Re bonjour,
Désolé d’ouvrir un nouveau topic mais je n’arrive à nouveau plus à afficher les pages contenant le mot hij****his ni a utiliser le logiciel en question (les fenêtres se ferment immédiatement). En conséquence je n’arrive plus non plus à lire mon topic de départ dans lequel j’ai utilisé ce mot. J’ai donc remplacé quelques lettres de ce mot par des étoiles en espérant que cela fonctionne.
Vous trouvez ci-dessous le topic initial qu’un ami m’a envoyé au format word par mail (seul moyen que j’ai trouvé pour pouvoir le lire).
Note pour guigui 14100 le rapport combofix se trouve tout en bas.
J’ai aussi supprimer O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll avec le programm lsp_fix.
Merci d’avance
Résumé du topic initial:
Trojan introuvable, rapport hij****his impossible, processus bizare
le 22 Août 08 à 23h11
rapport hij****his impossible (résolu)
Bonjour ,
J’ai une série de problèmes et questions :
1- Avira, mon antivirus detecte “TR/Dropper.Gen Trojan” dans un fichier sous forme de nombre (nombre qui change a chaque fois) exemple 21003210.exe et qui serai localisé dans doc and setting/…/local set/Temp/21003210.exe … or avira ne peut le supprimer car il n’y a pas de fichier de ce nom dans le dossier temp ni ailleurs (j’ai vérifié avec une recherche).
Au scann avira (de même qu’avast) ne trouve rien, Malwarebytes’ Anti-Malware, spybot, adwar non plus.
2- Depuis une précédente infection mes naviguateur ne peuvent plus m’afficher les pages contenant le mot hij****his (donc par de rapport possible).
3- J’ai un processus que je trouve bizare “McAfee-Center.exe” avec un dossier c:\windows\mcafee-center.exe" qui se connecte à internet (vu grace a TCPview). Or je n’ai pas souvenir d’avoir installer de produit Mcaffe (mais bon je peux me tromper). Je n’ai pas trouver d’information sur ce processus. sauf sur deux site en langue etrangere.
En dehors de ca mon ordi reste tout a fait fonctionnel et ne montre pas de pertubation…mais ces alertes (de frequence irreguliere) m’intrigue.
Qu’en pensez-vous ?
Merci d’avance.
Edité le 23/08/2008 à 00:00
guigui14100
le 22 Août 08 à 23h21
Salut
Suis cette procédure
xio
le 22 Août 08 à 23h51
J’ai deja effectue les scann en mode sans echec par contre j’ai reussi a telecharger hij****his en ouvrant les liens qui contiennent ce nom en faisant ctrl+clic sur le lien.
voici les rapports
Logfile of Trend Micro Hij****his v2.0.2
Scan saved at 23:33:43, on 22/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Séverine\Mes documents\Téléchargement\TcpView\Tcpview.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Séverine\Local Settings\Temporary Internet Files\Content.IE5\WPCY2L4V\Hij****his[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,“c:\windows\mcafee-center.exe”,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20EE00CD-7A9D-90DF-F66A-CE9617C4E174} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C965ECA2-2AFA-49EB-B7FF-2425E650560F} - (no file)
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - (no file)
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:Program… Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2Office12EXCEL.EXE…
O8 - Extra context menu item: Save Flash with Flash Catcher - C:Program… Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un favori mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra ‘Tools’ menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll
O15 - Trusted Zone: www.secuser.com…
O16 - DPF: fdjeux - www.fdjeux.net…
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - components.metastream.com…
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - install.anark.com…
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - www.nvidia.com…
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - support.f-secure.com…
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - www.systemrequirementslab.com…
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photobox.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O20 - AppInit_DLLs: zinforms.dll
O20 - Winlogon Notify: ljJCsqPf - ljJCsqPf.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Access Procedur Protect - Unknown owner - C:\WINDOWS\system32\protect.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
–
End of file - 12468 bytes
Malwarebytes’ Anti-Malware 1.24
Version de la base de données: 1053
Windows 5.1.2600 Service Pack 3
21:33:07 20/08/2008
mbam-log-8-20-2008 (21-33-07).txt
Type de recherche: Examen complet (A:|C:|D:|E:|F:|G:|)
Eléments examinés: 276539
Temps écoulé: 6 hour(s), 16 minute(s), 7 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Avira AntiVir Personal
Report file date: mercredi 20 août 2008 15:00
Scanning for 1563576 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: Séverine
Computer name: DAVID-JA300QQ99
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 13:59:39
ANTIVIR3.VDF : 7.0.6.38 175104 Bytes 19/08/2008 19:55:46
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 18/08/2008 19:55:51
AESCN.DLL : 8.1.0.23 119156 Bytes 13/08/2008 13:57:35
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 13/08/2008 13:57:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 18/08/2008 19:55:50
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 18/08/2008 19:55:50
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 18/08/2008 19:55:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 13/08/2008 13:57:29
AECORE.DLL : 8.1.1.8 172406 Bytes 13/08/2008 13:57:29
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 13/08/2008 13:57:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:, E:, F:,
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Intelligent file selection
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: medium
Start of the scan: mercredi 20 août 2008 15:00
The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘mbam.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘McAfee-Center.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector ‘C:’
[INFO] No virus was found!
Boot sector ‘E:’
[INFO] No virus was found!
Boot sector ‘F:’
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\netvqdbg.exe
[WARNING] The file could not be opened!
The registry was scanned ( ‘56’ files ).
Starting the file scan:
Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Séverine\Mes documents\Téléchargement\Réinstalle\driver imprimante stylus color 760.exe
[0] Archive type: ZIP SFX (self extracting)
–> SC760/WIN9X/EB3ST000.DA_
[1] Archive type: MSCOMPRESS
–> 00000007-3CD72621.av$
[2] Archive type: CAB SFX (self extracting)
–> \AGENTNT_T\SAGENTNT.EXE
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Fichiers communs\Microsoft Shared\bus.exe
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Microsoft Shared\Nlq.exe
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Microsoft Shared\ZgGlj.exe
[WARNING] The file could not be opened!
C:\WINDOWS\McAfee-Center.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\netvqdbg.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\winqzupd.dll
[WARNING] The file could not be opened!
Begin scan in ‘E:’
Begin scan in ‘F:’
End of the scan: mercredi 20 août 2008 20:43
Used time: 5:42:52 Hour(s)
The scan has been done completely.
11633 Scanning directories
578176 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
8 Files cannot be scanned
578168 Files not concerned
6533 Archives were scanned
9 Warnings
0 Notes
Merci de vote aide
guigui14100
Hier 00h 04mn 45s
Ouvre hij****his coche
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O20 - Winlogon Notify: ljJCsqPf - ljJCsqPf.dll (file missing)
Fichier infectieux
O2 - BHO: (no name) - {20EE00CD-7A9D-90DF-F66A-CE9617C4E174} - (no file)
O2 - BHO: (no name) - {C965ECA2-2AFA-49EB-B7FF-2425E650560F} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - (no file)
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - install.anark.com…
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - www.nvidia.com…
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - support.f-secure.com…
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - www.systemrequirementslab.com…
Fichier inutile
Et fait fixed checked
Upload c’est fichier sur virus total
c:\windows\mcafee-center.exe
C:\WINDOWS\system32\netvqdbg.exe
C:Program… Files\Fichiers communs\Justdo\IECatcher.DLL
c:\windows\system32\winqzupd.dll
Et colle les rapports
xio
Hier 00h 56mn 15s
Tout d’abord merci de ton coup de main…
Voici le nouveau rapport
Logfile of Trend Micro Hij****his v2.0.2
Scan saved at 00:45:56, on 23/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Séverine\Local Settings\Temporary Internet Files\Content.IE5\0R332DMA\Hij****his[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,“c:\windows\mcafee-center.exe”,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:Program… Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2Office12EXCEL.EXE…
O8 - Extra context menu item: Save Flash with Flash Catcher - C:Program… Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un favori mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra ‘Tools’ menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll
O15 - Trusted Zone: www.secuser.com…
O16 - DPF: fdjeux - www.fdjeux.net…
