Forum Clubic

Infection, utilisation et affichage des pages contenant hij****his impossible (suite)

Re bonjour,

Désolé d’ouvrir un nouveau topic mais je n’arrive à nouveau plus à afficher les pages contenant le mot hij****his ni a utiliser le logiciel en question (les fenêtres se ferment immédiatement). En conséquence je n’arrive plus non plus à lire mon topic de départ dans lequel j’ai utilisé ce mot. J’ai donc remplacé quelques lettres de ce mot par des étoiles en espérant que cela fonctionne.
Vous trouvez ci-dessous le topic initial qu’un ami m’a envoyé au format word par mail (seul moyen que j’ai trouvé pour pouvoir le lire).

Note pour guigui 14100 le rapport combofix se trouve tout en bas.
J’ai aussi supprimer O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll avec le programm lsp_fix.

Merci d’avance :slight_smile:

Résumé du topic initial:
Trojan introuvable, rapport hij****his impossible, processus bizare
le 22 Août 08 à 23h11

rapport hij****his impossible (résolu)

Bonjour :slight_smile: ,

J’ai une série de problèmes et questions :
1- Avira, mon antivirus detecte “TR/Dropper.Gen Trojan” dans un fichier sous forme de nombre (nombre qui change a chaque fois) exemple 21003210.exe et qui serai localisé dans doc and setting/…/local set/Temp/21003210.exe … or avira ne peut le supprimer car il n’y a pas de fichier de ce nom dans le dossier temp ni ailleurs (j’ai vérifié avec une recherche).

Au scann avira (de même qu’avast) ne trouve rien, Malwarebytes’ Anti-Malware, spybot, adwar non plus.

2- Depuis une précédente infection mes naviguateur ne peuvent plus m’afficher les pages contenant le mot hij****his (donc par de rapport possible).

3- J’ai un processus que je trouve bizare “McAfee-Center.exe” avec un dossier c:\windows\mcafee-center.exe" qui se connecte à internet (vu grace a TCPview). Or je n’ai pas souvenir d’avoir installer de produit Mcaffe (mais bon je peux me tromper). Je n’ai pas trouver d’information sur ce processus. sauf sur deux site en langue etrangere.

En dehors de ca mon ordi reste tout a fait fonctionnel et ne montre pas de pertubation…mais ces alertes (de frequence irreguliere) m’intrigue.

Qu’en pensez-vous ?

Merci d’avance. :slight_smile:
Edité le 23/08/2008 à 00:00

guigui14100
le 22 Août 08 à 23h21

Salut

Suis cette procédure :wink:

xio
le 22 Août 08 à 23h51

J’ai deja effectue les scann en mode sans echec par contre j’ai reussi a telecharger hij****his en ouvrant les liens qui contiennent ce nom en faisant ctrl+clic sur le lien.

voici les rapports

Logfile of Trend Micro Hij****his v2.0.2
Scan saved at 23:33:43, on 22/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Séverine\Mes documents\Téléchargement\TcpView\Tcpview.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Séverine\Local Settings\Temporary Internet Files\Content.IE5\WPCY2L4V\Hij****his[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,“c:\windows\mcafee-center.exe”,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20EE00CD-7A9D-90DF-F66A-CE9617C4E174} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C965ECA2-2AFA-49EB-B7FF-2425E650560F} - (no file)
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - (no file)
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:Program… Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2Office12EXCEL.EXE…
O8 - Extra context menu item: Save Flash with Flash Catcher - C:Program… Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un favori mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra ‘Tools’ menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll
O15 - Trusted Zone: www.secuser.com
O16 - DPF: fdjeux - www.fdjeux.net
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - components.metastream.com
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - install.anark.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - www.nvidia.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - www.nvidia.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - support.f-secure.com
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - www.systemrequirementslab.com
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photobox.fr
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com
O20 - AppInit_DLLs: zinforms.dll
O20 - Winlogon Notify: ljJCsqPf - ljJCsqPf.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Access Procedur Protect - Unknown owner - C:\WINDOWS\system32\protect.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe


End of file - 12468 bytes

Malwarebytes’ Anti-Malware 1.24
Version de la base de données: 1053
Windows 5.1.2600 Service Pack 3

21:33:07 20/08/2008
mbam-log-8-20-2008 (21-33-07).txt

Type de recherche: Examen complet (A:|C:|D:|E:|F:|G:|)
Eléments examinés: 276539
Temps écoulé: 6 hour(s), 16 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Avira AntiVir Personal
Report file date: mercredi 20 août 2008 15:00

Scanning for 1563576 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: Séverine
Computer name: DAVID-JA300QQ99

