Trojan.agent.eiw detecter( spyware terminator
Fermé
polux
-
17 mai 2009 à 00:34
Renaud Lavoie Messages postés 98 Date d'inscription jeudi 9 avril 2009 Statut Membre Dernière intervention 21 octobre 2010 - 18 mai 2009 à 01:13
Renaud Lavoie Messages postés 98 Date d'inscription jeudi 9 avril 2009 Statut Membre Dernière intervention 21 octobre 2010 - 18 mai 2009 à 01:13
A voir également:
- Trojan.agent.eiw detecter( spyware terminator
- Spyware terminator - Télécharger - Antivirus & Antimalwares
- Anti spyware - Télécharger - Antivirus & Antimalwares
- Temu spyware - Guide
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Détecter clé usb - Guide
10 réponses
Utilisateur anonyme
17 mai 2009 à 00:35
17 mai 2009 à 00:35
Salut,
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur ' continue ' à l'écran Disclaimer.
▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
( log.txt & info.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur ' continue ' à l'écran Disclaimer.
▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
( log.txt & info.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Renaud Lavoie
Messages postés
98
Date d'inscription
jeudi 9 avril 2009
Statut
Membre
Dernière intervention
21 octobre 2010
104
17 mai 2009 à 00:36
17 mai 2009 à 00:36
la, TU EST VRAIMENT FOUTU...
Cela va être long pour qu'il soit réparé...
Cela va être long pour qu'il soit réparé...
Utilisateur anonyme
17 mai 2009 à 00:37
17 mai 2009 à 00:37
Re,
Et toi vraiment .........
Mais nan , allons bon ....
La, TU EST VRAIMENT FOUTU...
Et toi vraiment .........
Cela va être long pour qu'il soit réparé...
Mais nan , allons bon ....
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Renaud Lavoie
Messages postés
98
Date d'inscription
jeudi 9 avril 2009
Statut
Membre
Dernière intervention
21 octobre 2010
104
17 mai 2009 à 00:38
17 mai 2009 à 00:38
J'ai déja eu un virus et j'ai tout perdu...
Utilisateur anonyme
17 mai 2009 à 01:03
17 mai 2009 à 01:03
Re,
Ben si il le détecte pas ce qui doit être le cas , non..
Ben si il le détecte pas ce qui doit être le cas , non..
Utilisateur anonyme
17 mai 2009 à 01:10
17 mai 2009 à 01:10
Re,
Tu accepte.
Tu accepte.
re, voici les deux rapport de random's system information tool: 1)LOG
Logfile of random's system information tool 1.06 (written by random/random)
Run by babel at 2009-05-17 01:13:25
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 213 GB (91%) free of 233 GB
Total RAM: 2039 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:53, on 17/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\babel\Desktop\RSIT.exe
C:\Program Files\trend micro\babel.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C83D66-3AD2-4A4A-BA1B-503D0BC72DCC}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{11C83D66-3AD2-4A4A-BA1B-503D0BC72DCC}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by babel at 2009-05-17 01:13:25
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 213 GB (91%) free of 233 GB
Total RAM: 2039 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:53, on 17/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\babel\Desktop\RSIT.exe
C:\Program Files\trend micro\babel.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C83D66-3AD2-4A4A-BA1B-503D0BC72DCC}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{11C83D66-3AD2-4A4A-BA1B-503D0BC72DCC}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
Utilisateur anonyme
17 mai 2009 à 01:27
17 mai 2009 à 01:27
Re,
▶ Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
▶ Mets le à jour
▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
▶ Sélectionne Exécuter un examen COMPLET si ce n'est pas déjà fait
▶ clique sur Rechercher
▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
▶ Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
▶ Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
▶ Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutoriel pour MalwareByte's
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
▶ Mets le à jour
▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
▶ Sélectionne Exécuter un examen COMPLET si ce n'est pas déjà fait
▶ clique sur Rechercher
▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
▶ Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
▶ Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
▶ Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutoriel pour MalwareByte's
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
RE, je vais faire passer un scan avec malewarebyte's, mais je vais etre obliger de te quitter pour aujourd'hui, car demain je me leve tot, j'espere reprendre ce soir si ça ne fait rien. Je te dis ça parce-que malewarebyte's et déjà installer sur mon bureau et que son temp de scan et tres long environ 1h30 voir 1h50 parfois, mais comme demain je dois partir bonheur je ne pourrais pas continuer plus tard. Merci pour ton aide precieuse,à ce soir :).
