A voir également:
- Redirection liens google + logiciels HS
- Dns google - Guide
- Google maps satellite - Guide
- Google earth - Télécharger - 3D
- Créer un compte google - Guide
- Google meet pour pc - Télécharger - Messagerie
6 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 déc. 2008 à 11:37
21 déc. 2008 à 11:37
slt,
télécharge combofix (par sUBs) ici renommé en killfix :
http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe (killfix.exe) et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
télécharge combofix (par sUBs) ici renommé en killfix :
http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe (killfix.exe) et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 déc. 2008 à 13:19
21 déc. 2008 à 13:19
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(tout mettre nen debutant par :files )
:files
\systemroot\system32\drivers\TDSSmqlt.sys
:processus
explorer.exe
:reg
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmqlt.sys"
:services
TDSSSERV
TDSSmqlt
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________
initialise firefox
http://www.commentcamarche.net/faq/sujet 9525 reinitialiser firefox reset
____________________
puis
dis si encore des soucis et
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(tout mettre nen debutant par :files )
:files
\systemroot\system32\drivers\TDSSmqlt.sys
:processus
explorer.exe
:reg
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmqlt.sys"
:services
TDSSSERV
TDSSmqlt
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________
initialise firefox
http://www.commentcamarche.net/faq/sujet 9525 reinitialiser firefox reset
____________________
puis
dis si encore des soucis et
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Ca se présente plutot bien :-))
IE redevient fluide + liens google OK, pas de telechargement intempestif
Spybot refonctionne, il me trouve des Trojan
Ad Aware : les mises à jour ne sont toujours pas possible, mais je m'en passerai
défragmentation du disque toujours impossible, mais c'est peut-etre un utre probleme
A toute fin utile, ci dessous les 3 rapports OTMoveIt; RSIT log et info
OTMoveIT
========== FILES ==========
File/Folder \systemroot\system32\drivers\TDSSmqlt.sys not found.
Error: Unable to interpret <:processus > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys\\ not found.
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys\\"imagepath"|"\systemroot\system32\drivers\TDSSmqlt.sys" /E : value set successfully!
========== SERVICES/DRIVERS ==========
Unable to stop service TDSSSERV .
Unable to stop service TDSSmqlt .
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_132754
RSIT (log)
Logfile of random's system information tool 1.05 (written by random/random)
Run by Propriétaire at 2008-12-21 13:36:50
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 81 GB (73%) free of 110 GB
Total RAM: 511 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:01, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xeoo.com/?p=h&a=ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3134] command /c del "C:\WINDOWS\system32\TDSStkdu.log_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7007] cmd /c del "C:\WINDOWS\system32\TDSStkdu.log_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5031] command /c del "C:\WINDOWS\system32\TDSStkdu.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9380] cmd /c del "C:\WINDOWS\system32\TDSStkdu.log"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4554] command /c del "C:\WINDOWS\system32\TDSStkdu.log_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9246] cmd /c del "C:\WINDOWS\system32\TDSStkdu.log_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7526] command /c del "C:\WINDOWS\system32\TDSStkdu.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9021] cmd /c del "C:\WINDOWS\system32\TDSStkdu.log"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
IE redevient fluide + liens google OK, pas de telechargement intempestif
Spybot refonctionne, il me trouve des Trojan
Ad Aware : les mises à jour ne sont toujours pas possible, mais je m'en passerai
défragmentation du disque toujours impossible, mais c'est peut-etre un utre probleme
A toute fin utile, ci dessous les 3 rapports OTMoveIt; RSIT log et info
OTMoveIT
========== FILES ==========
File/Folder \systemroot\system32\drivers\TDSSmqlt.sys not found.
Error: Unable to interpret <:processus > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys\\ not found.
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys\\"imagepath"|"\systemroot\system32\drivers\TDSSmqlt.sys" /E : value set successfully!
========== SERVICES/DRIVERS ==========
Unable to stop service TDSSSERV .
Unable to stop service TDSSmqlt .