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 13:59:39
ANTIVIR3.VDF : 7.0.6.38 175104 Bytes 19/08/2008 19:55:46
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 18/08/2008 19:55:51
AESCN.DLL : 8.1.0.23 119156 Bytes 13/08/2008 13:57:35
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 13/08/2008 13:57:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 18/08/2008 19:55:50
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 18/08/2008 19:55:50
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 18/08/2008 19:55:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 13/08/2008 13:57:29
AECORE.DLL : 8.1.1.8 172406 Bytes 13/08/2008 13:57:29
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 13/08/2008 13:57:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:, E:, F:,
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Intelligent file selection
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: medium

Start of the scan: mercredi 20 août 2008 15:00

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘mbam.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘McAfee-Center.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector ‘C:’
[INFO] No virus was found!
Boot sector ‘E:’
[INFO] No virus was found!
Boot sector ‘F:’
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\netvqdbg.exe
[WARNING] The file could not be opened!
The registry was scanned ( ‘56’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Séverine\Mes documents\Téléchargement\Réinstalle\driver imprimante stylus color 760.exe
[0] Archive type: ZIP SFX (self extracting)
–> SC760/WIN9X/EB3ST000.DA_
[1] Archive type: MSCOMPRESS
–> 00000007-3CD72621.av$
[2] Archive type: CAB SFX (self extracting)
–> \AGENTNT_T\SAGENTNT.EXE
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Fichiers communs\Microsoft Shared\bus.exe
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Microsoft Shared\Nlq.exe
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Microsoft Shared\ZgGlj.exe
[WARNING] The file could not be opened!
C:\WINDOWS\McAfee-Center.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\netvqdbg.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\winqzupd.dll
[WARNING] The file could not be opened!
Begin scan in ‘E:’
Begin scan in ‘F:’

End of the scan: mercredi 20 août 2008 20:43
Used time: 5:42:52 Hour(s)

The scan has been done completely.

11633 Scanning directories
578176 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
8 Files cannot be scanned
578168 Files not concerned
6533 Archives were scanned
9 Warnings
0 Notes

Merci de vote aide :slight_smile:

guigui14100
Hier 00h 04mn 45s

Ouvre hij****his coche
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O20 - Winlogon Notify: ljJCsqPf - ljJCsqPf.dll (file missing)
Fichier infectieux
O2 - BHO: (no name) - {20EE00CD-7A9D-90DF-F66A-CE9617C4E174} - (no file)
O2 - BHO: (no name) - {C965ECA2-2AFA-49EB-B7FF-2425E650560F} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - (no file)
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - install.anark.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - www.nvidia.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - www.nvidia.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - support.f-secure.com
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - www.systemrequirementslab.com
Fichier inutile

Et fait fixed checked

Upload c’est fichier sur virus total
c:\windows\mcafee-center.exe
C:\WINDOWS\system32\netvqdbg.exe
C:Program… Files\Fichiers communs\Justdo\IECatcher.DLL
c:\windows\system32\winqzupd.dll
Et colle les rapports

xio
Hier 00h 56mn 15s

Tout d’abord merci de ton coup de main…

Voici le nouveau rapport

Logfile of Trend Micro Hij****his v2.0.2
Scan saved at 00:45:56, on 23/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Séverine\Local Settings\Temporary Internet Files\Content.IE5\0R332DMA\Hij****his[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,“c:\windows\mcafee-center.exe”,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:Program… Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2Office12EXCEL.EXE…
O8 - Extra context menu item: Save Flash with Flash Catcher - C:Program… Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un favori mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra ‘Tools’ menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll
O15 - Trusted Zone: www.secuser.com
O16 - DPF: fdjeux - www.fdjeux.net
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - components.metastream.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photobox.fr
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com
O20 - AppInit_DLLs: zinforms.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Access Procedur Protect - Unknown owner - C:\WINDOWS\system32\protect.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe


End of file - 11330 bytes

Si je suis ta logique tu n’aurais pas oublié O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
? ^^

