Kaspersky 7.0.0.125 2008.06.13 -
McAfee 5317 2008.06.13 -
Microsoft None 2008.06.13 -
NOD32v2 3185 2008.06.13 -
Norman 5.80.02 2008.06.13 -
Panda 9.0.0.4 2008.06.12 -
Prevx1 V2 2008.06.13 -
Rising 20.48.42.00 2008.06.13 -
Sophos 4.30.0 2008.06.13 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.13 -
TheHacker 6.2.92.346 2008.06.12 -
VBA32 3.12.6.7 2008.06.12 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.13 -
Information additionnelle
File size: 40960 bytes
MD5...: 2a648191e7250089fbcf5d427426cf1a
SHA1..: 8844a0a312334d5cf4dcfb95a4cb9ff549c04321
SHA256: 954a0d5f3273f3a711804d64741876894c96f146035fa3592f7931b5e245a81a
SHA512: d8efc7a305b0463e6ab89d6ab480c265bd44b16a34985b9219c1b684b80f7b19
aaa9e5f5fe1d52cd30c9c82c18e48fc5cc6ef01b17325f0abfefd639e2b4e8cb
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x62003c09
timedatestamp.....: 0x45d9b13c (Mon Feb 19 14:16:28 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2d1d 0x3000 5.83 e9d9ecbb5da61e12221fd9cc17601ced
.rdata 0x4000 0x2c04 0x3000 5.09 1f7c575c7b7703c96c52bb9d9e085c26
.data 0x7000 0x15c 0x1000 0.65 162a65c5eb152e7cf8a468d732dd4596
.rsrc 0x8000 0x458 0x1000 1.13 5d0c3c794322b46aecd2d8b7efdc853b
.reloc 0x9000 0x30a 0x1000 1.52 166e4c6d8705ab4f5ce79747d4fb00fe

( 4 imports )
> qt_mt334.dll: _setProperty@QObject@@UAE_NPBDABVQVariant@@@Z, _removeChild@QObject@@UAEXPAV1@@Z, _wakeUpGuiThread@QApplication@@QAEXXZ, __1QApplication@@UAE@XZ, _qApp@@3PAVQApplication@@A, __0QApplication@@QAE@AAHPAPAD@Z, _metaObject@QApplication@@UBEPAVQMetaObject@@XZ, _className@QApplication@@UBEPBDXZ, _qt_cast@QApplication@@UAEPAXPBD@Z, _qt_invoke@QApplication@@UAE_NHPAUQUObject@@@Z, _qt_emit@QApplication@@UAE_NHPAUQUObject@@@Z, _qt_property@QApplication@@UAE_NHHPAVQVariant@@@Z, _event@QApplication@@MAE_NPAVQEvent@@@Z, _eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z, _setName@QObject@@UAEXPBD@Z, _insertChild@QObject@@UAEXPAV1@@Z, _property@QObject@@UBE_AVQVariant@@PBD@Z, _timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z, _childEvent@QObject@@MAEXPAVQChildEvent@@@Z, _customEvent@QObject@@MAEXPAVQCustomEvent@@@Z, _connectNotify@QObject@@MAEXPBD@Z, _disconnectNotify@QObject@@MAEXPBD@Z, _checkConnectArgs@QObject@@MAE_NPBDPBV1@0@Z, _setMainWidget@QApplication@@UAEXPAVQWidget@@@Z, _polish@QApplication@@UAEXPAVQWidget@@@Z, _notify@QApplication@@UAE_NPAVQObject@@PAVQEvent@@@Z, _commitData@QApplication@@UAEXAAVQSessionManager@@@Z, _winEventFilter@QApplication@@UAE_NPAUtagMSG@@@Z, _saveState@QApplication@@UAEXAAVQSessionManager@@@Z
> beidlib.dll: BEID_GetAddress, BEID_SendAPDU, BEID_FlushCache, BEID_WriteFile, BEID_ReadFile, BEID_GetPINStatus, BEID_ChangePIN, BEID_VerifyPIN, BEID_SelectApplication, BEID_EndTransaction, BEID_BeginTransaction, BEID_GetVersionInfo, BEID_SetRawData, BEID_GetRawData, BEID_GetPicture, BEID_GetID, BEID_Exit, BEID_InitEx
> MSVCRT.dll: _initterm, _onexit, __dllonexit, memmove, malloc, free, calloc, __CxxFrameHandler, __2@YAPAXI@Z, __3@YAXPAX@Z, _adjust_fdiv
> KERNEL32.dll: DisableThreadLibraryCalls