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_132754
RSIT (log)
Logfile of random's system information tool 1.05 (written by random/random)
Run by Propriétaire at 2008-12-21 13:36:50
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 81 GB (73%) free of 110 GB
Total RAM: 511 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:01, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xeoo.com/?p=h&a=ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3134] command /c del "C:\WINDOWS\system32\TDSStkdu.log_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7007] cmd /c del "C:\WINDOWS\system32\TDSStkdu.log_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5031] command /c del "C:\WINDOWS\system32\TDSStkdu.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9380] cmd /c del "C:\WINDOWS\system32\TDSStkdu.log"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4554] command /c del "C:\WINDOWS\system32\TDSStkdu.log_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9246] cmd /c del "C:\WINDOWS\system32\TDSStkdu.log_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7526] command /c del "C:\WINDOWS\system32\TDSStkdu.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9021] cmd /c del "C:\WINDOWS\system32\TDSStkdu.log"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 déc. 2008 à 15:44
21 déc. 2008 à 15:44
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Moi qui croyait que c'était fini...
Ad Aware fonctionne, defragmentation aussi. Merci beaucoup
Comme je ne suis pas doué, j'ai fait 2 SDFix : 1 comme proprietaire (1er rapport), l'autre comme administrateur (2nd)
PROPRIETAIRE
[b]SDFix: Version 1.240 [/b]
Run by Propri‚taire on 21/12/2008 at 17:13
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\TDSSlxwp.dll - Deleted
C:\WINDOWS\system32\TDSSosvd.dat - Deleted
C:\WINDOWS\system32\TDSStkdu.log - Deleted
Could Not Remove C:\WINDOWS\system32\TDSSoiqh.dll
Could Not Remove C:\WINDOWS\system32\TDSSbrsr.dll
Could Not Remove C:\WINDOWS\system32\TDSSriqp.dll
Could Not Remove C:\WINDOWS\system32\TDSSxfum.dll
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 17:31:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Propriétaire\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
C:\WINDOWS\system32\TDSSoiqh.dll Found
C:\WINDOWS\system32\TDSSbrsr.dll Found
C:\WINDOWS\system32\TDSSriqp.dll Found
C:\WINDOWS\system32\TDSSxfum.dll Found
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 22 Oct 2004 196 A.SHR --- "C:\BOOT.BAK"
Sat 4 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed 14 Mar 2007 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Wed 12 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Dec 2008 211 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti25.tmp"
Mon 5 Feb 2001 34,331 ...H. --- "C:\Swsetup\Monitors\hp_v72\INSTALL.EXE"
Mon 22 Sep 2003 21,662 A..H. --- "C:\Swsetup\Monitors\hp_v72\SETMON.EXE"
Tue 13 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 7 Feb 2005 20,480 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Marc Antheaume_fichiers\~WRL3037.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Propri‚taire\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished![/b]
ADMINISTRATEUR
[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 21/12/2008 at 17:39
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\drivers\TDSSmqlt.sys - Deleted
C:\WINDOWS\system32\TDSSoiqh.dll - Deleted
C:\WINDOWS\system32\TDSSbrsr.dll - Deleted
C:\WINDOWS\system32\TDSSriqp.dll - Deleted
C:\WINDOWS\system32\TDSSxfum.dll - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 17:46:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 22 Oct 2004 196 A.SHR --- "C:\BOOT.BAK"
Sat 4 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed 14 Mar 2007 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Wed 12 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Dec 2008 211 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti25.tmp"
Mon 5 Feb 2001 34,331 ...H. --- "C:\Swsetup\Monitors\hp_v72\INSTALL.EXE"
Mon 22 Sep 2003 21,662 A..H. --- "C:\Swsetup\Monitors\hp_v72\SETMON.EXE"
Tue 13 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 7 Feb 2005 20,480 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Marc Antheaume_fichiers\~WRL3037.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Propri‚taire\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished![/b]
Ad Aware fonctionne, defragmentation aussi. Merci beaucoup
Comme je ne suis pas doué, j'ai fait 2 SDFix : 1 comme proprietaire (1er rapport), l'autre comme administrateur (2nd)
PROPRIETAIRE
[b]SDFix: Version 1.240 [/b]
Run by Propri‚taire on 21/12/2008 at 17:13
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\TDSSlxwp.dll - Deleted
C:\WINDOWS\system32\TDSSosvd.dat - Deleted
C:\WINDOWS\system32\TDSStkdu.log - Deleted
Could Not Remove C:\WINDOWS\system32\TDSSoiqh.dll
Could Not Remove C:\WINDOWS\system32\TDSSbrsr.dll
Could Not Remove C:\WINDOWS\system32\TDSSriqp.dll
Could Not Remove C:\WINDOWS\system32\TDSSxfum.dll
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 17:31:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Propriétaire\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
C:\WINDOWS\system32\TDSSoiqh.dll Found
C:\WINDOWS\system32\TDSSbrsr.dll Found
C:\WINDOWS\system32\TDSSriqp.dll Found
C:\WINDOWS\system32\TDSSxfum.dll Found
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 22 Oct 2004 196 A.SHR --- "C:\BOOT.BAK"
Sat 4 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed 14 Mar 2007 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Wed 12 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Dec 2008 211 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti25.tmp"