Pour ce qui est de virus total tous les fichiers dans c:/windows/… n’ont pas été recu (j’ai le message"0 bytes size received"
pour celui dans programme files voici le rapport :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.21.0 2008.08.22 -
AntiVir 7.8.1.23 2008.08.22 -
Authentium 5.1.0.4 2008.08.23 -
Avast 4.8.1195.0 2008.08.22 -
AVG 8.0.0.161 2008.08.22 -
BitDefender 7.2 2008.08.23 -
CAT-QuickHeal 9.50 2008.08.22 -
ClamAV 0.93.1 2008.08.23 -
DrWeb 4.44.0.09170 2008.08.22 -
eSafe 7.0.17.0 2008.08.21 -
eTrust-Vet 31.6.6040 2008.08.22 -
Ewido 4.0 2008.08.22 -
F-Prot 4.4.4.56 2008.08.23 -
F-Secure 7.60.13501.0 2008.08.22 -
Fortinet 3.14.0.0 2008.08.22 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.22 -
K7AntiVirus 7.10.425 2008.08.22 -
Kaspersky 7.0.0.125 2008.08.23 -
McAfee 5368 2008.08.22 -
Microsoft 1.3807 2008.08.23 -
NOD32v2 3381 2008.08.22 -
Norman 5.80.02 2008.08.22 -
Panda 9.0.0.4 2008.08.22 -
PCTools 4.4.2.0 2008.08.22 -
Prevx1 V2 2008.08.23 -
Rising 20.58.42.00 2008.08.22 -
Sophos 4.32.0 2008.08.23 -
Sunbelt 3.1.1571.1 2008.08.22 -
Symantec 10 2008.08.23 -
TheHacker 6.3.0.6.058 2008.08.22 -
TrendMicro 8.700.0.1004 2008.08.22 -
VBA32 3.12.8.4 2008.08.22 -
ViRobot 2008.8.22.1346 2008.08.22 -
VirusBuster 4.5.11.0 2008.08.22 -
Webwasher-Gateway 6.6.2 2008.08.22 -
Information additionnelle
File size: 147456 bytes
MD5…: 62ddbd414bf762d166a58085514819a4
SHA1…: 0f19c53c18ea71670492b414163ea2bbc81bf971
SHA256: 855d3666555d951226e3d3ae23297fca91c661642f4d56053ed9b7ca70a95ffc
SHA512: d732fa1371a35db1451e60c2821a783841c32ba7abc68c6f34f8ade3f23ff5cb
0ba3ab4c6256af911116ecfa50a3c6c2138c04ad0a55795477f8796787ec166b
PEiD…: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000d749
timedatestamp…: 0x44191def (Thu Mar 16 08:12:31 2006)
machinetype…: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11542 0x12000 6.46 adb1758e55496af5bcf673ef810ffcbd
.rdata 0x13000 0x3756 0x4000 4.58 1db6202d85e3423629feea0a8b12a407
.data 0x17000 0x3a44 0x4000 1.47 cffcb62b77c87ba3f14b4a8a24458f1f
.rsrc 0x1b000 0x5208 0x6000 4.70 8d822d8afa489a03a76a6a90fa6ded78
.reloc 0x21000 0x209c 0x3000 3.75 58f1ae38da8a513733919db6627dafd7

( 10 imports )

KERNEL32.dll: DisableThreadLibraryCalls, GetShortPathNameA, GetModuleHandleA, FreeLibrary, SizeofResource, GetLastError, LoadLibraryExA, lstrcmpiA, OutputDebugStringA, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, GetProcAddress, LoadLibraryA, lstrcpyA, lstrcatA, CreateThread, OpenFile, LocalFree, DebugBreak, GetSystemDefaultLangID, FlushInstructionCache, WideCharToMultiByte, GetCurrentProcess, GetCurrentThreadId, lstrcmpA, InterlockedIncrement, lstrcpynA, IsDBCSLeadByte, GetModuleFileNameA, GlobalHandle, GlobalAlloc, FindResourceA, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, GetEnvironmentVariableA, GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, GetStringTypeA, HeapSize, TerminateProcess, ExitProcess, TlsGetValue, SetLastError, TlsFree, TlsAlloc, TlsSetValue, RaiseException, GetVersion, GetCommandLineA, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, InterlockedDecrement, Sleep, GetVersionExA, FreeResource, GlobalFree, GetEnvironmentStringsW, WriteFile, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, LockResource, GlobalLock, LoadResource, lstrlenW, LCMapStringW, MultiByteToWideChar, lstrlenA, LeaveCriticalSection, EnterCriticalSection, GlobalUnlock, LCMapStringA
USER32.dll: RegisterClassExA, DialogBoxIndirectParamA, RegisterWindowMessageA, MessageBoxA, LoadCursorA, LoadStringA, SetCursor, CharNextA, wvsprintfA, GetMenu, GetActiveWindow, EndDialog, DestroyWindow, ShowWindow, wsprintfA, SendMessageA, EnableWindow, GetDlgItem, AdjustWindowRectEx, IsWindowEnabled, DrawEdge, GetSystemMetrics, InflateRect, DrawFocusRect, KillTimer, ClientToScreen, PtInRect, GetDlgCtrlID, GetCapture, SetTimer, UpdateWindow, CreateWindowExA, GetClassNameA, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableA, GetDC, GetDesktopWindow, ReleaseDC, RedrawWindow, IsWindow, BeginPaint, FillRect, EndPaint, CallWindowProcA, GetFocus, IsChild, SetFocus, GetSysColor, GetParent, GetWindowRect, SystemParametersInfoA, GetClientRect, MapWindowPoints, SetWindowPos, CreateDialogIndirectParamA, CheckRadioButton, GetWindowLongA, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, SetWindowLongA, GetWindow, DefWindowProcA, GetClassInfoExA
GDI32.dll: CreateCompatibleBitmap, BitBlt, SelectObject, DeleteDC, DeleteObject, CreateSolidBrush, CreateCompatibleDC, GetObjectA, GetStockObject, GetDeviceCaps, TextOutA, CreateFontIndirectA
ADVAPI32.dll: RegQueryInfoKeyA, RegCloseKey, RegEnumKeyExA, RegCreateKeyExA, RegSetValueExA, RegEnumValueA, RegDeleteKeyA, RegQueryValueExA, RegDeleteValueA, RegOpenKeyExA
SHELL32.dll: SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc
ole32.dll: StringFromCLSID, CoTaskMemAlloc, CoTaskMemRealloc, OleLockRunning, OleInitialize, CreateStreamOnHGlobal, CoTaskMemFree, CoCreateInstance, CLSIDFromString, CLSIDFromProgID, OleUninitialize
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
WININET.dll: InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetCloseHandle
urlmon.dll: URLDownloadToFileA
COMCTL32.dll: ImageList_Draw, ImageList_Destroy, _TrackMouseEvent, ImageList_GetIconSize