Bonsoir V-X, je vient de voir d'ou vient le virus detecter par syware terminator, il vient de mon disque dur externe qui a un programme" vista ultimate-edition sp1 by mad dog\crk\6001activator x86x64-bootldr2121f.exe". Et malewarebyte's n'a rien detecter. Donc je vais virer tout de suite ce programme dont je ne me suis jamais encore servi. Le problème doit je crois etre resolu ou bien, y a t'il d'autre chose à faire ?
Je t'envoi le rapport de Spyware Terminator et j'ai souligner le virus detecter dans le rapport:
Logfile of Spyware Terminator v2.5.6.316 (db:3.005.015.000)
Scan Time: 17/05/2009 17:00:22 length: 2383 s
Platform: VISTA (6.0.0.6001)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 77021 (Critical:1)
Filter: No System items, No Safe items, No Invalid items
Running Processes
SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
hpsysdrv.exe [Hewlett-Packard Company] : C:\hp\support\hpsysdrv.exe
RtHDVCpl.exe [Realtek Semiconductor] : C:\Windows\RtHDVCpl.exe
VMonitor.exe [Vimicro Corporation] : C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
wmpnscfg.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnscfg.exe
wmpnetwk.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnetwk.exe
PhotoScreensaver.scr [Microsoft Corporation] : C:\Windows\system32\PhotoScreensaver.scr
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://ie.redirect.hp.com/...
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - [Adobe Systems Incorporated] : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WMPNSCFG : [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnscfg.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, hpsysdrv : [Hewlett-Packard Company] : C:\hp\support\hpsysdrv.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RtHDVCpl : [Realtek Semiconductor] : C:\Windows\RtHDVCpl.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, VMonitorVMUVC : [Vimicro Corporation] : C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, Launcher : [soft thinks] : C:\Windows\SMINST\launcher.exe
Shell Extensions
CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - [Microsoft Corporation] : C:\Windows\MSAgent\agentpsh.dll
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
&Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll
- {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll
Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\RUNDLL32.EXE
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll
PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll
Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
Tablet PC Input Panel - {15D633E2-AD00-465b-9EC7-F56B7CDF8E27} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll
Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll
ShellViewRTF - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - [XSS] : C:\Windows\system32\ShellvRTF.dll
Haali Column Provider - {0561EC90-CE54-4f0c-9C55-E226110A740C} - : C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
Haali Matroska Shell Property Page - {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} - : C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
Haali Matroska Thumbnail Extractor - {327669A0-59A7-4be9-B99E-1C9F3A57611A} - : C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll
MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll
Services