Mon 5 Feb 2001 34,331 ...H. --- "C:\Swsetup\Monitors\hp_v72\INSTALL.EXE"
Mon 22 Sep 2003 21,662 A..H. --- "C:\Swsetup\Monitors\hp_v72\SETMON.EXE"
Tue 13 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 7 Feb 2005 20,480 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Marc Antheaume_fichiers\~WRL3037.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Propri‚taire\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished![/b]
ADMINISTRATEUR
[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 21/12/2008 at 17:39
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\drivers\TDSSmqlt.sys - Deleted
C:\WINDOWS\system32\TDSSoiqh.dll - Deleted
C:\WINDOWS\system32\TDSSbrsr.dll - Deleted
C:\WINDOWS\system32\TDSSriqp.dll - Deleted
C:\WINDOWS\system32\TDSSxfum.dll - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 17:46:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 22 Oct 2004 196 A.SHR --- "C:\BOOT.BAK"
Sat 4 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed 14 Mar 2007 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Wed 12 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Dec 2008 211 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti25.tmp"
Mon 5 Feb 2001 34,331 ...H. --- "C:\Swsetup\Monitors\hp_v72\INSTALL.EXE"
Mon 22 Sep 2003 21,662 A..H. --- "C:\Swsetup\Monitors\hp_v72\SETMON.EXE"
Tue 13 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 7 Feb 2005 20,480 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Marc Antheaume_fichiers\~WRL3037.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Propri‚taire\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished![/b]
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 déc. 2008 à 20:04
21 déc. 2008 à 20:04
pour virer les virus qui seraient dans ta restauration:
désactiver la restauration système (dans DEMARRER puis TOUS LES PROG puis ACCESOIRE puis OUTILS SYSTEME puis DANS RESTAURATION SYSTEME aller dans paramètre et désactiver la restauration)
puis redémarre ton ordi
puis réactive la.
voilà c'est fini!
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware (qui est depassé)ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
désactiver la restauration système (dans DEMARRER puis TOUS LES PROG puis ACCESOIRE puis OUTILS SYSTEME puis DANS RESTAURATION SYSTEME aller dans paramètre et désactiver la restauration)
puis redémarre ton ordi
puis réactive la.
voilà c'est fini!
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware (qui est depassé)ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 déc. 2008 à 18:19
21 déc. 2008 à 18:19
ok parait! pour verifier scan avec antivir après mise a jour et colle le rapport
Voila :
Avira AntiVir Personal
Report file date: dimanche 21 décembre 2008 18:25
Scanning for 1106377 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CHOUCHOU
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 20:27:45
AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 13:27:33
LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 13:27:33
LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 13:27:33
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 19:57:57
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 18:42:39
ANTIVIR2.VDF : 7.1.0.250 342528 Bytes 18/12/2008 13:34:50
ANTIVIR3.VDF : 7.1.1.14 95232 Bytes 19/12/2008 11:47:44
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 19:43:09
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/12/2008 20:52:25
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 20:29:36
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 20:31:22
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 20:54:21
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 20:52:23
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/12/2008 20:52:22
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 20:08:55
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 20:52:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 19:42:59
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 20:30:25
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 19:42:57
AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 13:27:33
AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 13:27:33
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 13:39:47
AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 13:27:33
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 13:27:33
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 13:27:33
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 13:27:29
RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 13:27:29
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 21 décembre 2008 18:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'RaConfig2500.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'PCHButton.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'gearsec.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '60' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Bureau\catchme.zip
[0] Archive type: ZIP
--> TDSSmqlt.sys
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
--> TDSSoiqh.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
--> TDSSbrsr.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
--> TDSSriqp.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
--> TDSSxfum.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.KD back-door program
[NOTE] The file was moved to '49c27d34.qua'!
C:\SDFix\backups\catchme.zip
[0] Archive type: ZIP
--> TDSS9EA1.tmp
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
--> TDSSA325.tmp
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
[NOTE] The file was moved to '49c280f1.qua'!