Merci encore :slight_smile:
Edité le 23/08/2008 à 00:57

cricri58
Hier 04h 36mn 45s

Bonjour

Tas Avira Antivivir Bien ,mais pas de Firewall moins bien
PC Tools Firewall Plus
www.clubic.com
ou
Sunbelt Personal Firewall
www.clubic.com
ou
www.commentcamarche.net
Tutoriel
www.malekal.com

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - (no file)
celui pas beau

O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll
Inconnu
O20 - AppInit_DLLs: zinforms.dll

alain77310
Hier 14h 35mn 18s

:hello: cricri58
a fixer
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”

O10 - Unknown file in Winsock LSP: c:\windows\system32\winqzupd.dll Ne pas effacer cette inscription manuellement, essayez plutôt de vous en débarrasser avec le programm lsp_fix.

guigui14100
Hier 18h 52mn 48s

Je te prépare un script de désinsfection;) (aprés le combofix)


Utilise combofix
Laisse le travailler et colle le rapport :wink:
Edité le 23/08/2008 à 18:53

Rapport combofix :
ComboFix 08-08-23.03 - Séverine 2008-08-24 21:18:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.871 [GMT 2:00]
Endroit: C:\Documents and Settings\Séverine\Mes documents\Téléchargement\ComboFix2.exe

  • Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Séverine\Bureaublackbird.jpg
C:\Documents and Settings\Séverine\BureauEditorFKWP1.5.exe
C:\Documents and Settings\Séverine\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Séverine\Bureaufilemanagerclient.exe
C:\Documents and Settings\Séverine\Bureaufkwp1.5.exe
C:\Documents and Settings\Séverine\Bureaufkwp2.0.exe
C:\Documents and Settings\Séverine\Bureaufwebd.exe
C:\Documents and Settings\Séverine\BureauFWebdEditor.exe
C:\Documents and Settings\Séverine\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Séverine\Bureauvirii
C:\WINDOWS\10.tmp
C:\WINDOWS\12.tmp
C:\WINDOWS\system32\EegMUvut.ini
C:\WINDOWS\system32\EegMUvut.ini2
C:\WINDOWS\system32\gyxknjfw.ini
C:\WINDOWS\system32\k11288966053.exe
C:\WINDOWS\system32\llk1128896596.h
C:\WINDOWS\system32\llk1191968574.h
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\system

----- BITS: Possible sites infect?s -----

72.232.8.204…
.
((((((((((((((((((((((((((((( Fichiers cr??s 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))))))))
.