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\bowser.sys
23 - [Microsoft Corporation] : C:\Windows\system32\Drivers\dfsc.sys
23 - [Intel Corporation] : C:\Windows\system32\DRIVERS\e100b325.sys
23 - [Intel Corporation] : C:\Windows\system32\DRIVERS\igdkmd32.sys
23 - [Realtek Semiconductor Corp.] : C:\Windows\system32\drivers\RTKVHDA.sys
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\msiscsi.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mrxsmb10.sys
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mssmbios.sys
23 - [Ralink Technology, Corp.] : C:\Windows\system32\DRIVERS\netr73.sys
23 - [Microsoft Corporation] : C:\Windows\system32\drivers\rdpencdd.sys
23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
23 - [Crawler.com] : C:\Windows\system32\drivers\sp_rsdrv2.sys
23 - [Vimicro Corporation] : C:\Windows\system32\Drivers\VMUVC.sys
23 - [Check Point Software Technologies LTD] : C:\Windows\system32\DRIVERS\vsdatant.sys
23 - [Vimicro Corporation] : C:\Windows\system32\drivers\vvftUVC.sys
23 - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnetwk.exe
Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\Windows\system32\igfxdev.dll
Threat Files
<Trojan.Agent.EIW> : k:\programmes\Vista Ultimate-Edition SP1 By Mad Dog\crk\6001Activatorx86x64-Bootldr2121F.exe
Advanced Files Report
%SYSDIR%\RtkAPO.dll [Realtek Semiconductor Corp.] [Realtek(r) LFX/GFX DSP component] MD5=D330BF0F8742EE1FFFC3A099CE310F9F SIZE=2156544
%SYSDIR%\SLsvc.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=0BA91E1358AD25236863039BB2609A2E SIZE=2623488
%SYSDIR%\hpzlllhn.dll [Hewlett-Packard Company] [Language Monitor] MD5=16EE199006A653EE8937632459CB66BE SIZE=37376
%SYSDIR%\spool\PRTPROCS\W32X86\hpzpplhn.dll [Hewlett-Packard Corporation] [HP Print Processor] MD5=801DECF3A583C270E5C398FCD082E3DD SIZE=89600
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=6E5DAC168D1FF9843E84A59D51D31107 SIZE=61440
%COMMONFILES%\LightScribe\LSSProxy.dll [Hewlett-Packard Company] [LightScribe] MD5=F3918787F9D5F5FF2DA57CDEFB858EC5 SIZE=81920
%COMMONFILES%\LightScribe\LSLog.dll [Hewlett-Packard Company] [LightScribe] MD5=C1A3AF85DBFC67988FB71CE5E8F3B570 SIZE=32256
%SYSDIR%\igfxTMM.dll [igfxTMM Module] MD5=275D4695278495B0BE4D3A4050C5582A SIZE=61440
%SYSDIR%\igdumd32.dll [Intel Corporation] [Intel Graphics Accelerator Drivers for Windows Vista(R)] MD5=5E54BA957564107B8417E06FDF93CD1C SIZE=2105344
%SystemDiskRoot%\hp\KBD\led.dll [Hewlett-Packard Company] [Hewlett-Packard Company LED DLL] MD5=F68A3F0D63BE926ED65ED1C8C5B03A3D SIZE=49152
%SystemDiskRoot%\hp\KBD\USB.dll [Hewlett-Packard Company] [Hewlett-Packard Company USB DLL] MD5=29012814C2A868047ED659CCD919BEA4 SIZE=77824
%SystemDiskRoot%\hp\KBD\ps2.dll [Hewlett-Packard Company] [Hewlett-Packard Company PS2 DLL] MD5=1F847CEB90DF6BF6E0EDAED904B1E7C8 SIZE=86016
%SystemDiskRoot%\hp\KBD\msg.dll [Hewlett-Packard Company] [Hewlett-Packard Company MSG DLL] MD5=BF475CC947C0CD6B2AEDF4A2BED4F0D5 SIZE=102400
%SystemDiskRoot%\hp\KBD\osd.dll [Hewlett-Packard Company] [Hewlett-Packard Company OSD DLL] MD5=56AA2F99855AB9FB4E7600030E36858A SIZE=151552
%SystemDiskRoot%\hp\KBD\sct.dll [Hewlett-Packard Company] [Hewlett-Packard Company SCT DLL] MD5=17F1CFF37CB423EA05264F7174D84D60 SIZE=118784
%SystemDiskRoot%\hp\KBD\onl.dll [Hewlett-Packard Company] [Hewlett-Packard Company ONL DLL] MD5=BCAB1694DF88BF3DBEEF30BD731F3C3E SIZE=102400