C:\SDFix\backups_old\catchme.zip
[0] Archive type: ZIP
--> TDSSoiqh.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
--> TDSSbrsr.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
--> TDSSriqp.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
--> TDSSxfum.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.KD back-door program
[NOTE] The file was moved to '49c280f2.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: dimanche 21 décembre 2008 19:05
Used time: 40:22 Minute(s)
The scan has been done completely.
5807 Scanning directories
308558 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
308545 Files not concerned
13085 Archives were scanned
2 Warnings
3 Notes
Avira AntiVir Personal
Report file date: dimanche 21 décembre 2008 18:25
Scanning for 1106377 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CHOUCHOU
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 20:27:45
AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 13:27:33
LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 13:27:33
LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 13:27:33
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 19:57:57
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 18:42:39
ANTIVIR2.VDF : 7.1.0.250 342528 Bytes 18/12/2008 13:34:50
ANTIVIR3.VDF : 7.1.1.14 95232 Bytes 19/12/2008 11:47:44
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 19:43:09
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/12/2008 20:52:25
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 20:29:36
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 20:31:22
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 20:54:21
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 20:52:23
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/12/2008 20:52:22
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 20:08:55
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 20:52:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 19:42:59
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 20:30:25
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 19:42:57
AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 13:27:33
AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 13:27:33
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 13:39:47
AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 13:27:33
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 13:27:33
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 13:27:33
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 13:27:29
RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 13:27:29
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 21 décembre 2008 18:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'RaConfig2500.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'PCHButton.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'gearsec.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '60' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Bureau\catchme.zip
[0] Archive type: ZIP
--> TDSSmqlt.sys
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
--> TDSSoiqh.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
--> TDSSbrsr.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
--> TDSSriqp.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
--> TDSSxfum.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.KD back-door program
[NOTE] The file was moved to '49c27d34.qua'!
C:\SDFix\backups\catchme.zip
[0] Archive type: ZIP
--> TDSS9EA1.tmp
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
--> TDSSA325.tmp
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
[NOTE] The file was moved to '49c280f1.qua'!
C:\SDFix\backups_old\catchme.zip
[0] Archive type: ZIP
--> TDSSoiqh.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
--> TDSSbrsr.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
--> TDSSriqp.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
--> TDSSxfum.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.KD back-door program
[NOTE] The file was moved to '49c280f2.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: dimanche 21 décembre 2008 19:05
Used time: 40:22 Minute(s)
The scan has been done completely.
5807 Scanning directories
308558 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
308545 Files not concerned
13085 Archives were scanned
2 Warnings
3 Notes
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 déc. 2008 à 19:28
21 déc. 2008 à 19:28
vire ce qui est dans backup en allant dans poste de travail puis
C:\SDFix\backups\
vire le fichier catchme de ton bureau
C:\Documents and Settings\Administrateur\Bureau\catchme.zip
vire ce qui est en quarantaine dans antivir
______________
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ok c'est bon
encore des soucis????
C:\SDFix\backups\
vire le fichier catchme de ton bureau
C:\Documents and Settings\Administrateur\Bureau\catchme.zip
vire ce qui est en quarantaine dans antivir
______________
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ok c'est bon
encore des soucis????
Pour moi, c'est nickel, le feu peut passer au vert
Merci beaucoup
Pour ma culture personnelle, est ce que antivir, spybot, ad aware sont suffisants / pertinents pour protéger l'ordinateur ?
[ Rapport ToolsCleaner version 2.2.8 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\SdFix.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\Rsit.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\SdFix.exe: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Merci beaucoup
Pour ma culture personnelle, est ce que antivir, spybot, ad aware sont suffisants / pertinents pour protéger l'ordinateur ?
[ Rapport ToolsCleaner version 2.2.8 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\SdFix.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\Rsit.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\SdFix.exe: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\DEPANNAGE\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
21 déc. 2008 à 12:20
ComboFix 08-12-20.01 - Propriétaire 2008-12-21 12:07:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.270 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\Killfix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\setup.inf
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-21 au 2008-12-21 ))))))))))))))))))))))))))))))))))))
.
