Sos w32.sillyfdc
zozo9
Messages postés
1
Statut
Membre
-
benurrr Messages postés 9766 Statut Contributeur sécurité -
benurrr Messages postés 9766 Statut Contributeur sécurité -
sos, mon pc est infecté. cidessous rapport scan. Merci.
QuickScan Beta 32-bit v0.9.9.17
-------------------------------
Scan date: Sun Apr 11 15:18:00 2010
Machine ID: 1C59F4D4
Found 2 infected files!
-----------------------
C:\windows\inf\svchost.exe --> Trojan.Downloader.Banload.NOU
--> Process svchost.exe (320)
C:\program files\uninstall information\icehf.exe --> Trojan.Downloader.Banload.NOU
--> Process icehf.exe (200)
Processes
---------
<unsigned> hpwuSchd Application 2036 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> GPCore COM object 2488 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
<unsigned> hp digital imaging - hp all-in-one seri 2448 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
<unsigned> hp digital imaging - hp all-in-one seri 2412 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
<unsigned> icehf.exe 200 C:\program files\uninstall information\icehf.exe
<unsigned> Internet Mobile.exe 2988 C:\Program Files\Internet Mobile\Internet Mobile.exe
<unsigned> Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\spoolsv.exe
<unsigned> Norton Speed Disk 1696 C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
<unsigned> Norton Utilities 1568 C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
<unsigned> svchost.exe 320 C:\windows\inf\svchost.exe
<verified> Firefox 2308 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> hp digital imaging - hp all-in-one seri 344 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<verified> Microsoft Search Enhancement Pack 1628 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
<verified> Microsoft® Visual Studio .NET 1128 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 2164 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 416 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 232 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 504 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 1588 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1440 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 732 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 768 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 852 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1736 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2088 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2692 C:\WINDOWS\system32\wuauclt.exe
<verified> Norton AntiVirus 1164 C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
<verified> Norton AntiVirus 188 C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapw32.exe
<verified> Système d'exploitation Microsoft® Windo 1496 C:\WINDOWS\Explorer.EXE
<verified> Système d'exploitation Microsoft® Windo 492 C:\WINDOWS\system32\services.exe
<verified> Système d'exploitation Microsoft® Windo 360 C:\WINDOWS\System32\smss.exe
<verified> Système d'exploitation Microsoft® Windo 440 C:\WINDOWS\system32\winlogon.exe
Network activity
----------------
Process svchost.exe (768) connected on port 80 (HTTP) --> cds148.lax9.msecn.net
Process firefox.exe (2308) connected on port 80 (HTTP) --> 199.7.52.190
Process firefox.exe (2308) connected on port 80 (HTTP) --> 72.14.204.113
Process firefox.exe (2308) connected on port 80 (HTTP) --> 77.67.20.163
Process firefox.exe (2308) connected on port 80 (HTTP) --> 199.7.71.190
Process firefox.exe (2308) connected on port 80 (HTTP) --> 77.67.20.154
Process firefox.exe (2308) connected on port 80 (HTTP) --> 199.7.52.190
Process svchost.exe (732) listens on ports: 135 (RPC)
Autoruns and critical files
---------------------------
<unsigned> hpwuSchd Application C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> HpqSRmon Application C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
<unsigned> Huawei Technologies Co., Ltd. AutoRun F:\autorun.exe
<unsigned> icehf.exe C:\program files\uninstall information\icehf.exe
<unsigned> LiveUpdate C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
<unsigned> Norton CleanSweep Fast & Safe Cleanup C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
<unsigned> svchost.exe C:\windows\inf\svchost.exe
<unsigned> Symantec WinFax PRO C:\Program Files\Norton SystemWorks\DelFax\wfxseh32.dll
<unsigned> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\browseui.dll
<unsigned> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\shell32.dll
<verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Norton AntiVirus C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapw32.exe
<verified> Norton AntiVirus C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVW32.exe
<verified> Norton Integrator C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
<verified> OneClick.exe C:\Program Files\Advanced PC Tweaker\OneClick.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\crypt32.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\cscdll.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\logonui.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\sclgntfy.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\stobject.dll
<verified> Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\webcheck.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\wlnotify.dll
Browser plugins
---------------
<unsigned> Norton AntiVirus c:\program files\norton systemworks\norton antivirus\navshext.dll
<unsigned> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\shdocvw.dll
<verified> BitDefender QuickScan C:\Documents and Settings\ahmed\Application Data\Mozilla\Firefox\Profiles\nryuvpms.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\ahmed\Application Data\Mozilla\Firefox\Profiles\nryuvpms.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