( 120 exports )
_Java_be_belgium_eid_eidlibJNI_BEID_1BeginTransaction@8, _Java_be_belgium_eid_eidlibJNI_BEID_1ChangePIN@32, _Java_be_belgium_eid_eidlibJNI_BEID_1EndTransaction@8, _Java_be_belgium_eid_eidlibJNI_BEID_1Exit@8, _Java_be_belgium_eid_eidlibJNI_BEID_1FlushCache@8, _Java_be_belgium_eid_eidlibJNI_BEID_1GetAddress@24, _Java_be_belgium_eid_eidlibJNI_BEID_1GetID@24, _Java_be_belgium_eid_eidlibJNI_BEID_1GetPINStatus@36, _Java_be_belgium_eid_eidlibJNI_BEID_1GetPicture@24, _Java_be_belgium_eid_eidlibJNI_BEID_1GetRawData@16, _Java_be_belgium_eid_eidlibJNI_BEID_1GetVersionInfo@28, _Java_be_belgium_eid_eidlibJNI_BEID_1Init@28, _Java_be_belgium_eid_eidlibJNI_BEID_1ReadFile@28, _Java_be_belgium_eid_eidlibJNI_BEID_1SelectApplication@12, _Java_be_belgium_eid_eidlibJNI_BEID_1SendAPDU@28, _Java_be_belgium_eid_eidlibJNI_BEID_1SetRawData@16, _Java_be_belgium_eid_eidlibJNI_BEID_1VerifyPIN@28, _Java_be_belgium_eid_eidlibJNI_BEID_1WriteFile@24, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Address@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Bytes@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Certif@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Certif_1Check@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1ID_1Data@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Long@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Pin@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Raw@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1Status@16, _Java_be_belgium_eid_eidlibJNI_delete_1BEID_1VersionInfo@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1boxNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1country@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1municipality@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1street@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1streetNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1version@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Address_1zip@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Bytes_1data@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1Check_1certificate@20, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1Check_1certificatesLength@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1Check_1signatureCheck@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1Check_1usedPolicy@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1certif@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1certifLabel@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Certif_1certifStatus@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1birthDate@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1birthLocation@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1cardNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1chipNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1documentType@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1extendedMinority@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1firstName1@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1firstName2@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1firstName3@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1hashPhoto@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1municipality@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1name@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1nationalNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1nationality@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1nobleCondition@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1sex@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1validityDateBegin@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1validityDateEnd@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1version@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1whiteCane@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1ID_1Data_1yellowCane@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Long_1data@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1addrData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1addrSigData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1cardData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1certRN@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1challenge@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1idData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1idSigData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1pictureData@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1response@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Raw_1tokenInfo@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Status_1cardSW@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Status_1general@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Status_1pcsc@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1Status_1system@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1AppletInterfaceVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1AppletVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1ApplicationLifeCycle@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1ComponentCode@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1ElecPerso@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1ElecPersoInterface@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1GlobalOSVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1GraphPerso@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1KeyExchangeVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1OSNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1OSVersion@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1PKCS1Support@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1Reserved@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1SerialNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1SoftmaskNumber@16, _Java_be_belgium_eid_eidlibJNI_get_1BEID_1VersionInfo_1SoftmaskVersion@16, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Address@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Bytes@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Certif@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Certif_1Check@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1ID_1Data@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Long@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Pin@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Raw@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1Status@8, _Java_be_belgium_eid_eidlibJNI_new_1BEID_1VersionInfo@8, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1id@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1longUsage@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1pinType@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1shortUsage@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Pin_1usageCode@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1addrData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1addrSigData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1cardData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1certRN@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1challenge@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1idData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1idSigData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1pictureData@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1response@20, _Java_be_belgium_eid_eidlibJNI_set_1BEID_1Raw_1tokenInfo@20


C:\WINDOWS\hbcikrnl.ini

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.13.1 2008.06.13 -
AntiVir 7.8.0.55 2008.06.13 -
Authentium 5.1.0.4 2008.06.12 -
Avast 4.8.1195.0 2008.06.13 -
AVG 7.5.0.516 2008.06.13 -
BitDefender 7.2 2008.06.13 -
CAT-QuickHeal 9.50 2008.06.13 -
ClamAV 0.92.1 2008.06.13 -
DrWeb 4.44.0.09170 2008.06.13 -
eSafe 7.0.15.0 2008.06.12 -
eTrust-Vet 31.6.5871 2008.06.13 -
Ewido 4.0 2008.06.13 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.13 -
Fortinet 3.14.0.0 2008.06.13 -
GData 2.0.7306.1023 2008.06.13 -
Ikarus T3.1.1.26.0 2008.06.13 -
Kaspersky 7.0.0.125 2008.06.13 -
McAfee 5317 2008.06.13 -
Microsoft None 2008.06.13 -
NOD32v2 3185 2008.06.13 -
Norman 5.80.02 2008.06.13 -
Panda 9.0.0.4 2008.06.12 -
Prevx1 V2 2008.06.13 -
Rising 20.48.42.00 2008.06.13 -
Sophos 4.30.0 2008.06.13 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.13 -
TheHacker 6.2.92.346 2008.06.12 -
VBA32 3.12.6.7 2008.06.12 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.13 -
Information additionnelle
File size: 281 bytes
MD5...: de0bd9ab932619c5baf3673f79d9bd6b
SHA1..: 25522fd2ad8ccb4b26472af6e1709731f41f6dfc
SHA256: 016651251abe6e1734f4a4449c172f7d0a45c41ba86131f249c1229ba668e639
SHA512: cc754fefcd7821940e2ee7c40e503a830b5890b73f746cbba326229e7be42737
35fcbaa6a8217fd55fc1ce0ab29315cdabf4d81c8a6245670353b90eb7dd2ca5
PEiD..: -
PEInfo: -