%SystemDiskRoot%\hp\KBD\aol.dll [Hewlett-Packard Company] [Hewlett-Packard Company AOL DLL] MD5=308C9DDBD043903534514B097396E017 SIZE=57344
%SystemDiskRoot%\hp\KBD\url.dll [Hewlett-Packard Company] [Hewlett-Packard Company URL DLL] MD5=996FC333026A68A66078A4AB6C9EA54C SIZE=57344
%SystemDiskRoot%\hp\KBD\cfg.dll [Hewlett-Packard Company] [Hewlett-Packard Company CFG DLL] MD5=6CF34B0F4DFBF541DB299CCFAC445A04 SIZE=176128
%SystemDiskRoot%\HP\KBD\MSIKBDIF.DLL [Hewlett-Packard Company] [Hewlett-Packard Company MSIKBDIF DLL] MD5=57D46FEDF6BF2DDE8CD4746F0684BE58 SIZE=217088
%SYSDIR%\hccutils.DLL MD5=83D2F94354458D7DCF9D64C8C1D5FEC3 SIZE=77824
%SYSDIR%\igfxsrvc.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=C1ADE9C9024EB89A4996EC2EC6FDA785 SIZE=44544
%SYSDIR%\igfxres.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=937BD8419AB38B9E7E449A95B2C113CE SIZE=167936
%SYSDIR%\VMctrl.ax [Vimicro Corporation] [VM321] MD5=CEA5DF1CB19B329723CBEF0C4B603DE3 SIZE=98304
%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=3978704576A121A9204F8CC49A301A9B SIZE=896512
%SYSDIR%\PhotoScreensaver.scr [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=D3583217A771037F3A49B67CA5F2CE8F SIZE=704512
%PROGRAMFILES%\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax [ffdshow] MD5=9F6EEDC57A79AB177F1AE6C85A951969 SIZE=2490368
%PROGRAMFILES%\Combined Community Codec Pack\Filters\VSFilter.dll [Gabest] [VSFilter] MD5=A54AAC5E131EE45575986869C605BE79 SIZE=1019904
%PROGRAMFILES%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated] [AcroIEHelper Library] MD5=F17B2B264072B921FC66A0BE16626BAB SIZE=63128
%SYSDIR%\inetcomm.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=D9D2BD831C93EAA7CE7BEC712ED2081E SIZE=738304
%WINDIR%\MSAgent\agentpsh.dll [Microsoft Corporation] [Microsoft Agent Property Sheet Handler] MD5=F0B6186AEB591642784D6FFDC2D625BC SIZE=30720
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=F41857E440A9DF3FD5A543C8B2A53048 SIZE=342016
%PROGRAMFILES%\Windows Photo Gallery\PhotoViewer.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=2AAD5D8541ABFD8EC8877773291250AC SIZE=2314240
%PROGRAMFILES%\Windows Media Player\wmpband.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=E7369CA015162EF4F9E207897EF7DED8 SIZE=99328
%SYSDIR%\emdmgmt.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=BA4E96D951DDAD6AC3AF3C91D4AC68BF SIZE=564736
%SYSDIR%\RUNDLL32.EXE [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4B555106290BD117334E9A08761C035A SIZE=44544
%SYSDIR%\audiodev.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=67C30FAFA58BD7E02A9DA8BE28512934 SIZE=244224
%PROGRAMFILES%\Windows Photo Gallery\PhotoAcq.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=B5D79B4F81DAA75BBB3DD9F481ADF41B SIZE=1030144
%COMMONFILES%\microsoft shared\ink\TipBand.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A8F2BB769FA35F9C2867746B671EB662 SIZE=114688
%PROGRAMFILES%\Windows Sidebar\sbdrop.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A74701976D6D75099B9FCA993685C452 SIZE=66048
%SYSDIR%\ShellvRTF.dll [XSS] [XSS ShellvRTF] MD5=91FA8D1DB1EC243CECD4A0977C91CC6F SIZE=237568
%PROGRAMFILES%\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll MD5=61452B71670D12216F288D46D0879F71 SIZE=159744