2008-08-21 04:13 . 2008-08-21 04:13 d-------- C:\WINDOWS\nview
2008-08-21 04:13 . 2008-08-24 21:27 186,097 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-21 04:13 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-21 01:54 . 2008-08-21 01:54 d-------- C:\Program Files\REGSHAVE
2008-08-21 01:54 . 2008-08-21 02:19 d-------- C:\Program Files\FinePixViewer
2008-08-21 01:54 . 2003-09-03 16:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-08-21 01:54 . 2006-07-12 14:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-08-21 01:54 . 2004-07-24 21:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-08-21 01:54 . 2001-11-25 22:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-08-21 01:54 . 2002-02-06 03:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-08-21 01:54 . 2002-02-27 22:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-08-21 01:54 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-08-21 01:54 . 2002-02-13 21:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-08-20 03:58 . 2003-10-08 18:10 262,144 --a------ C:\WINDOWS\AN8B1007.BIN
2008-08-20 02:28 . 2008-08-20 03:58 221,012 --a------ C:\WINDOWS\AN8B1007.zip
2008-08-20 00:25 . 2000-03-29 16:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-08-18 15:22 . 2008-08-18 15:22 d-------- C:\WINDOWS\system32\fr
2008-08-18 03:57 . 2008-08-18 03:51 25,820,945 --a------ C:\WINDOWS\LPT$VPN.481
2008-08-18 03:51 . 2008-08-18 03:51 1,964,523 --a------ C:\WINDOWS\tsc.ptn
2008-08-18 03:51 . 2008-08-18 03:51 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-08-18 03:51 . 2008-08-18 03:51 333,576 --a------ C:\WINDOWS\TSC.exe
2008-08-18 03:51 . 2008-08-18 03:51 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-08-18 03:51 . 2008-08-18 03:51 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-08-18 03:51 . 2008-08-20 01:54 823 --a------ C:\WINDOWS\tsc.ini
2008-08-18 03:50 . 2008-08-18 03:51 d-------- C:\WINDOWS\AU_Temp
2008-08-18 03:50 . 2008-08-18 03:51 25,820,945 --a------ C:\WINDOWS\VPTNFILE.481
2008-08-18 03:50 . 2008-08-18 03:50 170 --a------ C:\WINDOWS\GetServer.ini
2008-08-18 03:37 . 2008-08-18 03:50 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-08-18 03:37 . 2008-08-18 03:50 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-08-18 03:37 . 2008-08-18 03:50 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-08-17 13:53 . 2008-06-14 19:33 272,768 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-17 04:53 . 2008-08-17 04:53 d-------- C:\WINDOWS\l2schemas
2008-08-17 00:43 . 2008-08-17 14:11 d-------- C:\Program Files\Sarkophage
2008-08-15 13:52 . 2008-08-15 13:52 d-------- C:\Documents and Settings\LocalService.AUTORITE NT.001\Mes documents
2008-08-13 15:56 . 2008-08-13 15:56 d-------- C:\Program Files\Avira
2008-08-13 15:56 . 2008-08-13 15:56 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-08-13 13:37 . 2005-06-29 03:49 74,240 --a------ C:\WINDOWS\system32\SETE2.tmp
2008-08-13 12:55 . 2008-04-11 21:05 691,712 -----c— C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 02:19 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 11:04 . 2008-08-10 11:04 52,324 -ra------ C:\WINDOWS\system32\netvqdbg.exe
2008-08-10 11:04 . 2008-08-10 11:04 37,031 -ra------ C:\WINDOWS\system32\winqzupd.dll
2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 08:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-08-24 00:17 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-24 00:17 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-22 00:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 23:52 --------- d-----w C:\Program Files\DivX
2008-08-21 00:19 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-20 22:51 --------- d-----w C:\Program Files\MSN Messenger
2008-08-17 14:34 --------- d-----w C:\Program Files\Fastlab Print Service
2008-08-17 14:34 --------- d-----w C:\Program Files\Calculateur de Spellcraft
2008-08-13 11:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-08-13 01:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-12 00:22 --------- d-----w C:\Program Files\Malwarebytes’ Anti-Malware
2008-08-10 09:02 --------- d-----w C:\Program Files\Google
2008-08-04 09:48 --------- d-----w C:\Program Files\QuickTime
2008-07-30 18:07 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-10 12:22 --------- d-----w C:\Program Files\Azureus
2008-07-08 00:27 --------- d-----w C:\Program Files\ASUS LifeFrame
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es(5).dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es(3).dll
2008-07-03 01:04 2,560 ----a-w C:\WINDOWS_MSRSTRT.EXE
2008-07-03 01:02 --------- d-----w C:\Program Files\livredephotos
2008-07-03 01:02 --------- d-----w C:\Program Files\Extrafilm FotoFacil
2008-07-01 16:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-07-01 16:27 --------- dcsh–w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-01 16:27 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-25 23:52 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms(4).dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock(4).dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dnsapi(4).dll
2005-04-02 19:19 5,120 --sha-w C:\Program Files\Thumbs.db
2005-01-18 09:40 79,673 ----a-w C:\Program Files\UNINST.ISU
1998-02-25 17:59 199,978 ----a-r C:\Program Files\MAIN.BMP
2004-03-01 11:25 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll
2006-06-13 13:10 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 04:33 15360]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe” [2006-06-21 01:20 1211176]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 06:24 286720]
“TkBellExe”=“C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” [2008-07-17 22:57 185896]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-06-12 14:28 266497]
“REGSHAVE”=“C:\Program Files\REGSHAVE\REGSHAVE.EXE” [2002-02-04 22:32 53248]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-05-16 14:01 13529088]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-05-16 14:01 86016]
“nwiz”=“nwiz.exe” [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
“RegisterDropHandler”=“C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE” [1998-12-14 10:42 23040]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 04:33 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
“2201092326”=“C:\WINDOWS\system32\netvqdbg.exe” [2008-08-10 11:04 52324]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=“c:\windows\system32\userinit.exe,“c:\windows\mcafee-center.exe”,”