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - components.metastream.com…
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photobox.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O20 - AppInit_DLLs: zinforms.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Access Procedur Protect - Unknown owner - C:\WINDOWS\system32\protect.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
–
End of file - 11330 bytes
Si je suis ta logique tu n’aurais pas oublié O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
? ^^
Pour ce qui est de virus total tous les fichiers dans c:/windows/… n’ont pas été recu (j’ai le message"0 bytes size received"
pour celui dans programme files voici le rapport :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.21.0 2008.08.22 -
AntiVir 7.8.1.23 2008.08.22 -
Authentium 5.1.0.4 2008.08.23 -
Avast 4.8.1195.0 2008.08.22 -
AVG 8.0.0.161 2008.08.22 -
BitDefender 7.2 2008.08.23 -
CAT-QuickHeal 9.50 2008.08.22 -
ClamAV 0.93.1 2008.08.23 -
DrWeb 4.44.0.09170 2008.08.22 -
eSafe 7.0.17.0 2008.08.21 -
eTrust-Vet 31.6.6040 2008.08.22 -
Ewido 4.0 2008.08.22 -
F-Prot 4.4.4.56 2008.08.23 -
F-Secure 7.60.13501.0 2008.08.22 -
Fortinet 3.14.0.0 2008.08.22 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.22 -
K7AntiVirus 7.10.425 2008.08.22 -
Kaspersky 7.0.0.125 2008.08.23 -
McAfee 5368 2008.08.22 -
Microsoft 1.3807 2008.08.23 -
NOD32v2 3381 2008.08.22 -
Norman 5.80.02 2008.08.22 -
Panda 9.0.0.4 2008.08.22 -
PCTools 4.4.2.0 2008.08.22 -
Prevx1 V2 2008.08.23 -
Rising 20.58.42.00 2008.08.22 -
Sophos 4.32.0 2008.08.23 -
Sunbelt 3.1.1571.1 2008.08.22 -
Symantec 10 2008.08.23 -
TheHacker 6.3.0.6.058 2008.08.22 -
TrendMicro 8.700.0.1004 2008.08.22 -
VBA32 3.12.8.4 2008.08.22 -
ViRobot 2008.8.22.1346 2008.08.22 -
VirusBuster 4.5.11.0 2008.08.22 -
Webwasher-Gateway 6.6.2 2008.08.22 -
Information additionnelle
File size: 147456 bytes
MD5…: 62ddbd414bf762d166a58085514819a4
SHA1…: 0f19c53c18ea71670492b414163ea2bbc81bf971
SHA256: 855d3666555d951226e3d3ae23297fca91c661642f4d56053ed9b7ca70a95ffc
SHA512: d732fa1371a35db1451e60c2821a783841c32ba7abc68c6f34f8ade3f23ff5cb
0ba3ab4c6256af911116ecfa50a3c6c2138c04ad0a55795477f8796787ec166b
PEiD…: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000d749
timedatestamp…: 0x44191def (Thu Mar 16 08:12:31 2006)
machinetype…: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11542 0x12000 6.46 adb1758e55496af5bcf673ef810ffcbd
.rdata 0x13000 0x3756 0x4000 4.58 1db6202d85e3423629feea0a8b12a407
.data 0x17000 0x3a44 0x4000 1.47 cffcb62b77c87ba3f14b4a8a24458f1f
.rsrc 0x1b000 0x5208 0x6000 4.70 8d822d8afa489a03a76a6a90fa6ded78
.reloc 0x21000 0x209c 0x3000 3.75 58f1ae38da8a513733919db6627dafd7
( 10 imports )
KERNEL32.dll: DisableThreadLibraryCalls, GetShortPathNameA, GetModuleHandleA, FreeLibrary, SizeofResource, GetLastError, LoadLibraryExA, lstrcmpiA, OutputDebugStringA, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, GetProcAddress, LoadLibraryA, lstrcpyA, lstrcatA, CreateThread, OpenFile, LocalFree, DebugBreak, GetSystemDefaultLangID, FlushInstructionCache, WideCharToMultiByte, GetCurrentProcess, GetCurrentThreadId, lstrcmpA, InterlockedIncrement, lstrcpynA, IsDBCSLeadByte, GetModuleFileNameA, GlobalHandle, GlobalAlloc, FindResourceA, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, GetEnvironmentVariableA, GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, GetStringTypeA, HeapSize, TerminateProcess, ExitProcess, TlsGetValue, SetLastError, TlsFree, TlsAlloc, TlsSetValue, RaiseException, GetVersion, GetCommandLineA, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, InterlockedDecrement, Sleep, GetVersionExA, FreeResource, GlobalFree, GetEnvironmentStringsW, WriteFile, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, LockResource, GlobalLock, LoadResource, lstrlenW, LCMapStringW, MultiByteToWideChar, lstrlenA, LeaveCriticalSection, EnterCriticalSection, GlobalUnlock, LCMapStringA
USER32.dll: RegisterClassExA, DialogBoxIndirectParamA, RegisterWindowMessageA, MessageBoxA, LoadCursorA, LoadStringA, SetCursor, CharNextA, wvsprintfA, GetMenu, GetActiveWindow, EndDialog, DestroyWindow, ShowWindow, wsprintfA, SendMessageA, EnableWindow, GetDlgItem, AdjustWindowRectEx, IsWindowEnabled, DrawEdge, GetSystemMetrics, InflateRect, DrawFocusRect, KillTimer, ClientToScreen, PtInRect, GetDlgCtrlID, GetCapture, SetTimer, UpdateWindow, CreateWindowExA, GetClassNameA, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableA, GetDC, GetDesktopWindow, ReleaseDC, RedrawWindow, IsWindow, BeginPaint, FillRect, EndPaint, CallWindowProcA, GetFocus, IsChild, SetFocus, GetSysColor, GetParent, GetWindowRect, SystemParametersInfoA, GetClientRect, MapWindowPoints, SetWindowPos, CreateDialogIndirectParamA, CheckRadioButton, GetWindowLongA, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, SetWindowLongA, GetWindow, DefWindowProcA, GetClassInfoExA
GDI32.dll: CreateCompatibleBitmap, BitBlt, SelectObject, DeleteDC, DeleteObject, CreateSolidBrush, CreateCompatibleDC, GetObjectA, GetStockObject, GetDeviceCaps, TextOutA, CreateFontIndirectA
ADVAPI32.dll: RegQueryInfoKeyA, RegCloseKey, RegEnumKeyExA, RegCreateKeyExA, RegSetValueExA, RegEnumValueA, RegDeleteKeyA, RegQueryValueExA, RegDeleteValueA, RegOpenKeyExA
SHELL32.dll: SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc
ole32.dll: StringFromCLSID, CoTaskMemAlloc, CoTaskMemRealloc, OleLockRunning, OleInitialize, CreateStreamOnHGlobal, CoTaskMemFree, CoCreateInstance, CLSIDFromString, CLSIDFromProgID, OleUninitialize
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
WININET.dll: InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetCloseHandle
urlmon.dll: URLDownloadToFileA
COMCTL32.dll: ImageList_Draw, ImageList_Destroy, _TrackMouseEvent, ImageList_GetIconSize
Merci encore
Edité le 23/08/2008 à 00:57
cricri58
Hier 04h 36mn 45s
Bonjour
Tas Avira Antivivir Bien ,mais pas de Firewall moins bien
PC Tools Firewall Plus
www.clubic.com…
ou
Sunbelt Personal Firewall
www.clubic.com…
ou
www.commentcamarche.net…
Tutoriel
www.malekal.com…
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - (no file)
celui pas beau
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll
Inconnu
O20 - AppInit_DLLs: zinforms.dll
alain77310
Hier 14h 35mn 18s
:hello: cricri58
a fixer
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”
O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll Ne pas effacer cette inscription manuellement, essayez plutôt de vous en débarrasser avec le programm lsp_fix.
guigui14100
Hier 18h 52mn 48s
Je te prépare un script de désinsfection;) (aprés le combofix)
Utilise combofix
Laisse le travailler et colle le rapport
Edité le 23/08/2008 à 18:53
Rapport combofix :
ComboFix 08-08-23.03 - Séverine 2008-08-24 21:18:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.871 [GMT 2:00]
Endroit: C:\Documents and Settings\Séverine\Mes documents\Téléchargement\ComboFix2.exe
- Création d’un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Séverine\Bureaublackbird.jpg
C:\Documents and Settings\Séverine\BureauEditorFKWP1.5.exe
C:\Documents and Settings\Séverine\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Séverine\Bureaufilemanagerclient.exe
C:\Documents and Settings\Séverine\Bureaufkwp1.5.exe
C:\Documents and Settings\Séverine\Bureaufkwp2.0.exe
C:\Documents and Settings\Séverine\Bureaufwebd.exe
C:\Documents and Settings\Séverine\BureauFWebdEditor.exe
C:\Documents and Settings\Séverine\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Séverine\Bureauvirii
C:\WINDOWS\10.tmp
C:\WINDOWS\12.tmp
C:\WINDOWS\system32\EegMUvut.ini
C:\WINDOWS\system32\EegMUvut.ini2
C:\WINDOWS\system32\gyxknjfw.ini
C:\WINDOWS\system32\k11288966053.exe
C:\WINDOWS\system32\llk1128896596.h
C:\WINDOWS\system32\llk1191968574.h
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\system
----- BITS: Possible sites infect?s -----
72.232.8.204…
.
((((((((((((((((((((((((((((( Fichiers cr??s 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))))))))
.
2008-08-21 04:13 . 2008-08-21 04:13 d-------- C:\WINDOWS\nview
2008-08-21 04:13 . 2008-08-24 21:27 186,097 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-21 04:13 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-21 01:54 . 2008-08-21 01:54 d-------- C:\Program Files\REGSHAVE
2008-08-21 01:54 . 2008-08-21 02:19 d-------- C:\Program Files\FinePixViewer
2008-08-21 01:54 . 2003-09-03 16:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-08-21 01:54 . 2006-07-12 14:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-08-21 01:54 . 2004-07-24 21:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-08-21 01:54 . 2001-11-25 22:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-08-21 01:54 . 2002-02-06 03:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-08-21 01:54 . 2002-02-27 22:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-08-21 01:54 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-08-21 01:54 . 2002-02-13 21:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-08-20 03:58 . 2003-10-08 18:10 262,144 --a------ C:\WINDOWS\AN8B1007.BIN
2008-08-20 02:28 . 2008-08-20 03:58 221,012 --a------ C:\WINDOWS\AN8B1007.zip
2008-08-20 00:25 . 2000-03-29 16:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-08-18 15:22 . 2008-08-18 15:22 d-------- C:\WINDOWS\system32\fr
2008-08-18 03:57 . 2008-08-18 03:51 25,820,945 --a------ C:\WINDOWS\LPT$VPN.481
2008-08-18 03:51 . 2008-08-18 03:51 1,964,523 --a------ C:\WINDOWS\tsc.ptn
2008-08-18 03:51 . 2008-08-18 03:51 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-08-18 03:51 . 2008-08-18 03:51 333,576 --a------ C:\WINDOWS\TSC.exe
2008-08-18 03:51 . 2008-08-18 03:51 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-08-18 03:51 . 2008-08-18 03:51 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-08-18 03:51 . 2008-08-20 01:54 823 --a------ C:\WINDOWS\tsc.ini
2008-08-18 03:50 . 2008-08-18 03:51 d-------- C:\WINDOWS\AU_Temp
2008-08-18 03:50 . 2008-08-18 03:51 25,820,945 --a------ C:\WINDOWS\VPTNFILE.481
2008-08-18 03:50 . 2008-08-18 03:50 170 --a------ C:\WINDOWS\GetServer.ini
2008-08-18 03:37 . 2008-08-18 03:50 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-08-18 03:37 . 2008-08-18 03:50 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-08-18 03:37 . 2008-08-18 03:50 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-08-17 13:53 . 2008-06-14 19:33 272,768 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-17 04:53 . 2008-08-17 04:53 d-------- C:\WINDOWS\l2schemas
2008-08-17 00:43 . 2008-08-17 14:11 d-------- C:\Program Files\Sarkophage
2008-08-15 13:52 . 2008-08-15 13:52 d-------- C:\Documents and Settings\LocalService.AUTORITE NT.001\Mes documents
2008-08-13 15:56 . 2008-08-13 15:56 d-------- C:\Program Files\Avira
2008-08-13 15:56 . 2008-08-13 15:56 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-08-13 13:37 . 2005-06-29 03:49 74,240 --a------ C:\WINDOWS\system32\SETE2.tmp
2008-08-13 12:55 . 2008-04-11 21:05 691,712 -----c— C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 02:19 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 11:04 . 2008-08-10 11:04 52,324 -ra------ C:\WINDOWS\system32\netvqdbg.exe
2008-08-10 11:04 . 2008-08-10 11:04 37,031 -ra------ C:\WINDOWS\system32\winqzupd.dll
2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 08:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-08-24 00:17 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-24 00:17 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-22 00:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 23:52 --------- d-----w C:\Program Files\DivX
2008-08-21 00:19 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-20 22:51 --------- d-----w C:\Program Files\MSN Messenger
2008-08-17 14:34 --------- d-----w C:\Program Files\Fastlab Print Service
2008-08-17 14:34 --------- d-----w C:\Program Files\Calculateur de Spellcraft
2008-08-13 11:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-08-13 01:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-12 00:22 --------- d-----w C:\Program Files\Malwarebytes’ Anti-Malware
2008-08-10 09:02 --------- d-----w C:\Program Files\Google
2008-08-04 09:48 --------- d-----w C:\Program Files\QuickTime
2008-07-30 18:07 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-10 12:22 --------- d-----w C:\Program Files\Azureus
2008-07-08 00:27 --------- d-----w C:\Program Files\ASUS LifeFrame
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es(5).dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es(3).dll
2008-07-03 01:04 2,560 ----a-w C:\WINDOWS_MSRSTRT.EXE
2008-07-03 01:02 --------- d-----w C:\Program Files\livredephotos
2008-07-03 01:02 --------- d-----w C:\Program Files\Extrafilm FotoFacil
2008-07-01 16:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-07-01 16:27 --------- dcsh–w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-01 16:27 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-25 23:52 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms(4).dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock(4).dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dnsapi(4).dll
2005-04-02 19:19 5,120 --sha-w C:\Program Files\Thumbs.db
2005-01-18 09:40 79,673 ----a-w C:\Program Files\UNINST.ISU
1998-02-25 17:59 199,978 ----a-r C:\Program Files\MAIN.BMP
2004-03-01 11:25 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll
2006-06-13 13:10 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 04:33 15360]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe” [2006-06-21 01:20 1211176]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 06:24 286720]
“TkBellExe”=“C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” [2008-07-17 22:57 185896]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-06-12 14:28 266497]
“REGSHAVE”=“C:\Program Files\REGSHAVE\REGSHAVE.EXE” [2002-02-04 22:32 53248]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-05-16 14:01 13529088]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-05-16 14:01 86016]
“nwiz”=“nwiz.exe” [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
“RegisterDropHandler”=“C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE” [1998-12-14 10:42 23040]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 04:33 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
“2201092326”=“C:\WINDOWS\system32\netvqdbg.exe” [2008-08-10 11:04 52324]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=“c:\windows\system32\userinit.exe,“c:\windows\mcafee-center.exe”,”
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3acm”= l3codecp.acm
“vidc.DIV3”= DivXc32.dll
“vidc.DIV4”= DivXc32f.dll
“msacm.divxa32”= DivXa32.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^desktop(2).ini]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\desktop(2).ini
backup=C:\WINDOWS\pss\desktop(2).iniCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2007.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2007.lnk
backup=C:\WINDOWS\pss\Hyperappel du Petit Larousse 2007.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d’Adobe Reader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d’Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d’Adobe Reader.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^ScanPanel.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\ScanPanel.lnk
backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^Séverine^Menu Démarrer^Programmes^Démarrage^dcu.lnk]
path=C:\Documents and Settings\Séverine\Menu Démarrer\Programmes\Démarrage\dcu.lnk
backup=C:\WINDOWS\pss\dcu.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^Séverine^Menu Démarrer^Programmes^Démarrage^DeliveryManager.lnk]
path=C:\Documents and Settings\Séverine\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk
backup=C:\WINDOWS\pss\DeliveryManager.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^Séverine^Menu Démarrer^Programmes^Démarrage^reminder.lnk]
path=C:\Documents and Settings\Séverine\Menu Démarrer\Programmes\Démarrage\reminder.lnk
backup=C:\WINDOWS\pss\reminder.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
–a------ 2007-10-07 17:08 140568 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
–a------ 2007-10-07 17:36 904880 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
–a------ 2007-12-22 09:20 222080 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
–a------ 2004-12-16 17:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
–a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
–a------ 2005-07-22 10:42 1519616 C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
–a------ 2006-11-22 22:10 151552 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
–a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
–a------ 2001-08-28 16:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
–a------ 2004-08-04 07:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
–a------ 2004-03-24 18:41 1294446 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
–a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
–a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
–a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
–a------ 2008-07-17 22:57 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
–a------ 2007-10-07 17:01 2620336 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast2KLoadDefault]
–a------ 2008-04-13 14:32 668672 C:\WINDOWS\system32\WF2KCPL.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFoxV2]
–a------ 2008-04-13 14:33 1490944 C:\WINDOWS\system32\Wf2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
–a------ 2005-08-31 12:54 3084288 C:\Program Files\Yahoo!\Messenger\YPager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
–a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
–a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\ASUS\AsusUpdate\Update.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\Yahoo!\Messenger\YPager.exe”=
“C:\Program Files\Yahoo!\Messenger\YServer.exe”=
“C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe”=
“C:\Program Files\Real\RealPlayer\realplay.exe”=
“C:\Program Files\iTunes\iTunes.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“C:\Program Files\Wolfenstein - Enemy Territory\ET.exe”=
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\TrackMania Nations ESWC Special Edition\TmNationsESWC.exe”=
“C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe”=
“C:\Program Files\CyberLink\PCM4Everio\EverioService.exe”=
“C:\WINDOWS\system32\WinFox\Living\wfupdate.exe”=
“C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“6712:TCP”= 6712:TCP:azureus
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-04-15 17:51]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 11:19]
S2 Remote Access Procedur Protect;Remote Access Procedur Protect;C:\WINDOWS\system32\protect.exe []
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys [2001-06-07 17:56]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids00089;ids00089;C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00089.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7df2645b-0a21-11dd-a88b-00195b758ab3}]
\Shell\AutoRun\command - H:\setup.exe
.
Contenu du dossier ‘Scheduled Tasks/T?ches planifi?es’
2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
. -
-
-
- ORPHANS REMOVED - - - -
-
-
HKLM-RunServices-MS MSN Menssenger 7.0 - MSMSN7.exe
HKU-Default-Run-MS MSN Menssenger 7.0 - MSMSN7.exe
MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-Acrobat Assistant 7 - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-AVPSrv - C:\WINDOWS\AVPSrv.exe
MSConfigStartUp-gegewwwghg - c:\windows\system32\gegewwwghg.exe
MSConfigStartUp-GenProtect - C:\WINDOWS\slnjuw.exe
MSConfigStartUp-jfotoxvz - C:\WINDOWS\system32\jkxqngly.exe
MSConfigStartUp-Kvsc3 - C:\WINDOWS\Kvsc3.exe
MSConfigStartUp-MailSkinner - c:\program files\mailskinner\mailskinner.exe
MSConfigStartUp-mppds - C:\WINDOWS\mppds.exe
MSConfigStartUp-msccrt - C:\WINDOWS\msccrt.exe
MSConfigStartUp-MsIMMs32 - C:\WINDOWS\MsIMMs32.exe
MSConfigStartUp-NVMixerTray - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
MSConfigStartUp-PaperPort PTD - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
MSConfigStartUp-SSBkgdUpdate - C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Zone Labs Client - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
MSConfigStartUp-MS MSN Menssenger 7 - MSMSN7.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Séverine\Application Data\Mozilla\Firefox\Profiles\qizamhbx.default
.
.
------- File Associations (Beta) -------
.
scrfile="%1" %*
.
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-08-24 21:27:44
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach?s …
Balayage cach? autostart entries …
Balayage des fichiers cach?s …
Scan termin? avec succ?s
Les fichiers cach?s: 0
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UpdZkn]
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\WINDOWS\McAfee-Center.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\WgaTray.exe
.
.
Temps d’accomplissement: 2008-08-24 21:34:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 19:34:18
Pre-Run: 36,115,083,264 octets libres
Post-Run: 36,049,817,600 octets libres
351 — E O F — 2008-08-18 16:30:50
Voilà
Edité le 26/08/2008 à 00:20