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=030306A1D348ABADA20572B1599B0502 SIZE=212992
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNoNetwork
%SYSDIR%\DRIVERS\bowser.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=74B442B2BE1260B7588C136177CEAC66 SIZE=69632
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k DcomLaunch
%SYSDIR%\Drivers\dfsc.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9E635AE5E8AD93E2B5989E2E23679F97 SIZE=75264
%SYSDIR%\DRIVERS\e100b325.sys [Intel Corporation] [Carte Intel(R) PRO/100] MD5=D00EEAE1CACD77A1A8396BBC19140BBA SIZE=159744
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\igdkmd32.sys [Intel Corporation] [Intel Graphics Accelerator Drivers for Windows Vista(R)] MD5=0215E1204D5410E50A5EA9D442FE7DA3 SIZE=1473024
%SYSDIR%\drivers\RTKVHDA.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver] MD5=EDC37B918E583A5A813C53D4F5588255 SIZE=2047576
%SYSDIR%\DRIVERS\msiscsi.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F247EEC28317F6C739C16DE420097301 SIZE=181304
%SYSDIR%\DRIVERS\mrxsmb10.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0A986B34F1678A2697574D7B1664E2DD SIZE=212480
%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=E384487CB84BE41D09711C30CA79646C SIZE=31288
%SYSDIR%\DRIVERS\netr73.sys [Ralink Technology, Corp.] [Ralink 802.11 Wireless Adapters] MD5=271AC1312EF1DDE187793183ABBFA8D0 SIZE=493568
%SYSDIR%\svchost.exe -k NetworkServiceNetworkRestricted
%SYSDIR%\drivers\rdpencdd.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9D91FE5286F748862ECFFA05F8A0710C SIZE=6144
%SYSDIR%\svchost.exe -k rpcss
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\Drivers\VMUVC.sys [Vimicro Corporation] [Vimicro USB Video Class Camera] MD5=D6E99240EB4DBE7961A0A2089039BB57 SIZE=247552
%SYSDIR%\DRIVERS\vsdatant.sys [Check Point Software Technologies LTD] [ZoneAlarm Firewalling Driver] MD5=C8F5455F43977580D489CE31178F4166 SIZE=279440
%SYSDIR%\ZoneLabs\vsmon.exe -service
%SYSDIR%\drivers\vvftUVC.sys [Vimicro Corporation] [326] MD5=5C1100D8EC7E3DDE56FFC521087A1D19 SIZE=476032
%SYSDIR%\svchost.exe -k WerSvcGroup
%SYSDIR%\SearchIndexer.exe \Embedding
%SYSDIR%\mscoree.dll [Microsoft Corporation] [Microsoft® .NET Framework] MD5=C99248B969A799B771F484CD68BCB96E SIZE=282112
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=4BE65CE9440542F617CDA4ECF8867FBF SIZE=62304
End of Report
Je t'envoi le rapport de Spyware Terminator et j'ai souligner le virus detecter dans le rapport:
Logfile of Spyware Terminator v2.5.6.316 (db:3.005.015.000)
Scan Time: 17/05/2009 17:00:22 length: 2383 s
Platform: VISTA (6.0.0.6001)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 77021 (Critical:1)
Filter: No System items, No Safe items, No Invalid items
Running Processes
SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
hpsysdrv.exe [Hewlett-Packard Company] : C:\hp\support\hpsysdrv.exe
RtHDVCpl.exe [Realtek Semiconductor] : C:\Windows\RtHDVCpl.exe
VMonitor.exe [Vimicro Corporation] : C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
wmpnscfg.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnscfg.exe
wmpnetwk.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnetwk.exe
PhotoScreensaver.scr [Microsoft Corporation] : C:\Windows\system32\PhotoScreensaver.scr
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://ie.redirect.hp.com/...
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - [Adobe Systems Incorporated] : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WMPNSCFG : [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnscfg.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, hpsysdrv : [Hewlett-Packard Company] : C:\hp\support\hpsysdrv.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RtHDVCpl : [Realtek Semiconductor] : C:\Windows\RtHDVCpl.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, VMonitorVMUVC : [Vimicro Corporation] : C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, Launcher : [soft thinks] : C:\Windows\SMINST\launcher.exe
Shell Extensions
CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - [Microsoft Corporation] : C:\Windows\MSAgent\agentpsh.dll
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
&Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll
- {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll
Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\RUNDLL32.EXE
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll
PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll
Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
Tablet PC Input Panel - {15D633E2-AD00-465b-9EC7-F56B7CDF8E27} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll
Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll
ShellViewRTF - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - [XSS] : C:\Windows\system32\ShellvRTF.dll
Haali Column Provider - {0561EC90-CE54-4f0c-9C55-E226110A740C} - : C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
Haali Matroska Shell Property Page - {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} - : C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
Haali Matroska Thumbnail Extractor - {327669A0-59A7-4be9-B99E-1C9F3A57611A} - : C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll
MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll
Services
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\bowser.sys
23 - [Microsoft Corporation] : C:\Windows\system32\Drivers\dfsc.sys
23 - [Intel Corporation] : C:\Windows\system32\DRIVERS\e100b325.sys
23 - [Intel Corporation] : C:\Windows\system32\DRIVERS\igdkmd32.sys
23 - [Realtek Semiconductor Corp.] : C:\Windows\system32\drivers\RTKVHDA.sys
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\msiscsi.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mrxsmb10.sys
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mssmbios.sys
23 - [Ralink Technology, Corp.] : C:\Windows\system32\DRIVERS\netr73.sys
23 - [Microsoft Corporation] : C:\Windows\system32\drivers\rdpencdd.sys
23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
23 - [Crawler.com] : C:\Windows\system32\drivers\sp_rsdrv2.sys
23 - [Vimicro Corporation] : C:\Windows\system32\Drivers\VMUVC.sys
23 - [Check Point Software Technologies LTD] : C:\Windows\system32\DRIVERS\vsdatant.sys
23 - [Vimicro Corporation] : C:\Windows\system32\drivers\vvftUVC.sys
23 - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnetwk.exe
Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\Windows\system32\igfxdev.dll
Threat Files
<Trojan.Agent.EIW> : k:\programmes\Vista Ultimate-Edition SP1 By Mad Dog\crk\6001Activatorx86x64-Bootldr2121F.exe
Advanced Files Report
%SYSDIR%\RtkAPO.dll [Realtek Semiconductor Corp.] [Realtek(r) LFX/GFX DSP component] MD5=D330BF0F8742EE1FFFC3A099CE310F9F SIZE=2156544
%SYSDIR%\SLsvc.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=0BA91E1358AD25236863039BB2609A2E SIZE=2623488
%SYSDIR%\hpzlllhn.dll [Hewlett-Packard Company] [Language Monitor] MD5=16EE199006A653EE8937632459CB66BE SIZE=37376
%SYSDIR%\spool\PRTPROCS\W32X86\hpzpplhn.dll [Hewlett-Packard Corporation] [HP Print Processor] MD5=801DECF3A583C270E5C398FCD082E3DD SIZE=89600