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3acm”= l3codecp.acm
“vidc.DIV3”= DivXc32.dll
“vidc.DIV4”= DivXc32f.dll
“msacm.divxa32”= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^desktop(2).ini]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\desktop(2).ini
backup=C:\WINDOWS\pss\desktop(2).iniCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2007.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2007.lnk
backup=C:\WINDOWS\pss\Hyperappel du Petit Larousse 2007.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d’Adobe Reader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d’Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d’Adobe Reader.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^ScanPanel.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\ScanPanel.lnk
backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^Séverine^Menu Démarrer^Programmes^Démarrage^dcu.lnk]
path=C:\Documents and Settings\Séverine\Menu Démarrer\Programmes\Démarrage\dcu.lnk
backup=C:\WINDOWS\pss\dcu.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Séverine^Menu Démarrer^Programmes^Démarrage^DeliveryManager.lnk]
path=C:\Documents and Settings\Séverine\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk
backup=C:\WINDOWS\pss\DeliveryManager.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Séverine^Menu Démarrer^Programmes^Démarrage^reminder.lnk]
path=C:\Documents and Settings\Séverine\Menu Démarrer\Programmes\Démarrage\reminder.lnk
backup=C:\WINDOWS\pss\reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
–a------ 2007-10-07 17:08 140568 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
–a------ 2007-10-07 17:36 904880 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
–a------ 2007-12-22 09:20 222080 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
–a------ 2004-12-16 17:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
–a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
–a------ 2005-07-22 10:42 1519616 C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
–a------ 2006-11-22 22:10 151552 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
–a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
–a------ 2001-08-28 16:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
–a------ 2004-08-04 07:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
–a------ 2004-03-24 18:41 1294446 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
–a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
–a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
–a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
–a------ 2008-07-17 22:57 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
–a------ 2007-10-07 17:01 2620336 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast2KLoadDefault]
–a------ 2008-04-13 14:32 668672 C:\WINDOWS\system32\WF2KCPL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFoxV2]
–a------ 2008-04-13 14:33 1490944 C:\WINDOWS\system32\Wf2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
–a------ 2005-08-31 12:54 3084288 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
–a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
–a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\ASUS\AsusUpdate\Update.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\Yahoo!\Messenger\YPager.exe”=
“C:\Program Files\Yahoo!\Messenger\YServer.exe”=
“C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe”=
“C:\Program Files\Real\RealPlayer\realplay.exe”=
“C:\Program Files\iTunes\iTunes.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“C:\Program Files\Wolfenstein - Enemy Territory\ET.exe”=
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\TrackMania Nations ESWC Special Edition\TmNationsESWC.exe”=
“C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe”=
“C:\Program Files\CyberLink\PCM4Everio\EverioService.exe”=
“C:\WINDOWS\system32\WinFox\Living\wfupdate.exe”=
“C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“6712:TCP”= 6712:TCP:azureus
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-04-15 17:51]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 11:19]
S2 Remote Access Procedur Protect;Remote Access Procedur Protect;C:\WINDOWS\system32\protect.exe []
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys [2001-06-07 17:56]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids00089;ids00089;C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00089.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7df2645b-0a21-11dd-a88b-00195b758ab3}]
\Shell\AutoRun\command - H:\setup.exe
.
Contenu du dossier ‘Scheduled Tasks/T?ches planifi?es’

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
    .
        • ORPHANS REMOVED - - - -