<verified> HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
<verified> Internet Download Manager Module c:\program files\internet download manager\idmiecc.dll
<verified> Microsoft Search Helper Extention c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\fichiers communs\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\mswsock.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\nwprovau.dll
<verified> Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
<verified> Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Missing files
-------------
File not found: C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"PC-Checkup"
File not found: C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"SpeedItUpEX"
File not found: C:\WINDOWS\System32\hidserv.dll
referenced in: HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"
Scan
----
<unsigned> MD5: 2277eefba1935075cc77505c9e7eeb84 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\MDMUI.DLL
<unsigned> MD5: ebd98cf6e4d04d300e57f9ec15d3bead C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
<unsigned> MD5: 4967aa8bd06d51af10e629287c7a264d C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
<unsigned> MD5: ffad5f0a4ed6c79bdab71a3084faa621 C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
<unsigned> MD5: 3268d73b9eadaebf8beeaad8bd610369 C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
<unsigned> MD5: 017bd724c977cef95a01203aeca571d3 C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
<unsigned> MD5: 7e04b1ade140f483a6581461568d8d9c C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
<unsigned> MD5: f54fff428bc887f08eb83674fbb321da C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
<unsigned> MD5: 187924625a55edc7b196b82777c5074a C:\Program Files\HP\Digital Imaging\bin\HpqCPTA.dll
<unsigned> MD5: f50f7984fdd151edd8a70a8dbd9e2a44 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
<unsigned> MD5: c83c0791fc7fa3cbe9be2825b8a47eaf C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
<unsigned> MD5: df446ba625cc441617843e87798ce048 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
<unsigned> MD5: 8f48362b61a6637d1b064278e549ef40 C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
<unsigned> MD5: 2cc556f7106f0568787a0e28da3a4df7 C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll
<unsigned> MD5: 8fc85c14b6316745670816f98693a100 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
<unsigned> MD5: 4122925c28e461811c033276e25589e9 C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
<unsigned> MD5: 822fdafb41056462f2dda8a7bcc2b9eb C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
<unsigned> MD5: bec374f5bc1ab92639429cae4155ae79 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
<unsigned> MD5: e88c8f90588e9f738a04fbf386fd987d C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll
<unsigned> MD5: 941a08cbdeedf16b6c986b6ba7c9a5d0 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
<unsigned> MD5: a5699775554de8897924a0f6eb5729c9 C:\Program Files\HP\Digital Imaging\bin\HpqSRTA.dll
<unsigned> MD5: 332889d2c21a5b728fbbd45d6c89661a C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll
<unsigned> MD5: b70278d1459a677639d51892160fd365 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
<unsigned> MD5: efb8937a7bf6dcedd0a10a79d2e756e2 C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
<unsigned> MD5: 258977efc45fd728e929a8eb95554050 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
<unsigned> MD5: 6c75ba0ccb791f1bed3d6ea42e5c68c4 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
<unsigned> MD5: dab8c1971354b1a55d271066674ed734 C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
<unsigned> MD5: ac974eef7f6599964bcc4033d8d60d82 C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll
<unsigned> MD5: 4f142122eddf0f6110449cba6edb9273 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
<unsigned> MD5: 715ab41a22e0de693cb101639070d3be C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
<unsigned> MD5: 2ab5f9e7d0780364f8bfea5cf3180240 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
<unsigned> MD5: 6104f2921f31e1422c72b97f05bd9c5f C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
<unsigned> MD5: eec6910d6da48e66390964735bc97b05 C:\Program Files\HP\Digital Imaging\bin\hpqxml2.dll
<unsigned> MD5: 062f3db9afa9c3ce0da52f28595c0c6d C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> MD5: 0119b8aa3c019dcc55b1cbbd45fb897f C:\Program Files\Internet Mobile\AddrBookPlugin.dll
<unsigned> MD5: 3b735d605936ee8ebc6852799fa2a74a C:\Program Files\Internet Mobile\AddrBookUIPlugin.dll
<unsigned> MD5: e60ec2017b94c54f0647909da468cade C:\Program Files\Internet Mobile\atcomm.dll
<unsigned> MD5: 1b1bb70c81429854f2f3a9c32f8a521a C:\Program Files\Internet Mobile\ConfigFilePlugin.dll
<unsigned> MD5: e42388ac993bed0e575809ca0b8d242f C:\Program Files\Internet Mobile\Container.dll
<unsigned> MD5: 3dab3e24f1a1d765b6f814b9437ae31b C:\Program Files\Internet Mobile\DetectDev.dll
<unsigned> MD5: 6a310e8731e33293798849dfc6e90113 C:\Program Files\Internet Mobile\DeviceMgrPlugin.dll
<unsigned> MD5: 2408d8965b58ea3f160b70858ff95f8d C:\Program Files\Internet Mobile\DeviceMgrUIPlugin.dll
<unsigned> MD5: e29021415246700059e4cfc3db98ca8a C:\Program Files\Internet Mobile\DeviceOperate.dll
<unsigned> MD5: 9f48cdd80a78f16ad706400e5d16cee0 C:\Program Files\Internet Mobile\DialUpPlugin.dll
<unsigned> MD5: 5292458f205111e0f02731aa98d5f33f C:\Program Files\Internet Mobile\DialupUIPlugin.dll
<unsigned> MD5: 8636338523933065e547d2c648ae339d C:\Program Files\Internet Mobile\FileManager.dll
<unsigned> MD5: 218eebbed8b771baeaccb9d775f6d6f2 C:\Program Files\Internet Mobile\Internet Mobile.exe
<unsigned> MD5: 28a5dc01992d01a2006fd72b869e2691 C:\Program Files\Internet Mobile\isaputrace.dll
<unsigned> MD5: 704cb2114f8c25a379678df431e38442 C:\Program Files\Internet Mobile\LayoutPlugin.dll
<unsigned> MD5: 79982b2ccf3780e5a80028640adf56d7 C:\Program Files\Internet Mobile\LocaleMgrPlugin.dll
<unsigned> MD5: 016707b9f3f6fb436511ea6b0218f83d C:\Program Files\Internet Mobile\MenuMgrPlugin.dll
<unsigned> MD5: 7b93c623333f121dc9e689ccb1b7a733 C:\Program Files\Internet Mobile\MFC71u.dll
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\Program Files\Internet Mobile\msvcp71.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Internet Mobile\msvcr71.dll
<unsigned> MD5: 3ec020db5fc08799f25cd2764f94a291 C:\Program Files\Internet Mobile\NetConnectPlugin.dll
<unsigned> MD5: 88faefc82a18c08053dc2d2fafe41b82 C:\Program Files\Internet Mobile\NetInfoPlugin.dll
<unsigned> MD5: f711a61ba9830cb839fc74664b2ec1b6 C:\Program Files\Internet Mobile\NetInfoUIExPlugin.dll
<unsigned> MD5: 634d20d8ade756fd6b686efd2e8ce594 C:\Program Files\Internet Mobile\NotifyServicePlugin.dll
<unsigned> MD5: 15f92b305c9c67a237665285b8c55089 C:\Program Files\Internet Mobile\SkinMagicExU.dll
<unsigned> MD5: cb8369611c798b8265ab016b8ec2fce0 C:\Program Files\Internet Mobile\SkinMagicU.dll
<unsigned> MD5: 058a67377d3860a57b6f5dc6a80cf469 C:\Program Files\Internet Mobile\SMSPlugin.dll
<unsigned> MD5: 9fa5ab82ebf1e350181fadca7e2e58cc C:\Program Files\Internet Mobile\SMSUIPlugin.dll
<unsigned> MD5: ac4e238d155af37f44b4bf2de4d9e4d3 C:\Program Files\Internet Mobile\StatusBarMgrPlugin.dll
<unsigned> MD5: df9a0c7e448679d773086dd35ce6f53d C:\Program Files\Internet Mobile\ToolBarMgrPlugin.dll
<unsigned> MD5: 40692a42d0177b9dd85525823d4a2ee7 C:\Program Files\Internet Mobile\TracePlugin.dll
<unsigned> MD5: 051c6deb795eac9c866c50fa4dfed82a C:\Program Files\Internet Mobile\XCodec.dll
<unsigned> MD5: b5323c2aef1f82b156902d8ad7814b6c C:\Program Files\Internet Mobile\XFramePlugin.dll
<unsigned> MD5: 9a4e6eb27517d1e3005c493ca093f31e C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: ec9e5b1a8a5088fef71a17220430fc4a C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 1bcb8b8ab1605fc0b98b634f42b91ded C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: fdeb2760230b97f53762cd1182b2446d C:\Program Files\Norton SystemWorks\DelFax\wfxseh32.dll
<unsigned> MD5: 9c80e5ced74f12217fa3f70dc2a8a482 c:\program files\norton systemworks\norton antivirus\navshext.dll
<unsigned> MD5: abab2278f70b9915e1dedca24fcb214f C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
<unsigned> MD5: 9ab0d8066bcdd93b6d8bc4883d885b13 C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
<unsigned> MD5: b51801fc5065ed01c279c229c0cf6df7 C:\Program Files\Norton SystemWorks\Norton Utilities\NUMISC.DLL
<unsigned> MD5: 32a4e503130a48317344846db1c56d92 C:\Program Files\Norton SystemWorks\Norton Utilities\S32KRNLL.DLL
<unsigned> MD5: bbc97a9e9fee989c8af758e7d931e46e C:\Program Files\Norton SystemWorks\Norton Utilities\S32UTILL.DLL
<unsigned> MD5: 5c379a9159bfe4c58d25d26a83e24f82 C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
<unsigned> MD5: 30e906b014e3bf00eb51888724385b2a C:\Program Files\Norton SystemWorks\Speed Disk\SDOptions.DLL
<unsigned> MD5: c4fdf704fd23d1ee1ab0265b564c2db6 C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
<unsigned> MD5: a769203607d8af4efa01148ae86697d5 C:\Program Files\Symantec\SYMEVENT.SYS
<unsigned> MD5: 7d241a6a250ded42f6259196d4db48b8 C:\program files\uninstall information\icehf.exe
<unsigned> MD5: 06c269046519bb67b3a1c043cc371214 C:\PROGRA~1\NORTON~1\NORTON~1\Apwcmdnt.dll
<unsigned> MD5: 51d435f8e12e70a6b81654c4ffe864d4 C:\PROGRA~1\NORTON~1\NORTON~1\Apwutil.dll
<unsigned> MD5: 8c1f45b3afcb8a35c9a3ec25c0be8e1f C:\PROGRA~1\NORTON~1\NORTON~1\DefAlert.dll
<unsigned> MD5: a5207b6e0f1085824818a638ac11dc23 C:\PROGRA~1\NORTON~1\NORTON~1\NAVProxy.dll
<unsigned> MD5: d9fbf52a1ee9e7923fcaf04c406b7cb4 C:\PROGRA~1\NORTON~1\NORTON~4\NPComSvr.DLL
<unsigned> MD5: 5c379a9159bfe4c58d25d26a83e24f82 C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
<unsigned> MD5: 3b44509ca85755f98f6b34ee244ac2a1 C:\PROGRA~1\NORTON~1\SPEEDD~1\SDException.dll
<unsigned> MD5: e10643d9531d965361fef12c206159e7 C:\WINDOWS\AppPatch\acgenral.dll
<unsigned> MD5: 7d241a6a250ded42f6259196d4db48b8 C:\windows\inf\svchost.exe
<unsigned> MD5: 43f9772d2239a4e9b862d975edf099a4 C:\WINDOWS\system32\authz.dll
<unsigned> MD5: e0c7fb2ef63987d6f7fee2c9407ec6d5 C:\WINDOWS\system32\browseui.dll
<unsigned> MD5: 7fae6cdb54a802846a4fbd9cda170d1c C:\WINDOWS\system32\catsrv.dll
<unsigned> MD5: a599720cded24cf67d08f85f4ddc32a3 C:\WINDOWS\system32\catsrvut.dll
<unsigned> MD5: 5fd55989b37c42aec77eb7c8d3f6d9dd C:\WINDOWS\system32\clbcatq.dll
<unsigned> MD5: 5850f5f59275c26f8d13479f26cf669b C:\WINDOWS\system32\colbact.dll
<unsigned> MD5: 364a924611410ecde8d3181171f978f6 C:\WINDOWS\system32\comsvcs.dll
<unsigned> MD5: 1ee7b434ba961ef845de136224c30fec C:\WINDOWS\system32\drivers\aec.sys
<unsigned> MD5: 04e84c8049ee93614a2ff6d676d1e247 C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
<unsigned> MD5: 7304acc25455746912de37d7ded387ed C:\WINDOWS\System32\Drivers\btcusb.sys
<unsigned> MD5: a9164c2a39bd917b9f42ae087560ac3d C:\WINDOWS\System32\Drivers\BTHidMgr.sys
<unsigned> MD5: d1813668a0117ae05bc0b81c874f91d4 C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
<unsigned> MD5: bfb7b73c942e816c4fb4a5a7bae87136 C:\WINDOWS\system32\drivers\HTTP.sys
<unsigned> MD5: e2168cbc7098ffe963c6f23f472a3593 C:\WINDOWS\system32\drivers\IPNAT.sys
<unsigned> MD5: 1b9329a08b56963db7f36b1a364d63ac C:\WINDOWS\system32\drivers\MRXSMB.sys
<unsigned> MD5: f66b6b1cddee6ca87cefc016eb7a0d8e C:\WINDOWS\system32\drivers\MUP.sys
<unsigned> MD5: 7ff0e3941c23bc84baa1bb1111720a84 C:\WINDOWS\system32\drivers\NAVAP.sys
<unsigned> MD5: 8d3ce6b579cde8d37acc690b67dc2106 C:\WINDOWS\system32\drivers\NDISUIO.sys
<unsigned> MD5: a0738dec9cb6128e05bf9ab00c635b19 C:\WINDOWS\system32\drivers\NPDRIVER.sys
<unsigned> MD5: 2bccbf85310cbf0e1f83089c9c6dd3e7 C:\WINDOWS\system32\drivers\qdfsdrv.sys
<unsigned> MD5: 809ca45caa9072b3176ad44579d7f688 C:\WINDOWS\system32\drivers\RDBSS.sys
<unsigned> MD5: b54cd38a9ebfbf2b3561426e3fe26f62 C:\WINDOWS\system32\drivers\RDPWD.sys
<unsigned> MD5: 553007ecce7f6565bbe645beb66d3b69 C:\WINDOWS\system32\drivers\SRV.sys
<unsigned> MD5: a769203607d8af4efa01148ae86697d5 C:\WINDOWS\system32\drivers\SYMEVENT.sys
<unsigned> MD5: 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\TCPIP.sys
<unsigned> MD5: a4815a4884898f355a3513e60843a4fd C:\WINDOWS\system32\DRIVERS\update.sys
<unsigned> MD5: 161969d2dd1d39cd2f1edbc60c61fa99 C:\WINDOWS\system32\DRIVERS\vbtenum.sys
<unsigned> MD5: 9ebee4a060c5364a31aeaa04eac2af1e C:\WINDOWS\system32\DRIVERS\VComm.sys
<unsigned> MD5: 630bbdbf5490f8f57abe650da63661a0 C:\WINDOWS\System32\Drivers\VcommMgr.sys
<unsigned> MD5: d9cdb9380e0efc9e97cc589b5f484b94 C:\WINDOWS\system32\es.dll
<unsigned> MD5: e9f13445b4e5721353cdf019ad3492ba C:\WINDOWS\system32\esent.dll
<unsigned> MD5: b0867fcb514613509c84536a2381b089 C:\WINDOWS\system32\gdi32.dll
<unsigned> MD5: 26ae2ca34fa4342749ec1157cb1fe954 C:\WINDOWS\system32\HPZidr12.dll
<unsigned> MD5: 51c6d8bfbd4ea5b62a1ba7f4469250d3 C:\WINDOWS\system32\HPZinw12.dll
<unsigned> MD5: 79834aa2fbf9fe81eebb229024f6f7fc C:\WINDOWS\system32\HPZipm12.dll
<unsigned> MD5: af880166dac5880219f748ed83902cb2 C:\WINDOWS\system32\HPZipr12.dll
<unsigned> MD5: a985b11790111383d15c818e1958e513 C:\WINDOWS\system32\kerberos.dll
<unsigned> MD5: 8d9a075c065dfe1228688d10155d6624 C:\WINDOWS\system32\linkinfo.dll
<unsigned> MD5: 28ffa4dbf2e0f2f53c32770a22869208 C:\WINDOWS\system32\lsasrv.dll
<unsigned> MD5: cf0376023360aadd55c89ba50564afdc C:\WINDOWS\system32\mdimon.dll
<unsigned> MD5: f1315d95c42329b242cb965ddd1f3573 C:\WINDOWS\system32\mlang.dll
<unsigned> MD5: d29bd538c32ca011750e408c07a15365 C:\WINDOWS\system32\mscms.dll
<unsigned> MD5: a211b231848695f6a7ae80eea3b9f588 C:\WINDOWS\system32\msctf.dll
<unsigned> MD5: 1cbc000ecd2de2e6fd2b19bc9aabcc52 C:\WINDOWS\system32\msi.dll
<unsigned> MD5: f5f0146580e7023adb963879840777f8 C:\WINDOWS\system32\msiexec.exe
<unsigned> MD5: 6d6dcbbb0d0df2746bf562faa91e11dc C:\WINDOWS\system32\mtxclu.dll
<unsigned> MD5: 990704f7865fe9d1c11e63efd2d483c1 C:\WINDOWS\system32\netapi32.dll
<unsigned> MD5: 0d55724d88488bbfc53bc2ea219240f3 C:\WINDOWS\system32\netman.dll
<unsigned> MD5: 3cc2ede9711e42aa7e84d00de72057c8 C:\WINDOWS\system32\netshell.dll
<unsigned> MD5: b820c53b3a3ba1086cc24e5bb13c7e5d C:\WINDOWS\system32\nwwks.dll
<unsigned> MD5: 1c43c758c54c768250107f4c5d7ca054 C:\WINDOWS\system32\ole32.dll
<unsigned> MD5: 2747e54704ccfd04511f89d28a8bec71 C:\WINDOWS\system32\rpcrt4.dll
<unsigned> MD5: cb7d37602638369a516757e994cbb31d C:\WINDOWS\system32\rpcss.dll
<unsigned> MD5: 4fd30fdba0a3159ce2fe7d42e8fe8681 C:\WINDOWS\system32\shdocvw.dll
<unsigned> MD5: 05a78f2bb9ed3257e6b7865664d6f87c C:\WINDOWS\system32\shell32.dll
<unsigned> MD5: 0939012116a70a2a49eac6e7aa8b43ec C:\WINDOWS\system32\shlwapi.dll
<unsigned> MD5: 58e13a2292839321d3cdc918d5a4f5ae C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
<unsigned> MD5: 165b381af8e2df821feaff65402d1888 C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL
<unsigned> MD5: da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
<unsigned> MD5: aa3959a0e05e7390bfa2fd5bf0e0d2fd C:\WINDOWS\system32\srvsvc.dll
<unsigned> MD5: 7135420511580b2a73a622001295d49a C:\WINDOWS\system32\t2embed.dll
<unsigned> MD5: 720da0c9db8996ad9b7f5164b2242daa C:\WINDOWS\system32\tapisrv.dll
<unsigned> MD5: 2ad610ad31f421cdb6b3569775f70518 C:\WINDOWS\system32\umpnpmgr.dll
<unsigned> MD5: ecc10d737a8adbaa6d7d8d28ca06b55f C:\WINDOWS\system32\urlmon.dll
<unsigned> MD5: 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll
<unsigned> MD5: 2c258acab6bdafe4a22001ffc526add0 C:\WINDOWS\system32\uxtheme.dll
<unsigned> MD5: c845380c64f8db0538eb4af4689ec2f7 C:\WINDOWS\system32\VB6FR.DLL
<unsigned> MD5: c5e456bf824ca444da6ef6f6d009e46f C:\WINDOWS\system32\wbem\wbemcore.dll
<unsigned> MD5: 2feebb2265c593f00f61ce03f61ca864 C:\WINDOWS\system32\wdigest.dll
<unsigned> MD5: f0d5d252e806ad366bfbdec81324e8f7 C:\WINDOWS\System32\webclnt.dll
<unsigned> MD5: 21a4127d09ba4e8286501e0c0ef417c0 C:\WINDOWS\system32\WFXMNT40.DLL
<unsigned> MD5: 3d1a9ab50843714281f42ac788ea91b6 C:\WINDOWS\system32\WFXMNTHQ.DLL
<unsigned> MD5: f97456e4db2025cf817702197a907916 C:\WINDOWS\system32\WFXSVC.EXE
<unsigned> MD5: 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\system32\wininet.dll
<unsigned> MD5: 4054272b4d1a18fada12ce53f5d6b0eb C:\WINDOWS\system32\winsrv.dll
<unsigned> MD5: bc99ff4901e528244234fc036027df08 C:\WINDOWS\system32\wzcsapi.dll
<unsigned> MD5: cee68bb1bd84316c2b29f7bf9ec6e414 C:\WINDOWS\system32\wzcsvc.dll
<unsigned> MD5: 1eca973b8e2780dce08e93410812f080 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
<unsigned> MD5: 31c5c77b1839972fe955506bc040e2c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
<unsigned> MD5: ec1a392f663a8c7ba5aea123ffe4f3cc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
<unsigned> MD5: 445539c734a8901389123173b82f6f96 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll
<unsigned> MD5: f7fcbbf54f183eb30a06c6768078f0da F:\autorun.exe
The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
Upload started - 1 file(s)
QDCSFS.exe (32768)
Upload speed - 1 KB/s
Upload finished - 1 uploaded, 0 failed
The uploaded file(s) were found clean.
Scan finished - communication took 55 sec
Total traffic - 0.09 MB sent, 2.79 KB recvd
Scanned 976 files and modules - 682 seconds
QuickScan Beta 32-bit v0.9.9.17
-------------------------------
Scan date: Sun Apr 11 15:18:00 2010
Machine ID: 1C59F4D4
Found 2 infected files!
-----------------------
C:\windows\inf\svchost.exe --> Trojan.Downloader.Banload.NOU
--> Process svchost.exe (320)
C:\program files\uninstall information\icehf.exe --> Trojan.Downloader.Banload.NOU
--> Process icehf.exe (200)
Processes
---------
<unsigned> hpwuSchd Application 2036 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> GPCore COM object 2488 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
<unsigned> hp digital imaging - hp all-in-one seri 2448 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
<unsigned> hp digital imaging - hp all-in-one seri 2412 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
<unsigned> icehf.exe 200 C:\program files\uninstall information\icehf.exe
<unsigned> Internet Mobile.exe 2988 C:\Program Files\Internet Mobile\Internet Mobile.exe
<unsigned> Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\spoolsv.exe
<unsigned> Norton Speed Disk 1696 C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
<unsigned> Norton Utilities 1568 C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
<unsigned> svchost.exe 320 C:\windows\inf\svchost.exe
<verified> Firefox 2308 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> hp digital imaging - hp all-in-one seri 344 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<verified> Microsoft Search Enhancement Pack 1628 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
<verified> Microsoft® Visual Studio .NET 1128 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 2164 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 416 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 232 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 504 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 1588 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1440 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 732 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 768 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 852 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1736 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2088 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2692 C:\WINDOWS\system32\wuauclt.exe
<verified> Norton AntiVirus 1164 C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
<verified> Norton AntiVirus 188 C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapw32.exe
<verified> Système d'exploitation Microsoft® Windo 1496 C:\WINDOWS\Explorer.EXE
<verified> Système d'exploitation Microsoft® Windo 492 C:\WINDOWS\system32\services.exe
<verified> Système d'exploitation Microsoft® Windo 360 C:\WINDOWS\System32\smss.exe
<verified> Système d'exploitation Microsoft® Windo 440 C:\WINDOWS\system32\winlogon.exe
Network activity
----------------
Process svchost.exe (768) connected on port 80 (HTTP) --> cds148.lax9.msecn.net
Process firefox.exe (2308) connected on port 80 (HTTP) --> 199.7.52.190
Process firefox.exe (2308) connected on port 80 (HTTP) --> 72.14.204.113
Process firefox.exe (2308) connected on port 80 (HTTP) --> 77.67.20.163
Process firefox.exe (2308) connected on port 80 (HTTP) --> 199.7.71.190
Process firefox.exe (2308) connected on port 80 (HTTP) --> 77.67.20.154
Process firefox.exe (2308) connected on port 80 (HTTP) --> 199.7.52.190
Process svchost.exe (732) listens on ports: 135 (RPC)
Autoruns and critical files
---------------------------
<unsigned> hpwuSchd Application C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> HpqSRmon Application C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
<unsigned> Huawei Technologies Co., Ltd. AutoRun F:\autorun.exe
<unsigned> icehf.exe C:\program files\uninstall information\icehf.exe
<unsigned> LiveUpdate C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
<unsigned> Norton CleanSweep Fast & Safe Cleanup C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
<unsigned> svchost.exe C:\windows\inf\svchost.exe
<unsigned> Symantec WinFax PRO C:\Program Files\Norton SystemWorks\DelFax\wfxseh32.dll
<unsigned> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\browseui.dll
<unsigned> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\shell32.dll
<verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Norton AntiVirus C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapw32.exe
<verified> Norton AntiVirus C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVW32.exe
<verified> Norton Integrator C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
<verified> OneClick.exe C:\Program Files\Advanced PC Tweaker\OneClick.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\crypt32.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\cscdll.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\logonui.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\sclgntfy.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\stobject.dll
<verified> Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\webcheck.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\wlnotify.dll
Browser plugins
---------------
<unsigned> Norton AntiVirus c:\program files\norton systemworks\norton antivirus\navshext.dll
<unsigned> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\shdocvw.dll
<verified> BitDefender QuickScan C:\Documents and Settings\ahmed\Application Data\Mozilla\Firefox\Profiles\nryuvpms.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\ahmed\Application Data\Mozilla\Firefox\Profiles\nryuvpms.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
<verified> HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
<verified> Internet Download Manager Module c:\program files\internet download manager\idmiecc.dll
<verified> Microsoft Search Helper Extention c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\fichiers communs\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\mswsock.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\nwprovau.dll
<verified> Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
<verified> Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Missing files
-------------
File not found: C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"PC-Checkup"
File not found: C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"SpeedItUpEX"
File not found: C:\WINDOWS\System32\hidserv.dll
referenced in: HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"
Scan
----
<unsigned> MD5: 2277eefba1935075cc77505c9e7eeb84 C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\MDMUI.DLL
<unsigned> MD5: ebd98cf6e4d04d300e57f9ec15d3bead C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
<unsigned> MD5: 4967aa8bd06d51af10e629287c7a264d C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
<unsigned> MD5: ffad5f0a4ed6c79bdab71a3084faa621 C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
<unsigned> MD5: 3268d73b9eadaebf8beeaad8bd610369 C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
<unsigned> MD5: 017bd724c977cef95a01203aeca571d3 C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
<unsigned> MD5: 7e04b1ade140f483a6581461568d8d9c C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
<unsigned> MD5: f54fff428bc887f08eb83674fbb321da C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
<unsigned> MD5: 187924625a55edc7b196b82777c5074a C:\Program Files\HP\Digital Imaging\bin\HpqCPTA.dll
<unsigned> MD5: f50f7984fdd151edd8a70a8dbd9e2a44 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
<unsigned> MD5: c83c0791fc7fa3cbe9be2825b8a47eaf C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
<unsigned> MD5: df446ba625cc441617843e87798ce048 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
<unsigned> MD5: 8f48362b61a6637d1b064278e549ef40 C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
<unsigned> MD5: 2cc556f7106f0568787a0e28da3a4df7 C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll
<unsigned> MD5: 8fc85c14b6316745670816f98693a100 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
<unsigned> MD5: 4122925c28e461811c033276e25589e9 C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
<unsigned> MD5: 822fdafb41056462f2dda8a7bcc2b9eb C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
<unsigned> MD5: bec374f5bc1ab92639429cae4155ae79 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
<unsigned> MD5: e88c8f90588e9f738a04fbf386fd987d C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll
<unsigned> MD5: 941a08cbdeedf16b6c986b6ba7c9a5d0 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
<unsigned> MD5: a5699775554de8897924a0f6eb5729c9 C:\Program Files\HP\Digital Imaging\bin\HpqSRTA.dll
<unsigned> MD5: 332889d2c21a5b728fbbd45d6c89661a C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll
<unsigned> MD5: b70278d1459a677639d51892160fd365 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
<unsigned> MD5: efb8937a7bf6dcedd0a10a79d2e756e2 C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
<unsigned> MD5: 258977efc45fd728e929a8eb95554050 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
<unsigned> MD5: 6c75ba0ccb791f1bed3d6ea42e5c68c4 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
<unsigned> MD5: dab8c1971354b1a55d271066674ed734 C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
<unsigned> MD5: ac974eef7f6599964bcc4033d8d60d82 C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll
<unsigned> MD5: 4f142122eddf0f6110449cba6edb9273 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
<unsigned> MD5: 715ab41a22e0de693cb101639070d3be C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
<unsigned> MD5: 2ab5f9e7d0780364f8bfea5cf3180240 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
<unsigned> MD5: 6104f2921f31e1422c72b97f05bd9c5f C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
<unsigned> MD5: eec6910d6da48e66390964735bc97b05 C:\Program Files\HP\Digital Imaging\bin\hpqxml2.dll
<unsigned> MD5: 062f3db9afa9c3ce0da52f28595c0c6d C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> MD5: 0119b8aa3c019dcc55b1cbbd45fb897f C:\Program Files\Internet Mobile\AddrBookPlugin.dll
<unsigned> MD5: 3b735d605936ee8ebc6852799fa2a74a C:\Program Files\Internet Mobile\AddrBookUIPlugin.dll
<unsigned> MD5: e60ec2017b94c54f0647909da468cade C:\Program Files\Internet Mobile\atcomm.dll
<unsigned> MD5: 1b1bb70c81429854f2f3a9c32f8a521a C:\Program Files\Internet Mobile\ConfigFilePlugin.dll
<unsigned> MD5: e42388ac993bed0e575809ca0b8d242f C:\Program Files\Internet Mobile\Container.dll
<unsigned> MD5: 3dab3e24f1a1d765b6f814b9437ae31b C:\Program Files\Internet Mobile\DetectDev.dll
<unsigned> MD5: 6a310e8731e33293798849dfc6e90113 C:\Program Files\Internet Mobile\DeviceMgrPlugin.dll
<unsigned> MD5: 2408d8965b58ea3f160b70858ff95f8d C:\Program Files\Internet Mobile\DeviceMgrUIPlugin.dll
<unsigned> MD5: e29021415246700059e4cfc3db98ca8a C:\Program Files\Internet Mobile\DeviceOperate.dll
<unsigned> MD5: 9f48cdd80a78f16ad706400e5d16cee0 C:\Program Files\Internet Mobile\DialUpPlugin.dll
<unsigned> MD5: 5292458f205111e0f02731aa98d5f33f C:\Program Files\Internet Mobile\DialupUIPlugin.dll
<unsigned> MD5: 8636338523933065e547d2c648ae339d C:\Program Files\Internet Mobile\FileManager.dll
<unsigned> MD5: 218eebbed8b771baeaccb9d775f6d6f2 C:\Program Files\Internet Mobile\Internet Mobile.exe
<unsigned> MD5: 28a5dc01992d01a2006fd72b869e2691 C:\Program Files\Internet Mobile\isaputrace.dll
<unsigned> MD5: 704cb2114f8c25a379678df431e38442 C:\Program Files\Internet Mobile\LayoutPlugin.dll
<unsigned> MD5: 79982b2ccf3780e5a80028640adf56d7 C:\Program Files\Internet Mobile\LocaleMgrPlugin.dll
<unsigned> MD5: 016707b9f3f6fb436511ea6b0218f83d C:\Program Files\Internet Mobile\MenuMgrPlugin.dll
<unsigned> MD5: 7b93c623333f121dc9e689ccb1b7a733 C:\Program Files\Internet Mobile\MFC71u.dll
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\Program Files\Internet Mobile\msvcp71.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Internet Mobile\msvcr71.dll
<unsigned> MD5: 3ec020db5fc08799f25cd2764f94a291 C:\Program Files\Internet Mobile\NetConnectPlugin.dll
<unsigned> MD5: 88faefc82a18c08053dc2d2fafe41b82 C:\Program Files\Internet Mobile\NetInfoPlugin.dll
<unsigned> MD5: f711a61ba9830cb839fc74664b2ec1b6 C:\Program Files\Internet Mobile\NetInfoUIExPlugin.dll
<unsigned> MD5: 634d20d8ade756fd6b686efd2e8ce594 C:\Program Files\Internet Mobile\NotifyServicePlugin.dll
<unsigned> MD5: 15f92b305c9c67a237665285b8c55089 C:\Program Files\Internet Mobile\SkinMagicExU.dll
<unsigned> MD5: cb8369611c798b8265ab016b8ec2fce0 C:\Program Files\Internet Mobile\SkinMagicU.dll
<unsigned> MD5: 058a67377d3860a57b6f5dc6a80cf469 C:\Program Files\Internet Mobile\SMSPlugin.dll
<unsigned> MD5: 9fa5ab82ebf1e350181fadca7e2e58cc C:\Program Files\Internet Mobile\SMSUIPlugin.dll
<unsigned> MD5: ac4e238d155af37f44b4bf2de4d9e4d3 C:\Program Files\Internet Mobile\StatusBarMgrPlugin.dll
<unsigned> MD5: df9a0c7e448679d773086dd35ce6f53d C:\Program Files\Internet Mobile\ToolBarMgrPlugin.dll
<unsigned> MD5: 40692a42d0177b9dd85525823d4a2ee7 C:\Program Files\Internet Mobile\TracePlugin.dll
<unsigned> MD5: 051c6deb795eac9c866c50fa4dfed82a C:\Program Files\Internet Mobile\XCodec.dll
<unsigned> MD5: b5323c2aef1f82b156902d8ad7814b6c C:\Program Files\Internet Mobile\XFramePlugin.dll
<unsigned> MD5: 9a4e6eb27517d1e3005c493ca093f31e C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: ec9e5b1a8a5088fef71a17220430fc4a C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 1bcb8b8ab1605fc0b98b634f42b91ded C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: fdeb2760230b97f53762cd1182b2446d C:\Program Files\Norton SystemWorks\DelFax\wfxseh32.dll
<unsigned> MD5: 9c80e5ced74f12217fa3f70dc2a8a482 c:\program files\norton systemworks\norton antivirus\navshext.dll
<unsigned> MD5: abab2278f70b9915e1dedca24fcb214f C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
<unsigned> MD5: 9ab0d8066bcdd93b6d8bc4883d885b13 C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
<unsigned> MD5: b51801fc5065ed01c279c229c0cf6df7 C:\Program Files\Norton SystemWorks\Norton Utilities\NUMISC.DLL
<unsigned> MD5: 32a4e503130a48317344846db1c56d92 C:\Program Files\Norton SystemWorks\Norton Utilities\S32KRNLL.DLL
<unsigned> MD5: bbc97a9e9fee989c8af758e7d931e46e C:\Program Files\Norton SystemWorks\Norton Utilities\S32UTILL.DLL
<unsigned> MD5: 5c379a9159bfe4c58d25d26a83e24f82 C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
<unsigned> MD5: 30e906b014e3bf00eb51888724385b2a C:\Program Files\Norton SystemWorks\Speed Disk\SDOptions.DLL
<unsigned> MD5: c4fdf704fd23d1ee1ab0265b564c2db6 C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
<unsigned> MD5: a769203607d8af4efa01148ae86697d5 C:\Program Files\Symantec\SYMEVENT.SYS
<unsigned> MD5: 7d241a6a250ded42f6259196d4db48b8 C:\program files\uninstall information\icehf.exe
<unsigned> MD5: 06c269046519bb67b3a1c043cc371214 C:\PROGRA~1\NORTON~1\NORTON~1\Apwcmdnt.dll
<unsigned> MD5: 51d435f8e12e70a6b81654c4ffe864d4 C:\PROGRA~1\NORTON~1\NORTON~1\Apwutil.dll
<unsigned> MD5: 8c1f45b3afcb8a35c9a3ec25c0be8e1f C:\PROGRA~1\NORTON~1\NORTON~1\DefAlert.dll
<unsigned> MD5: a5207b6e0f1085824818a638ac11dc23 C:\PROGRA~1\NORTON~1\NORTON~1\NAVProxy.dll
<unsigned> MD5: d9fbf52a1ee9e7923fcaf04c406b7cb4 C:\PROGRA~1\NORTON~1\NORTON~4\NPComSvr.DLL
<unsigned> MD5: 5c379a9159bfe4c58d25d26a83e24f82 C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
<unsigned> MD5: 3b44509ca85755f98f6b34ee244ac2a1 C:\PROGRA~1\NORTON~1\SPEEDD~1\SDException.dll
<unsigned> MD5: e10643d9531d965361fef12c206159e7 C:\WINDOWS\AppPatch\acgenral.dll
<unsigned> MD5: 7d241a6a250ded42f6259196d4db48b8 C:\windows\inf\svchost.exe
<unsigned> MD5: 43f9772d2239a4e9b862d975edf099a4 C:\WINDOWS\system32\authz.dll
<unsigned> MD5: e0c7fb2ef63987d6f7fee2c9407ec6d5 C:\WINDOWS\system32\browseui.dll
<unsigned> MD5: 7fae6cdb54a802846a4fbd9cda170d1c C:\WINDOWS\system32\catsrv.dll
<unsigned> MD5: a599720cded24cf67d08f85f4ddc32a3 C:\WINDOWS\system32\catsrvut.dll
<unsigned> MD5: 5fd55989b37c42aec77eb7c8d3f6d9dd C:\WINDOWS\system32\clbcatq.dll
<unsigned> MD5: 5850f5f59275c26f8d13479f26cf669b C:\WINDOWS\system32\colbact.dll
<unsigned> MD5: 364a924611410ecde8d3181171f978f6 C:\WINDOWS\system32\comsvcs.dll
<unsigned> MD5: 1ee7b434ba961ef845de136224c30fec C:\WINDOWS\system32\drivers\aec.sys
<unsigned> MD5: 04e84c8049ee93614a2ff6d676d1e247 C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
<unsigned> MD5: 7304acc25455746912de37d7ded387ed C:\WINDOWS\System32\Drivers\btcusb.sys
<unsigned> MD5: a9164c2a39bd917b9f42ae087560ac3d C:\WINDOWS\System32\Drivers\BTHidMgr.sys
<unsigned> MD5: d1813668a0117ae05bc0b81c874f91d4 C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
<unsigned> MD5: bfb7b73c942e816c4fb4a5a7bae87136 C:\WINDOWS\system32\drivers\HTTP.sys
<unsigned> MD5: e2168cbc7098ffe963c6f23f472a3593 C:\WINDOWS\system32\drivers\IPNAT.sys
<unsigned> MD5: 1b9329a08b56963db7f36b1a364d63ac C:\WINDOWS\system32\drivers\MRXSMB.sys
<unsigned> MD5: f66b6b1cddee6ca87cefc016eb7a0d8e C:\WINDOWS\system32\drivers\MUP.sys
<unsigned> MD5: 7ff0e3941c23bc84baa1bb1111720a84 C:\WINDOWS\system32\drivers\NAVAP.sys
<unsigned> MD5: 8d3ce6b579cde8d37acc690b67dc2106 C:\WINDOWS\system32\drivers\NDISUIO.sys
<unsigned> MD5: a0738dec9cb6128e05bf9ab00c635b19 C:\WINDOWS\system32\drivers\NPDRIVER.sys
<unsigned> MD5: 2bccbf85310cbf0e1f83089c9c6dd3e7 C:\WINDOWS\system32\drivers\qdfsdrv.sys
<unsigned> MD5: 809ca45caa9072b3176ad44579d7f688 C:\WINDOWS\system32\drivers\RDBSS.sys
<unsigned> MD5: b54cd38a9ebfbf2b3561426e3fe26f62 C:\WINDOWS\system32\drivers\RDPWD.sys
<unsigned> MD5: 553007ecce7f6565bbe645beb66d3b69 C:\WINDOWS\system32\drivers\SRV.sys
<unsigned> MD5: a769203607d8af4efa01148ae86697d5 C:\WINDOWS\system32\drivers\SYMEVENT.sys
<unsigned> MD5: 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\TCPIP.sys
<unsigned> MD5: a4815a4884898f355a3513e60843a4fd C:\WINDOWS\system32\DRIVERS\update.sys
<unsigned> MD5: 161969d2dd1d39cd2f1edbc60c61fa99 C:\WINDOWS\system32\DRIVERS\vbtenum.sys
<unsigned> MD5: 9ebee4a060c5364a31aeaa04eac2af1e C:\WINDOWS\system32\DRIVERS\VComm.sys
<unsigned> MD5: 630bbdbf5490f8f57abe650da63661a0 C:\WINDOWS\System32\Drivers\VcommMgr.sys
<unsigned> MD5: d9cdb9380e0efc9e97cc589b5f484b94 C:\WINDOWS\system32\es.dll
<unsigned> MD5: e9f13445b4e5721353cdf019ad3492ba C:\WINDOWS\system32\esent.dll
<unsigned> MD5: b0867fcb514613509c84536a2381b089 C:\WINDOWS\system32\gdi32.dll
<unsigned> MD5: 26ae2ca34fa4342749ec1157cb1fe954 C:\WINDOWS\system32\HPZidr12.dll
<unsigned> MD5: 51c6d8bfbd4ea5b62a1ba7f4469250d3 C:\WINDOWS\system32\HPZinw12.dll
<unsigned> MD5: 79834aa2fbf9fe81eebb229024f6f7fc C:\WINDOWS\system32\HPZipm12.dll
<unsigned> MD5: af880166dac5880219f748ed83902cb2 C:\WINDOWS\system32\HPZipr12.dll
<unsigned> MD5: a985b11790111383d15c818e1958e513 C:\WINDOWS\system32\kerberos.dll
<unsigned> MD5: 8d9a075c065dfe1228688d10155d6624 C:\WINDOWS\system32\linkinfo.dll
<unsigned> MD5: 28ffa4dbf2e0f2f53c32770a22869208 C:\WINDOWS\system32\lsasrv.dll
<unsigned> MD5: cf0376023360aadd55c89ba50564afdc C:\WINDOWS\system32\mdimon.dll
<unsigned> MD5: f1315d95c42329b242cb965ddd1f3573 C:\WINDOWS\system32\mlang.dll
<unsigned> MD5: d29bd538c32ca011750e408c07a15365 C:\WINDOWS\system32\mscms.dll
<unsigned> MD5: a211b231848695f6a7ae80eea3b9f588 C:\WINDOWS\system32\msctf.dll
<unsigned> MD5: 1cbc000ecd2de2e6fd2b19bc9aabcc52 C:\WINDOWS\system32\msi.dll
<unsigned> MD5: f5f0146580e7023adb963879840777f8 C:\WINDOWS\system32\msiexec.exe
<unsigned> MD5: 6d6dcbbb0d0df2746bf562faa91e11dc C:\WINDOWS\system32\mtxclu.dll
<unsigned> MD5: 990704f7865fe9d1c11e63efd2d483c1 C:\WINDOWS\system32\netapi32.dll
<unsigned> MD5: 0d55724d88488bbfc53bc2ea219240f3 C:\WINDOWS\system32\netman.dll
<unsigned> MD5: 3cc2ede9711e42aa7e84d00de72057c8 C:\WINDOWS\system32\netshell.dll
<unsigned> MD5: b820c53b3a3ba1086cc24e5bb13c7e5d C:\WINDOWS\system32\nwwks.dll
<unsigned> MD5: 1c43c758c54c768250107f4c5d7ca054 C:\WINDOWS\system32\ole32.dll
<unsigned> MD5: 2747e54704ccfd04511f89d28a8bec71 C:\WINDOWS\system32\rpcrt4.dll
<unsigned> MD5: cb7d37602638369a516757e994cbb31d C:\WINDOWS\system32\rpcss.dll
<unsigned> MD5: 4fd30fdba0a3159ce2fe7d42e8fe8681 C:\WINDOWS\system32\shdocvw.dll
<unsigned> MD5: 05a78f2bb9ed3257e6b7865664d6f87c C:\WINDOWS\system32\shell32.dll
<unsigned> MD5: 0939012116a70a2a49eac6e7aa8b43ec C:\WINDOWS\system32\shlwapi.dll
<unsigned> MD5: 58e13a2292839321d3cdc918d5a4f5ae C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
<unsigned> MD5: 165b381af8e2df821feaff65402d1888 C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL
<unsigned> MD5: da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
<unsigned> MD5: aa3959a0e05e7390bfa2fd5bf0e0d2fd C:\WINDOWS\system32\srvsvc.dll
<unsigned> MD5: 7135420511580b2a73a622001295d49a C:\WINDOWS\system32\t2embed.dll
<unsigned> MD5: 720da0c9db8996ad9b7f5164b2242daa C:\WINDOWS\system32\tapisrv.dll
<unsigned> MD5: 2ad610ad31f421cdb6b3569775f70518 C:\WINDOWS\system32\umpnpmgr.dll
<unsigned> MD5: ecc10d737a8adbaa6d7d8d28ca06b55f C:\WINDOWS\system32\urlmon.dll
<unsigned> MD5: 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll
<unsigned> MD5: 2c258acab6bdafe4a22001ffc526add0 C:\WINDOWS\system32\uxtheme.dll
<unsigned> MD5: c845380c64f8db0538eb4af4689ec2f7 C:\WINDOWS\system32\VB6FR.DLL
<unsigned> MD5: c5e456bf824ca444da6ef6f6d009e46f C:\WINDOWS\system32\wbem\wbemcore.dll
<unsigned> MD5: 2feebb2265c593f00f61ce03f61ca864 C:\WINDOWS\system32\wdigest.dll
<unsigned> MD5: f0d5d252e806ad366bfbdec81324e8f7 C:\WINDOWS\System32\webclnt.dll
<unsigned> MD5: 21a4127d09ba4e8286501e0c0ef417c0 C:\WINDOWS\system32\WFXMNT40.DLL
<unsigned> MD5: 3d1a9ab50843714281f42ac788ea91b6 C:\WINDOWS\system32\WFXMNTHQ.DLL
<unsigned> MD5: f97456e4db2025cf817702197a907916 C:\WINDOWS\system32\WFXSVC.EXE
<unsigned> MD5: 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\system32\wininet.dll
<unsigned> MD5: 4054272b4d1a18fada12ce53f5d6b0eb C:\WINDOWS\system32\winsrv.dll
<unsigned> MD5: bc99ff4901e528244234fc036027df08 C:\WINDOWS\system32\wzcsapi.dll
<unsigned> MD5: cee68bb1bd84316c2b29f7bf9ec6e414 C:\WINDOWS\system32\wzcsvc.dll
<unsigned> MD5: 1eca973b8e2780dce08e93410812f080 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
<unsigned> MD5: 31c5c77b1839972fe955506bc040e2c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
<unsigned> MD5: ec1a392f663a8c7ba5aea123ffe4f3cc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
<unsigned> MD5: 445539c734a8901389123173b82f6f96 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll
<unsigned> MD5: f7fcbbf54f183eb30a06c6768078f0da F:\autorun.exe
The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
Upload started - 1 file(s)
QDCSFS.exe (32768)
Upload speed - 1 KB/s
Upload finished - 1 uploaded, 0 failed
The uploaded file(s) were found clean.
Scan finished - communication took 55 sec
Total traffic - 0.09 MB sent, 2.79 KB recvd
Scanned 976 files and modules - 682 seconds
1 réponse
salut
télécharge
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher
Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
A la fin du scan clique sur Afficher les résultats
Vérifier si tout est coché et clic Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"
Et tu poste le rapport générer
télécharge
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher
Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
A la fin du scan clique sur Afficher les résultats
Vérifier si tout est coché et clic Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"
Et tu poste le rapport générer