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=6E5DAC168D1FF9843E84A59D51D31107 SIZE=61440
%COMMONFILES%\LightScribe\LSSProxy.dll [Hewlett-Packard Company] [LightScribe] MD5=F3918787F9D5F5FF2DA57CDEFB858EC5 SIZE=81920
%COMMONFILES%\LightScribe\LSLog.dll [Hewlett-Packard Company] [LightScribe] MD5=C1A3AF85DBFC67988FB71CE5E8F3B570 SIZE=32256
%SYSDIR%\igfxTMM.dll [igfxTMM Module] MD5=275D4695278495B0BE4D3A4050C5582A SIZE=61440
%SYSDIR%\igdumd32.dll [Intel Corporation] [Intel Graphics Accelerator Drivers for Windows Vista(R)] MD5=5E54BA957564107B8417E06FDF93CD1C SIZE=2105344
%SystemDiskRoot%\hp\KBD\led.dll [Hewlett-Packard Company] [Hewlett-Packard Company LED DLL] MD5=F68A3F0D63BE926ED65ED1C8C5B03A3D SIZE=49152
%SystemDiskRoot%\hp\KBD\USB.dll [Hewlett-Packard Company] [Hewlett-Packard Company USB DLL] MD5=29012814C2A868047ED659CCD919BEA4 SIZE=77824
%SystemDiskRoot%\hp\KBD\ps2.dll [Hewlett-Packard Company] [Hewlett-Packard Company PS2 DLL] MD5=1F847CEB90DF6BF6E0EDAED904B1E7C8 SIZE=86016
%SystemDiskRoot%\hp\KBD\msg.dll [Hewlett-Packard Company] [Hewlett-Packard Company MSG DLL] MD5=BF475CC947C0CD6B2AEDF4A2BED4F0D5 SIZE=102400
%SystemDiskRoot%\hp\KBD\osd.dll [Hewlett-Packard Company] [Hewlett-Packard Company OSD DLL] MD5=56AA2F99855AB9FB4E7600030E36858A SIZE=151552
%SystemDiskRoot%\hp\KBD\sct.dll [Hewlett-Packard Company] [Hewlett-Packard Company SCT DLL] MD5=17F1CFF37CB423EA05264F7174D84D60 SIZE=118784
%SystemDiskRoot%\hp\KBD\onl.dll [Hewlett-Packard Company] [Hewlett-Packard Company ONL DLL] MD5=BCAB1694DF88BF3DBEEF30BD731F3C3E SIZE=102400
%SystemDiskRoot%\hp\KBD\aol.dll [Hewlett-Packard Company] [Hewlett-Packard Company AOL DLL] MD5=308C9DDBD043903534514B097396E017 SIZE=57344
%SystemDiskRoot%\hp\KBD\url.dll [Hewlett-Packard Company] [Hewlett-Packard Company URL DLL] MD5=996FC333026A68A66078A4AB6C9EA54C SIZE=57344
%SystemDiskRoot%\hp\KBD\cfg.dll [Hewlett-Packard Company] [Hewlett-Packard Company CFG DLL] MD5=6CF34B0F4DFBF541DB299CCFAC445A04 SIZE=176128
%SystemDiskRoot%\HP\KBD\MSIKBDIF.DLL [Hewlett-Packard Company] [Hewlett-Packard Company MSIKBDIF DLL] MD5=57D46FEDF6BF2DDE8CD4746F0684BE58 SIZE=217088
%SYSDIR%\hccutils.DLL MD5=83D2F94354458D7DCF9D64C8C1D5FEC3 SIZE=77824
%SYSDIR%\igfxsrvc.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=C1ADE9C9024EB89A4996EC2EC6FDA785 SIZE=44544
%SYSDIR%\igfxres.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=937BD8419AB38B9E7E449A95B2C113CE SIZE=167936
%SYSDIR%\VMctrl.ax [Vimicro Corporation] [VM321] MD5=CEA5DF1CB19B329723CBEF0C4B603DE3 SIZE=98304
%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=3978704576A121A9204F8CC49A301A9B SIZE=896512
%SYSDIR%\PhotoScreensaver.scr [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=D3583217A771037F3A49B67CA5F2CE8F SIZE=704512
%PROGRAMFILES%\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax [ffdshow] MD5=9F6EEDC57A79AB177F1AE6C85A951969 SIZE=2490368
%PROGRAMFILES%\Combined Community Codec Pack\Filters\VSFilter.dll [Gabest] [VSFilter] MD5=A54AAC5E131EE45575986869C605BE79 SIZE=1019904
%PROGRAMFILES%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated] [AcroIEHelper Library] MD5=F17B2B264072B921FC66A0BE16626BAB SIZE=63128
%SYSDIR%\inetcomm.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=D9D2BD831C93EAA7CE7BEC712ED2081E SIZE=738304
%WINDIR%\MSAgent\agentpsh.dll [Microsoft Corporation] [Microsoft Agent Property Sheet Handler] MD5=F0B6186AEB591642784D6FFDC2D625BC SIZE=30720
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=F41857E440A9DF3FD5A543C8B2A53048 SIZE=342016
%PROGRAMFILES%\Windows Photo Gallery\PhotoViewer.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=2AAD5D8541ABFD8EC8877773291250AC SIZE=2314240
%PROGRAMFILES%\Windows Media Player\wmpband.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=E7369CA015162EF4F9E207897EF7DED8 SIZE=99328
%SYSDIR%\emdmgmt.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=BA4E96D951DDAD6AC3AF3C91D4AC68BF SIZE=564736
%SYSDIR%\RUNDLL32.EXE [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4B555106290BD117334E9A08761C035A SIZE=44544
%SYSDIR%\audiodev.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=67C30FAFA58BD7E02A9DA8BE28512934 SIZE=244224
%PROGRAMFILES%\Windows Photo Gallery\PhotoAcq.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=B5D79B4F81DAA75BBB3DD9F481ADF41B SIZE=1030144
%COMMONFILES%\microsoft shared\ink\TipBand.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A8F2BB769FA35F9C2867746B671EB662 SIZE=114688
%PROGRAMFILES%\Windows Sidebar\sbdrop.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A74701976D6D75099B9FCA993685C452 SIZE=66048
%SYSDIR%\ShellvRTF.dll [XSS] [XSS ShellvRTF] MD5=91FA8D1DB1EC243CECD4A0977C91CC6F SIZE=237568
%PROGRAMFILES%\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll MD5=61452B71670D12216F288D46D0879F71 SIZE=159744
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=030306A1D348ABADA20572B1599B0502 SIZE=212992
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNoNetwork
%SYSDIR%\DRIVERS\bowser.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=74B442B2BE1260B7588C136177CEAC66 SIZE=69632
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k DcomLaunch
%SYSDIR%\Drivers\dfsc.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9E635AE5E8AD93E2B5989E2E23679F97 SIZE=75264
%SYSDIR%\DRIVERS\e100b325.sys [Intel Corporation] [Carte Intel(R) PRO/100] MD5=D00EEAE1CACD77A1A8396BBC19140BBA SIZE=159744
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\igdkmd32.sys [Intel Corporation] [Intel Graphics Accelerator Drivers for Windows Vista(R)] MD5=0215E1204D5410E50A5EA9D442FE7DA3 SIZE=1473024
%SYSDIR%\drivers\RTKVHDA.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver] MD5=EDC37B918E583A5A813C53D4F5588255 SIZE=2047576
%SYSDIR%\DRIVERS\msiscsi.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F247EEC28317F6C739C16DE420097301 SIZE=181304
%SYSDIR%\DRIVERS\mrxsmb10.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0A986B34F1678A2697574D7B1664E2DD SIZE=212480
%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=E384487CB84BE41D09711C30CA79646C SIZE=31288
%SYSDIR%\DRIVERS\netr73.sys [Ralink Technology, Corp.] [Ralink 802.11 Wireless Adapters] MD5=271AC1312EF1DDE187793183ABBFA8D0 SIZE=493568
%SYSDIR%\svchost.exe -k NetworkServiceNetworkRestricted
%SYSDIR%\drivers\rdpencdd.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9D91FE5286F748862ECFFA05F8A0710C SIZE=6144
%SYSDIR%\svchost.exe -k rpcss
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\Drivers\VMUVC.sys [Vimicro Corporation] [Vimicro USB Video Class Camera] MD5=D6E99240EB4DBE7961A0A2089039BB57 SIZE=247552
%SYSDIR%\DRIVERS\vsdatant.sys [Check Point Software Technologies LTD] [ZoneAlarm Firewalling Driver] MD5=C8F5455F43977580D489CE31178F4166 SIZE=279440
%SYSDIR%\ZoneLabs\vsmon.exe -service
%SYSDIR%\drivers\vvftUVC.sys [Vimicro Corporation] [326] MD5=5C1100D8EC7E3DDE56FFC521087A1D19 SIZE=476032
%SYSDIR%\svchost.exe -k WerSvcGroup
%SYSDIR%\SearchIndexer.exe \Embedding
%SYSDIR%\mscoree.dll [Microsoft Corporation] [Microsoft® .NET Framework] MD5=C99248B969A799B771F484CD68BCB96E SIZE=282112
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=4BE65CE9440542F617CDA4ECF8867FBF SIZE=62304
End of Report
Renaud Lavoie
Messages postés
98
Date d'inscription
jeudi 9 avril 2009
Statut
Membre
Dernière intervention
21 octobre 2010
104
18 mai 2009 à 01:13
18 mai 2009 à 01:13
Bon, pour l'enlever maintenant, utilise un anti-virus et met le en quarentaine!
PS: J'ai jamais eu de trojan. C'est suposé faire quoi??
PS: J'ai jamais eu de trojan. C'est suposé faire quoi??
17 mai 2009 à 00:58