HKLM-RunServices-MS MSN Menssenger 7.0 - MSMSN7.exe
HKU-Default-Run-MS MSN Menssenger 7.0 - MSMSN7.exe
MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-Acrobat Assistant 7 - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-AVPSrv - C:\WINDOWS\AVPSrv.exe
MSConfigStartUp-gegewwwghg - c:\windows\system32\gegewwwghg.exe
MSConfigStartUp-GenProtect - C:\WINDOWS\slnjuw.exe
MSConfigStartUp-jfotoxvz - C:\WINDOWS\system32\jkxqngly.exe
MSConfigStartUp-Kvsc3 - C:\WINDOWS\Kvsc3.exe
MSConfigStartUp-MailSkinner - c:\program files\mailskinner\mailskinner.exe
MSConfigStartUp-mppds - C:\WINDOWS\mppds.exe
MSConfigStartUp-msccrt - C:\WINDOWS\msccrt.exe
MSConfigStartUp-MsIMMs32 - C:\WINDOWS\MsIMMs32.exe
MSConfigStartUp-NVMixerTray - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
MSConfigStartUp-PaperPort PTD - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
MSConfigStartUp-SSBkgdUpdate - C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Zone Labs Client - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
MSConfigStartUp-MS MSN Menssenger 7 - MSMSN7.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Séverine\Application Data\Mozilla\Firefox\Profiles\qizamhbx.default
.
.
------- File Associations (Beta) -------
.
scrfile="%1" %*
.


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-08-24 21:27:44
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach?s …

Balayage cach? autostart entries …

Balayage des fichiers cach?s …

Scan termin? avec succ?s
Les fichiers cach?s: 0


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UpdZkn]

.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\WINDOWS\McAfee-Center.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\WgaTray.exe
.


.
Temps d’accomplissement: 2008-08-24 21:34:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 19:34:18

Pre-Run: 36,115,083,264 octets libres
Post-Run: 36,049,817,600 octets libres

351 — E O F — 2008-08-18 16:30:50

Voilà :slight_smile:
Edité le 26/08/2008 à 00:20

Pour un peu plus de lisibilité, je regroupe ici les liens des deux premiers topics.

Upload c’est fichier sur virus total

Ton amis est encore la :wink:


[quote="Silggins"] Pour un peu plus de lisibilité, je regroupe ici les liens des deux premiers topics. - [le premier](http://www.clubic.com/forum/logiciel-general/trojan-introuvable-rapport-hijackthis-impossible-processus-bizare-id532468-page1.html) -[le deuxième](http://www.clubic.com/forum/logiciel-general/ah-bah-je-peux-pas-lire-mon-topic-car-j-ai-mis-le-mot-interdit-id532478-page1.html) Sur ce, je ferme les deux premiers topics (histoire de centraliser un tantinet). [/quote] +1 merci

Résultats des analyses sur virus total :

Rien a signaler pour les fichiers non cités ci-dessous. POur les autes j’ai rajouté le résultat ou un commentaire décrivant les difficultés.

Fichier VC4CB104.SYS reçu le 2008.06.30 16:25:16 (CET)
Situation actuelle: terminé

Résultat: 1/32 (3.12%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen!80 (suspicious)

Information additionnelle
MD5: 4372398a6ae42586eb1c6533dd3b575d
SHA1: 9c0d789f5e54df57884ac307e781d90b6c32561e
SHA256: 4ddc23f9f6ee2a817f61116725ea5b6e09603c07088ee73d4c41c020acc4dfa5
SHA512: c104873f830a493580f0f0e8784eba90b447b2ef37e5996b8fe497247ee9ecc686df053dbdf37d6a410a773e3bd509383f61df963c03f56a3a0b6a51e11e1faf

Certains fichiers sont trop gros pour etre scanné sur virus total (24.8Mo) :
C:\WINDOWS\LPT$VPN.481
et
C:\WINDOWS\VPTNFILE.481

je n’ai pas trouvé ces fichiers :confused:C:\WINDOWS\system32\dllcache\inetcomm.dll (dossier dllcache absent)
C:\Program Files\Thumbs.db

C:\WINDOWS\AU_Temp est un dossier avec plusieurs sous dossiers et fichiers…que dois-je faire avec?
C:\WINDOWS\system32\netvqdbg.exe c’est un fichier exécutable et visiblement pas envoyable / analysable par virus total

Merci encore :slight_smile:

Rien a signaler d’aprés mes propre recherche :wink:

Ton problème est il toujours présent?

Je n’ai pas eu d’alerte de mon antivirus pour “TR/Dropper.Gen Trojan” pour le moment…

Sinon je ne peux toujours pas afficher de page avec le mot interdit (hij*****his)

:slight_smile:

Utilise vundofix

Ensuite Met a jour ton antivirus et lance un scan en mode sans échec
Tu peut faire de meme avec MBAM


Jai oubliai de te faire faire sa:

Désactive tes protections
Télécharge ce fichier puis fait le glisser sur combofix

Y a du neuf.