C:\WINDOWS\system32\dpufr.qm

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.13.1 2008.06.13 -
AntiVir 7.8.0.55 2008.06.13 -
Authentium 5.1.0.4 2008.06.12 -
Avast 4.8.1195.0 2008.06.13 -
AVG 7.5.0.516 2008.06.13 -
BitDefender 7.2 2008.06.13 -
CAT-QuickHeal 9.50 2008.06.13 -
ClamAV 0.92.1 2008.06.13 -
DrWeb 4.44.0.09170 2008.06.13 -
eSafe 7.0.15.0 2008.06.12 -
eTrust-Vet 31.6.5871 2008.06.13 -
Ewido 4.0 2008.06.13 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.13 -
Fortinet 3.14.0.0 2008.06.13 -
GData 2.0.7306.1023 2008.06.13 -
Ikarus T3.1.1.26.0 2008.06.13 -
Kaspersky 7.0.0.125 2008.06.13 -
McAfee 5317 2008.06.13 -
Microsoft None 2008.06.13 -
NOD32v2 3185 2008.06.13 -
Norman 5.80.02 2008.06.13 -
Panda 9.0.0.4 2008.06.12 -
Prevx1 V2 2008.06.13 -
Rising 20.48.42.00 2008.06.13 -
Sophos 4.30.0 2008.06.13 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.13 -
TheHacker 6.2.92.346 2008.06.12 -
VBA32 3.12.6.7 2008.06.12 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.13 -
Information additionnelle
File size: 8835 bytes
MD5...: 85a8e6d974beb73e6f22d473eff6e7ab
SHA1..: 36cc2a2da7b9575098a0ca0428f4143476a81142
SHA256: b4d039db14518f5233611e65885532ef5ea42e42a96c1c44bd93351940bb143e
SHA512: 6f2a689075636659c5ab1cde6a3a36ff6189388deb9994f01697acce82df72b5
ac9fa46380e419d88e92d55faf1d52f496045bcd8ea7f5302985ef000998304f
PEiD..: -
PEInfo: -

J'espère ne pas avoir posté des données personnelles concernant ma carte d'identité électronique pour le fichier C:\WINDOWS\system32\eidlibj.dll, sinon dit le moi.

Merci encore et bonne soirée, :-)

Re , !

non c'est bon ;)))


Re ,

****************************************************

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )


Driver::
Hgfe40

File::
C:\WINDOWS\system32\sddswuuw.tmp
C:\WINDOWS\system32\jwzpqng.sys
C:\WINDOWS\system32\drivers\Hgfe40.sys


Folder::
C:\Program Files\Malwarebytes' Anti-Malware
C:\VundoFix Backups
C:\owhjmpsv








Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport DSS.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

****************************************************



A++
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Voilà ! Tes instructions sont très claires, merci de ta sollicitude. Mon PC bien redémarré avant la compilation du rapport. Voici le rapport ComboFix :

ComboFix 08-06-11.7 - Jonathan 2008-06-13 20:42:01.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1388 [GMT 2:00]
Endroit: C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonathan\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\drivers\Hgfe40.sys
C:\WINDOWS\system32\jwzpqng.sys
C:\WINDOWS\system32\sddswuuw.tmp
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\owhjmpsv\
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\Malwarebytes' Anti-Malware\changes.rtf
C:\Program Files\Malwarebytes' Anti-Malware\Languages\albanian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\danish.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng
C:\Program Files\Malwarebytes' Anti-Malware\license.txt
C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat
C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\Program Files\Malwarebytes' Anti-Malware\unins000.msg
C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\VundoFix Backups
C:\WINDOWS\system32\drivers\Hgfe40.sys
C:\WINDOWS\system32\jwzpqng.sys
C:\WINDOWS\system32\sddswuuw.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hgfe40
-------\Service_Hgfe40
-------\Service_jwzpqng


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.

2008-06-13 15:00 . 2008-06-13 15:00 <REP> d-------- C:\Deckard
2008-06-13 14:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-13 14:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 22:13 . 2008-06-12 22:13 <REP> d-------- C:\Program Files\Trend Micro
2008-06-12 22:07 . 2008-06-12 22:07 0 --a------ C:\owhjmpsv
2008-06-12 21:58 . 2008-06-12 21:58 <REP> d-------- C:\Program Files\Unlocker
2008-06-12 18:16 . 2008-06-12 18:17 <REP> d-------- C:\Program Files\Glary Utilities
2008-06-12 05:42 . 2008-06-12 07:30 209 --a------ C:\WINDOWS\wininit.ini
2008-06-11 12:53 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 12:53 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Program Files\Free Download Manager
2008-06-09 20:59 . 2008-06-09 21:03 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Free Download Manager
2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-06 16:47 . 2008-06-06 16:48 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\beid-cache
2008-06-06 16:45 . 2008-06-06 16:45 <REP> d-------- C:\Program Files\EmvSmartCardReader
2008-06-06 16:45 . 2008-06-06 16:42 46 --a------ C:\WINDOWS\Hbci0606144556.bak
2008-06-06 16:42 . 2008-06-06 16:40 277 --a------ C:\WINDOWS\Hbci0606144256.bak
2008-06-06 16:40 . 2008-06-06 16:37 42 --a------ C:\WINDOWS\Hbci0606144036.bak
2008-06-06 16:37 . 2008-06-06 15:35 273 --a------ C:\WINDOWS\Hbci0606143743.bak
2008-06-06 16:33 . 2008-06-06 16:33 <REP> d-------- C:\Program Files\Belgium Identity Card
2008-06-06 16:33 . 2007-02-19 15:15 352,256 --a------ C:\WINDOWS\system32\eidlib.dll
2008-06-06 16:33 . 2007-02-19 15:16 114,688 --a------ C:\WINDOWS\system32\EIDLibCtrl.dll
2008-06-06 16:33 . 2006-05-29 14:32 77,905 --a------ C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
2008-06-06 16:33 . 2007-02-19 15:16 40,960 --a------ C:\WINDOWS\system32\eidlibj.dll
2008-06-06 15:35 . 2008-06-06 15:30 269 --a------ C:\WINDOWS\Hbci0606133531.bak
2008-06-06 15:35 . 2008-06-06 15:35 38 --a------ C:\WINDOWS\Hbci0606133532.bak
2008-06-06 15:30 . 2008-06-06 15:27 34 --a------ C:\WINDOWS\Hbci0606133048.bak
2008-06-06 15:27 . 2008-06-06 15:13 265 --a------ C:\WINDOWS\Hbci0606132745.bak
2008-06-06 15:13 . 2008-06-06 15:09 30 --a------ C:\WINDOWS\Hbci0606131327.bak
2008-06-06 15:09 . 2008-06-06 15:04 261 --a------ C:\WINDOWS\Hbci0606130940.bak
2008-06-06 15:04 . 2008-06-06 14:46 26 --a------ C:\WINDOWS\Hbci0606130441.bak
2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124645.bak
2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124644.bak
2008-06-06 14:46 . 2008-06-06 14:43 22 --a------ C:\WINDOWS\Hbci0606124642.bak
2008-06-06 14:43 . 2008-06-06 14:43 253 --a------ C:\WINDOWS\Hbci0606124317.bak
2008-06-06 14:43 . 2008-06-06 14:35 253 --a------ C:\WINDOWS\Hbci0606124316.bak
2008-06-06 14:35 . 2008-06-06 14:32 18 --a------ C:\WINDOWS\Hbci0606123537.bak
2008-06-06 14:32 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcitmp.ini
2008-06-06 14:32 . 2008-06-06 14:10 249 --a------ C:\WINDOWS\Hbci0606123231.bak
2008-06-06 14:10 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcikrnl.ini
2008-06-03 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-01 12:59 . 2008-06-01 13:00 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
2008-06-01 12:59 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-29 00:00 . 2008-05-29 00:01 <REP> d-------- C:\Documents and Settings\Jonathan\.dvdcss
2008-05-28 23:16 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\neodivxlazarus
2008-05-28 23:02 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-05-28 19:26 . 2008-05-28 19:26 <REP> d-------- C:\Program Files\Intel Corporation
2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Program Files\Alwil Software
2008-05-20 21:29 . 2008-05-20 21:29 <REP> d-------- C:\Program Files\Audacity
2008-05-19 00:03 . 2008-06-11 21:33 <REP> d-------- C:\Program Files\eChanblard
2008-05-18 12:44 . 2008-05-18 12:44 <REP> d-------- C:\Program Files\Free Audio Pack
2008-05-18 12:44 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-18 12:44 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-05-18 12:44 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-05-18 12:44 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-05-18 12:44 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-05-18 12:44 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-05-18 12:44 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-05-18 12:35 . 2000-10-06 07:17 163,600 --a------ C:\WINDOWS\system32\Wmaudsdk.dll
2008-05-13 21:53 . 2008-05-13 21:53 <REP> d-------- C:\Program Files\3ivx
2008-05-13 21:37 . 2008-05-13 21:37 <REP> d-------- C:\WINDOWS\system32\Logs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 18:11 296,950 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-12 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 03:17 --------- d-----w C:\Program Files\PowerArchiver
2008-06-11 20:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-06-11 20:30 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Azureus
2008-06-11 20:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-09 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 10:44 --------- d-----w C:\Program Files\DivX
2008-06-01 10:59 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 13:35 --------- d-----w C:\Program Files\SpeedFan
2008-05-28 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-24 10:55 --------- d-----w C:\Program Files\IEPro
2008-05-20 16:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 16:40 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Tunebite
2008-05-13 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 21:04 --------- d-----w C:\Program Files\Personal Reminder
2008-05-02 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
2008-04-30 20:49 --------- d-----w C:\Program Files\Astase
2008-04-27 21:23 --------- d-----w C:\Program Files\EAGLE-4.16r2
2008-04-25 20:38 --------- d-----w C:\Program Files\GXTranscoder.net AWE
2008-04-23 19:37 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AccurateRip
2008-04-23 19:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 20:34 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ma-config.com
2008-04-22 20:26 --------- d-----w C:\Program Files\ma-config.com
2008-04-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-20 19:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 19:48 22,328 ----a-w C:\Documents and Settings\Jonathan\Application Data\PnkBstrK.sys
2008-04-20 19:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-20 16:59 --------- d-----w C:\Program Files\Azureus
2008-04-15 19:40 --------- d-----w C:\Program Files\eRightSoft
2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 01:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_22.46.37.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 20:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 18:47:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-18 22:29 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 15:15 188416]
"SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 15:18 73826]
"BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 11:56 27136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"33515:TCP"= 33515:TCP:Windows Update Service Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 15:16]
R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 15:16]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-05-07 15:15]
R3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2006-09-18 15:12]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 11:21]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 08:14]
S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Jonathan\Bureau\Nouveau dossier\NRKCTL32.SYS []
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04b5bafe-f736-11db-b03a-0015e9a33727}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d97d80-ffbb-11db-b064-0015e9a33727}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-13 18:47:56 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 20:49:49
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-13 20:52:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-13 18:52:34
ComboFix2.txt 2008-06-13 14:29:53
ComboFix3.txt 2008-06-12 20:47:38

Pre-Run: 205,192,343,552 octets libres
Post-Run: 205,169,258,496 octets libres

399 --- E O F --- 2008-06-11 10:57:27

Le nouveau rapport DSS :

Deckard's System Scanner v20071014.68
Run by Jonathan on 2008-06-13 20:55:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jonathan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:00, on 13/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\EmvSmartCardReader\SmartMON.exe
C:\Program Files\EmvSmartCardReader\BePCSC.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jonathan\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Rechercher sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://gathol.forumgaming.fr/
O15 - Trusted Zone: http://drenai.realbb.net
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.slayersonline.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Re ,


Recommence la manip du CFScript avec toute les précautions d'usage avec :

driver::
hgfe40
Hgfe40
jwzpqng



********************************

Mais ne poste pas le rapport DSS.

********************************

Télécharge The Avenger par Swandog46 sur ton Bureau:

Fait un clique droit sur ' Avenger.zip ' > extraire tout ( toujours sur le bureau )

Copie tout le texte en gras ci-dessous (CTRL+C) :


Begin copying here:

Folders to delete:
C:\owhjmpsv




→ Maintenant, lance The Avenger en cliquant sur son icône du bureau.

Un message en anglais va te demander de confirmer , répond ' OK '
Dans le cadre qui apparait sous 'input script there ' Colle le texte copié précédemment ( CTRL +V )
Vérifie que les cases ' Scan for rootkit ' & 'Automatically disable any rootkits found ' soient cochées.
Clique sur ' Execute '

...........The Avenger va automatiquement faire ce qui suit:

→ Redémarrage du pc .....
→ Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau -> NORMAL.
→ Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
→ Copie-en le contenu et poste le moi.


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


A+++
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Petite question concernant le CFScript : Ce que tu m'a marqué en gras dans ton précédent message, dois-je l'ajouter à l'ancien que tu m'a donné ? Ou bien dois-je créer un nouveau CFScript qu'avec ces lignes-là ?

Merci,

oups j'ai oublié de préciser ,

Un nouveau :)
( supprime l'ancien )
A++
Messages postés
9
Date d'inscription
dimanche 26 octobre 2008
Statut
Membre
Dernière intervention
15 mai 2009
1
Bonjour,
Je vous envoie ce mess a tout hazard j'ai un soucis au démarrage de windows une fenetre s'ouvre avec en haut a gauche marqué reader_sl.exe puis un message qui dit l'application n'a pas pu démarrer correctement erreur 0xc0000103 ca me le faisait quand je veut telecharger msn messenger merci d'avance
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Re :-)

Voici le Log de ComboFix avec le nouveau script :

ComboFix 08-06-11.7 - Jonathan 2008-06-13 21:30:44.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1422 [GMT 2:00]
Endroit: C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonathan\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.

2008-06-13 15:00 . 2008-06-13 15:00 <REP> d-------- C:\Deckard
2008-06-13 14:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-13 14:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 22:13 . 2008-06-12 22:13 <REP> d-------- C:\Program Files\Trend Micro
2008-06-12 22:07 . 2008-06-12 22:07 0 --a------ C:\owhjmpsv
2008-06-12 21:58 . 2008-06-12 21:58 <REP> d-------- C:\Program Files\Unlocker
2008-06-12 18:16 . 2008-06-12 18:17 <REP> d-------- C:\Program Files\Glary Utilities
2008-06-12 05:42 . 2008-06-12 07:30 209 --a------ C:\WINDOWS\wininit.ini
2008-06-11 12:53 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 12:53 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Program Files\Free Download Manager
2008-06-09 20:59 . 2008-06-09 21:03 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Free Download Manager
2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-06 16:47 . 2008-06-06 16:48 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\beid-cache
2008-06-06 16:45 . 2008-06-06 16:45 <REP> d-------- C:\Program Files\EmvSmartCardReader
2008-06-06 16:45 . 2008-06-06 16:42 46 --a------ C:\WINDOWS\Hbci0606144556.bak
2008-06-06 16:42 . 2008-06-06 16:40 277 --a------ C:\WINDOWS\Hbci0606144256.bak
2008-06-06 16:40 . 2008-06-06 16:37 42 --a------ C:\WINDOWS\Hbci0606144036.bak
2008-06-06 16:37 . 2008-06-06 15:35 273 --a------ C:\WINDOWS\Hbci0606143743.bak
2008-06-06 16:33 . 2008-06-06 16:33 <REP> d-------- C:\Program Files\Belgium Identity Card
2008-06-06 16:33 . 2007-02-19 15:15 352,256 --a------ C:\WINDOWS\system32\eidlib.dll
2008-06-06 16:33 . 2007-02-19 15:16 114,688 --a------ C:\WINDOWS\system32\EIDLibCtrl.dll
2008-06-06 16:33 . 2006-05-29 14:32 77,905 --a------ C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
2008-06-06 16:33 . 2007-02-19 15:16 40,960 --a------ C:\WINDOWS\system32\eidlibj.dll
2008-06-06 15:35 . 2008-06-06 15:30 269 --a------ C:\WINDOWS\Hbci0606133531.bak
2008-06-06 15:35 . 2008-06-06 15:35 38 --a------ C:\WINDOWS\Hbci0606133532.bak
2008-06-06 15:30 . 2008-06-06 15:27 34 --a------ C:\WINDOWS\Hbci0606133048.bak
2008-06-06 15:27 . 2008-06-06 15:13 265 --a------ C:\WINDOWS\Hbci0606132745.bak
2008-06-06 15:13 . 2008-06-06 15:09 30 --a------ C:\WINDOWS\Hbci0606131327.bak
2008-06-06 15:09 . 2008-06-06 15:04 261 --a------ C:\WINDOWS\Hbci0606130940.bak
2008-06-06 15:04 . 2008-06-06 14:46 26 --a------ C:\WINDOWS\Hbci0606130441.bak
2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124645.bak
2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124644.bak
2008-06-06 14:46 . 2008-06-06 14:43 22 --a------ C:\WINDOWS\Hbci0606124642.bak
2008-06-06 14:43 . 2008-06-06 14:43 253 --a------ C:\WINDOWS\Hbci0606124317.bak
2008-06-06 14:43 . 2008-06-06 14:35 253 --a------ C:\WINDOWS\Hbci0606124316.bak
2008-06-06 14:35 . 2008-06-06 14:32 18 --a------ C:\WINDOWS\Hbci0606123537.bak
2008-06-06 14:32 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcitmp.ini
2008-06-06 14:32 . 2008-06-06 14:10 249 --a------ C:\WINDOWS\Hbci0606123231.bak
2008-06-06 14:10 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcikrnl.ini
2008-06-03 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-01 12:59 . 2008-06-01 13:00 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
2008-06-01 12:59 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-29 00:00 . 2008-05-29 00:01 <REP> d-------- C:\Documents and Settings\Jonathan\.dvdcss
2008-05-28 23:16 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\neodivxlazarus
2008-05-28 23:02 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-05-28 19:26 . 2008-05-28 19:26 <REP> d-------- C:\Program Files\Intel Corporation
2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Program Files\Alwil Software
2008-05-20 21:29 . 2008-05-20 21:29 <REP> d-------- C:\Program Files\Audacity
2008-05-19 00:03 . 2008-06-11 21:33 <REP> d-------- C:\Program Files\eChanblard
2008-05-18 12:44 . 2008-05-18 12:44 <REP> d-------- C:\Program Files\Free Audio Pack
2008-05-18 12:44 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-18 12:44 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-05-18 12:44 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-05-18 12:44 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-05-18 12:44 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-05-18 12:44 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-05-18 12:44 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-05-18 12:35 . 2000-10-06 07:17 163,600 --a------ C:\WINDOWS\system32\Wmaudsdk.dll
2008-05-13 21:53 . 2008-05-13 21:53 <REP> d-------- C:\Program Files\3ivx
2008-05-13 21:37 . 2008-05-13 21:37 <REP> d-------- C:\WINDOWS\system32\Logs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 19:14 --------- d-----w C:\Program Files\PowerArchiver
2008-06-13 18:11 296,950 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-12 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 20:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-06-11 20:30 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Azureus
2008-06-11 20:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-09 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 10:44 --------- d-----w C:\Program Files\DivX
2008-06-01 10:59 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 13:35 --------- d-----w C:\Program Files\SpeedFan
2008-05-28 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-24 10:55 --------- d-----w C:\Program Files\IEPro
2008-05-20 16:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 16:40 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Tunebite
2008-05-13 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 21:04 --------- d-----w C:\Program Files\Personal Reminder
2008-05-02 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
2008-04-30 20:49 --------- d-----w C:\Program Files\Astase
2008-04-27 21:23 --------- d-----w C:\Program Files\EAGLE-4.16r2
2008-04-25 20:38 --------- d-----w C:\Program Files\GXTranscoder.net AWE
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 19:37 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AccurateRip
2008-04-23 19:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-04-22 20:34 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ma-config.com
2008-04-22 20:26 --------- d-----w C:\Program Files\ma-config.com
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-20 19:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 19:48 22,328 ----a-w C:\Documents and Settings\Jonathan\Application Data\PnkBstrK.sys
2008-04-20 19:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-20 16:59 --------- d-----w C:\Program Files\Azureus
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-15 19:40 --------- d-----w C:\Program Files\eRightSoft
2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll
2008-04-14 02:32 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll
2008-04-14 02:32 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 02:32 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 02:32 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
2008-04-14 02:32 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_22.46.37.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 20:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 19:24:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 19:25:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-18 22:29 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 15:15 188416]
"SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 15:18 73826]
"BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 11:56 27136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22 288472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/03/2008 16:59:32 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [01/06/2008 12:59:27 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"33515:TCP"= 33515:TCP:Windows Update Service Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 15:16]
R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 15:16]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-05-07 15:15]
R3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2006-09-18 15:12]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 11:21]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 08:14]
S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Jonathan\Bureau\Nouveau dossier\NRKCTL32.SYS []
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04b5bafe-f736-11db-b03a-0015e9a33727}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d97d80-ffbb-11db-b064-0015e9a33727}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - catchme
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-13 19:25:12 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 21:34:51
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-13 21:36:31
ComboFix-quarantined-files.txt 2008-06-13 19:36:25
ComboFix2.txt 2008-06-13 18:52:43
ComboFix3.txt 2008-06-13 14:29:53
ComboFix4.txt 2008-06-12 20:47:38

Pre-Run: 205,109,104,640 octets libres
Post-Run: 205,089,792,000 octets libres

330 --- E O F --- 2008-06-11 10:57:27

Le Log de Avanger :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: "C:\owhjmpsv" is not a folder! It may instead be a file.
Deletion of folder "C:\owhjmpsv" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Completed script processing.

*******************

Finished! Terminate.

Merci à toi,

Re ,

Mais c'est pas vrai ça =(

bon une derniere tentative ,

recommence le CFScript avec :


DirLook::
C:\owhjmpsv




A++
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Re,

Voici ce que tu m'as demandé :

ComboFix 08-06-11.7 - Jonathan 2008-06-13 21:54:33.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1421 [GMT 2:00]
Endroit: C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonathan\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.

2008-06-13 15:00 . 2008-06-13 15:00 <REP> d-------- C:\Deckard
2008-06-13 14:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-13 14:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 22:13 . 2008-06-12 22:13 <REP> d-------- C:\Program Files\Trend Micro
2008-06-12 22:07 . 2008-06-12 22:07 0 --a------ C:\owhjmpsv
2008-06-12 21:58 . 2008-06-12 21:58 <REP> d-------- C:\Program Files\Unlocker
2008-06-12 18:16 . 2008-06-12 18:17 <REP> d-------- C:\Program Files\Glary Utilities
2008-06-12 05:42 . 2008-06-12 07:30 209 --a------ C:\WINDOWS\wininit.ini
2008-06-11 12:53 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 12:53 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Program Files\Free Download Manager
2008-06-09 20:59 . 2008-06-09 21:03 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Free Download Manager
2008-06-09 20:59 . 2008-06-09 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-06 16:47 . 2008-06-06 16:48 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\beid-cache
2008-06-06 16:45 . 2008-06-06 16:45 <REP> d-------- C:\Program Files\EmvSmartCardReader
2008-06-06 16:45 . 2008-06-06 16:42 46 --a------ C:\WINDOWS\Hbci0606144556.bak
2008-06-06 16:42 . 2008-06-06 16:40 277 --a------ C:\WINDOWS\Hbci0606144256.bak
2008-06-06 16:40 . 2008-06-06 16:37 42 --a------ C:\WINDOWS\Hbci0606144036.bak
2008-06-06 16:37 . 2008-06-06 15:35 273 --a------ C:\WINDOWS\Hbci0606143743.bak
2008-06-06 16:33 . 2008-06-06 16:33 <REP> d-------- C:\Program Files\Belgium Identity Card
2008-06-06 16:33 . 2007-02-19 15:15 352,256 --a------ C:\WINDOWS\system32\eidlib.dll
2008-06-06 16:33 . 2007-02-19 15:16 114,688 --a------ C:\WINDOWS\system32\EIDLibCtrl.dll
2008-06-06 16:33 . 2006-05-29 14:32 77,905 --a------ C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
2008-06-06 16:33 . 2007-02-19 15:16 40,960 --a------ C:\WINDOWS\system32\eidlibj.dll
2008-06-06 15:35 . 2008-06-06 15:30 269 --a------ C:\WINDOWS\Hbci0606133531.bak
2008-06-06 15:35 . 2008-06-06 15:35 38 --a------ C:\WINDOWS\Hbci0606133532.bak
2008-06-06 15:30 . 2008-06-06 15:27 34 --a------ C:\WINDOWS\Hbci0606133048.bak
2008-06-06 15:27 . 2008-06-06 15:13 265 --a------ C:\WINDOWS\Hbci0606132745.bak
2008-06-06 15:13 . 2008-06-06 15:09 30 --a------ C:\WINDOWS\Hbci0606131327.bak
2008-06-06 15:09 . 2008-06-06 15:04 261 --a------ C:\WINDOWS\Hbci0606130940.bak
2008-06-06 15:04 . 2008-06-06 14:46 26 --a------ C:\WINDOWS\Hbci0606130441.bak
2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124645.bak
2008-06-06 14:46 . 2008-06-06 14:46 257 --a------ C:\WINDOWS\Hbci0606124644.bak
2008-06-06 14:46 . 2008-06-06 14:43 22 --a------ C:\WINDOWS\Hbci0606124642.bak
2008-06-06 14:43 . 2008-06-06 14:43 253 --a------ C:\WINDOWS\Hbci0606124317.bak
2008-06-06 14:43 . 2008-06-06 14:35 253 --a------ C:\WINDOWS\Hbci0606124316.bak
2008-06-06 14:35 . 2008-06-06 14:32 18 --a------ C:\WINDOWS\Hbci0606123537.bak
2008-06-06 14:32 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcitmp.ini
2008-06-06 14:32 . 2008-06-06 14:10 249 --a------ C:\WINDOWS\Hbci0606123231.bak
2008-06-06 14:10 . 2008-06-06 16:45 281 --a------ C:\WINDOWS\hbcikrnl.ini
2008-06-03 22:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-01 12:59 . 2008-06-01 13:00 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
2008-06-01 12:59 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-29 00:00 . 2008-05-29 00:01 <REP> d-------- C:\Documents and Settings\Jonathan\.dvdcss
2008-05-28 23:16 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\neodivxlazarus
2008-05-28 23:02 . 2008-05-31 22:59 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-05-28 19:26 . 2008-05-28 19:26 <REP> d-------- C:\Program Files\Intel Corporation
2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
2008-05-24 20:40 . 2008-05-24 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Program Files\Alwil Software
2008-05-20 21:29 . 2008-05-20 21:29 <REP> d-------- C:\Program Files\Audacity
2008-05-19 00:03 . 2008-06-11 21:33 <REP> d-------- C:\Program Files\eChanblard
2008-05-18 12:44 . 2008-05-18 12:44 <REP> d-------- C:\Program Files\Free Audio Pack
2008-05-18 12:44 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-18 12:44 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-05-18 12:44 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-05-18 12:44 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-05-18 12:44 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-05-18 12:44 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-05-18 12:44 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-05-18 12:35 . 2000-10-06 07:17 163,600 --a------ C:\WINDOWS\system32\Wmaudsdk.dll
2008-05-13 21:53 . 2008-05-13 21:53 <REP> d-------- C:\Program Files\3ivx
2008-05-13 21:37 . 2008-05-13 21:37 <REP> d-------- C:\WINDOWS\system32\Logs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 19:53 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Azureus
2008-06-13 19:14 --------- d-----w C:\Program Files\PowerArchiver
2008-06-13 18:11 296,950 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-12 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 20:38 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-06-11 20:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-09 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 10:44 --------- d-----w C:\Program Files\DivX
2008-06-01 10:59 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 13:35 --------- d-----w C:\Program Files\SpeedFan
2008-05-28 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-24 10:55 --------- d-----w C:\Program Files\IEPro
2008-05-20 16:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 16:40 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Tunebite
2008-05-13 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 21:04 --------- d-----w C:\Program Files\Personal Reminder
2008-05-02 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
2008-04-30 20:49 --------- d-----w C:\Program Files\Astase
2008-04-27 21:23 --------- d-----w C:\Program Files\EAGLE-4.16r2
2008-04-25 20:38 --------- d-----w C:\Program Files\GXTranscoder.net AWE
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 19:37 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AccurateRip
2008-04-23 19:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-04-22 20:34 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ma-config.com
2008-04-22 20:26 --------- d-----w C:\Program Files\ma-config.com
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-20 19:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 19:48 22,328 ----a-w C:\Documents and Settings\Jonathan\Application Data\PnkBstrK.sys
2008-04-20 19:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-20 16:59 --------- d-----w C:\Program Files\Azureus
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-15 19:40 --------- d-----w C:\Program Files\eRightSoft
2008-04-14 15:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll
2008-04-14 02:32 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll
2008-04-14 02:32 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 02:32 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 02:32 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
2008-04-14 02:32 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\owhjmpsv ----

C:\owhjmpsv\


((((((((((((((((((((((((((((( snapshot@2008-06-12_22.46.37.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 20:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 19:40:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 19:40:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_47c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-18 22:29 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 15:15 188416]
"SmartMon"="C:\Program Files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 15:18 73826]
"BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 11:56 27136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22 288472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/03/2008 16:59:32 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [01/06/2008 12:59:27 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"33515:TCP"= 33515:TCP:Windows Update Service Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 15:16]
R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 15:16]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-05-07 15:15]
R3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2006-09-18 15:12]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 11:21]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 08:14]
S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Jonathan\Bureau\Nouveau dossier\NRKCTL32.SYS []
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04b5bafe-f736-11db-b03a-0015e9a33727}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d97d80-ffbb-11db-b064-0015e9a33727}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-13 19:40:14 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 21:58:41
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-13 22:00:16
ComboFix-quarantined-files.txt 2008-06-13 20:00:10
ComboFix2.txt 2008-06-13 19:36:34
ComboFix3.txt 2008-06-13 18:52:43
ComboFix4.txt 2008-06-13 14:29:53
ComboFix5.txt 2008-06-12 20:47:38

Pre-Run: 205,072,531,456 octets libres
Post-Run: 205,052,174,336 octets libres

334 --- E O F --- 2008-06-11 10:57:27

Re ,

Va dans C:\

Supprime ce dossier :

owhjmpsv



Des soucis a la suppression ?

a++
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Re,

J'ai trouvé un fichier et un Le fichier était dans C:/ et le dossier dans C:\QooBox\Quarantine\C.

J'ai donc réussi à les supprimer et il ne sont pas revenus.

A+

Re ,

Reposte un rapport DSS.

A++
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
Re,

Voilà msieur :

Deckard's System Scanner v20071014.68
Run by Jonathan on 2008-06-13 22:49:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jonathan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:03, on 13/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\EmvSmartCardReader\SmartMON.exe
C:\Program Files\EmvSmartCardReader\BePCSC.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jonathan\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Rechercher sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://gathol.forumgaming.fr/
O15 - Trusted Zone: http://drenai.realbb.net
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.slayersonline.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Re !

avant toute chose , as-tu encore des soucis ?

a++
Messages postés
152
Date d'inscription
dimanche 10 mars 2002
Statut
Membre
Dernière intervention
12 septembre 2012
1
(je verrai pour les problèmes demain, je ferai une analyse Spybot (qui me détectait des trucs, avast, etc)

Seulement, sais-tu pourquoi le résident d'avast a disparu de ma barre des tâches ? Et comment le remettre, je n'ai rien trouvé.

Merci pour tout et passe une très bonne nuit !

Jtb

Re ,

Pour Avast à mon avis , faudra le réinstaller.

On verra demain ;)))

bonne nuit
A++