2008-12-17 00:04 . 1998-06-24 13:00 244,024 --a------ c:\windows\system32\MSFLXGRD.OCX
2008-12-17 00:04 . 2000-05-22 17:00 203,976 --a------ c:\windows\system32\richtx32.ocx
2008-12-17 00:04 . 2004-03-09 13:00 132,880 --a------ c:\windows\system32\MSINET.OCX
2008-12-16 23:38 . 2008-12-16 23:38 <REP> d-------- c:\program files\Trend Micro
2008-12-14 19:49 . 2008-12-14 19:49 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-04 19:40 . 2008-12-04 19:40 <REP> d-------- c:\program files\PDFCreator
2008-12-04 19:40 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-12-04 19:40 . 1998-07-13 02:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2008-12-04 19:40 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-12-04 19:40 . 1998-07-13 02:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2008-12-04 19:40 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2008-12-04 19:40 . 1998-07-13 02:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
2008-12-04 19:40 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2008-12-04 19:34 . 2008-12-04 19:34 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Image Zone Express
2008-12-02 21:51 . 2008-12-02 21:51 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-02 21:18 . 2008-12-02 21:18 <REP> d-------- C:\temp
2008-11-30 23:09 . 2008-11-30 23:09 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-30 23:06 . 2008-11-30 23:06 <REP> d-------- c:\program files\Hewlett-Packard
2008-11-30 23:02 . 2008-11-30 23:17 136,526 --a------ c:\windows\HPHins12.dat
2008-11-30 23:02 . 2006-06-12 23:21 14,916 --------- c:\windows\hphmdl12.dat
2008-11-24 18:41 . 2008-12-20 20:40 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\U3
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 09:10 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-20 19:21 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-20 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 11:54 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-14 18:50 --------- d-----w c:\program files\Lavasoft
2008-12-13 13:32 50,074 ----a-w c:\documents and settings\Propriétaire\Application Data\wklnhst.dat
2008-12-02 20:52 --------- d-----w c:\program files\HP
2008-11-30 22:25 --------- d-----w c:\documents and settings\Propriétaire\Application Data\HP
2008-11-30 22:07 --------- d-----w c:\program files\Fichiers communs\HP
2008-11-30 21:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 21:55 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-30 21:55 --------- d-----w c:\program files\Common Files
2008-11-30 21:55 --------- d-----w c:\program files\Brother
2008-11-16 10:42 --------- d-----w c:\documents and settings\Propriétaire\Application Data\dvdcss
2008-11-11 17:02 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-07-20 19:23 65,192 ----a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
1998-08-24 11:09 10,000 -c--a-w c:\windows\inf\unregpn.exe
2007-03-14 17:46 0 -csha-w c:\windows\SMINST\HPCD.sys
2008-09-03 16:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090320080904\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Acme.PCHButton"="c:\progra~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe" [2004-01-02 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-02 32881]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-02-24 3026944]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-30 98304]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
RaConfig2500.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2006-09-07 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
--a------ 2004-01-02 06:17 159744 c:\progra~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
--a------ 2004-01-09 08:34 32768 c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2003-08-21 10:16 483328 c:\windows\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2003-08-21 10:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 23:04 52736 c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-03-10 11:39 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 16:44 61440 c:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-10 17:49 50688 c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-03-10 11:20 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-10-16 22:57 81920 c:\windows\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 21:43 233472 c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-28 20:08 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-21 21:54 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 00:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2003-04-04 03:35 50176 c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-02-24 04:43 753664 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R3 usbdtv;DVB-T TV Tuner;c:\windows\system32\Drivers\usbdtv.sys [2006-09-06 31232]
S3 DTVFW;DVB-T USB adapter firmware;c:\windows\system32\DRIVERS\dtvfw.sys [2006-09-06 22016]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-BHR - c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
HKLM-Run-VTTimer - VTTimer.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
MSConfigStartUp-Smart Start UP - c:\program files\NewSoft\Smart Start UP\PnPDetect.exe
MSConfigStartUp-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.xeoo.com/?p=h&a=ie
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
O16 -: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
c:\windows\Downloaded Program Files\setup.inf
c:\windows\Downloaded Program Files\FileUploader.dll - O16 -: {C36112BF-2FA3-4694-8603-3B510EA3B465}
hxxp://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
c:\windows\Downloaded Program Files\FileUploader.inf
c:\windows\Downloaded Program Files\FnacComposant.dll - O16 -: {D28C3640-A6D7-4668-A53C-07A9CF67D157}
hxxp://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\mzxp5aal.default\
FF - prefs.js: browser.search.selectedEngine - xeoo.com
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 12:13:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmqlt.sys"
.
Heure de fin: 2008-12-21 12:13:46
ComboFix-quarantined-files.txt 2008-12-21 11:13:44
Avant-CF: 84,654,669,824 octets libres
Après-CF: 84,671,254,528 octets libres
222 --- E O F --- 2008-12-18 14:02:08