Vundofix n’a rien trouvé en revanche Avira détecte maintenant (au démarrage) le fameux fichier exécutable C:\WINDOWS\McAfee-Center.exe (dont j’avais parlé au début du post) comme un trojan dénommé TR/Agent.DCG.
Par contre en mode sans echec quand je le fait scanner par antivir… il ne peut pas l’ouvrir, donc pas l’analyser et, ce qui est bizare, c’est qu’il ne me l’indique pas comme un trojan :confused:

Sinon je l’ai mis en quarantaine puis supprimer…mais bien sûr il est toujours là après avoir redemarrer (deux messages successifs d’antivir).

Quand j’essaye de le supprimer manuellement j’ai les messages suivants :
Mc-afee center est en lecture seul voulez-vous le supprimer…je clique oui… cela me répond :
" impossible de le supprimer il est utilisé par une autre personne ou par un autre programme"
ou
“impossible de supprimer McAfee-Center : accès refusé vérifiez que le disque n’est pas plein ou protégé en écriture et que le fichier n’est pas utilisé actuellement”

Voilà pour les news…une idée pour s’en débarasser ?

Thx :slight_smile:
Edité le 25/08/2008 à 01:24

J’avai de sérieux doute sur ce fichier, on va le supprimer a l’aide de combofix, je prépare le script


1°) Envoie C:\WINDOWS\McAfee-Center.exe sur [upload.malekal.com...](http://upload.malekal.com/)

2°)Télécharge ce fichier, redémarre en mode sans échec, puis fait glisser le fichier sur combofix

Apres repost un hijackthis

bonjour

T as un bon Antivirus Avira :super:
mais pas de Firewall
PC Tools Firewall Plus
www.clubic.com…
ou
Sunbelt Personal Firewall
www.clubic.com…
ou COMMODO Firewall Pro


que de Monde sur le premier Log Hijckthis

:super:
:hello:

Bonjour, je ne sais pas si cela peu aider mais j’ai trouvé ceci sur Google (Page en Espagnol mais traduite en français) :

Eliminer McAfee-Center.exe, repére le message où ils proposent AGVPFIX de Nod32.

Impossible d’upload le fichier sur malekal.

En revanche la suppression semble avoir fonctionné:super:, je n’ai pas eu d’alerte lors du demarrage suivant mais je retrouve néamoins le fichier dans la quanrantaine de l’antivirus (que je vais purger) et… dans :
C:\WINDOWS\Prefetch…je passe un coup d’ ATF cleaner?

Autre bonne nouvelle j’ai reussi à faire un rapport hija***is que voici :

Logfile of Trend Micro Hija***his v2.0.2
Scan saved at 13:51:10, on 25/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Séverine\Bureau\severine2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM…\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program… Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O8 - Extra context menu item: Save Flash with Flash Catcher - C:\Program… Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un favori mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra ‘Tools’ menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.secuser.com…
O16 - DPF: fdjeux - www.fdjeux.net…
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photobox.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Access Procedur Protect - Unknown owner - C:\WINDOWS\system32\protect.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe


End of file - 10683 bytes

Je vais de ce pas installer un fire wall.

Merci encore :slight_smile:

Dans hijackthsi selectionne

Et fait fixed checked


Et sa ossi[quote=""] O4 - HKLM\..\Policies\Explorer\Run: [2201092326] "C:\WINDOWS\system32\netvqdbg.exe" [/quote]

Voilà,

J’ai installé PC tool, fait tourné ATF cleaner et fixé les deux éléments que tu m’as indiqué… Je joins un nouveau rapport hijack par acquis de conscience, mais je crois que c’est bon là ? :smiley: Qu’en penses-tu ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:08, on 25/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Séverine\Bureau\severine2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM…\Policies\Explorer\Run: [2201092326] “C:\WINDOWS\system32\netvqdbg.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program… Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O8 - Extra context menu item: Save Flash with Flash Catcher - C:\Program… Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un favori mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra ‘Tools’ menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.secuser.com…
O16 - DPF: fdjeux - www.fdjeux.net…
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photobox.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Access Procedur Protect - Unknown owner - C:\WINDOWS\system32\protect.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe


End of file - 10931 bytes

:o)

Oui normalement sa doit etre bon :wink:

Cool, alors il est temps pour moi de te dire un enorme… MERCI !!!:clap::clap::clap::clap:

@ bientôt peut être :wink: