Tr/fakeAV.DH.15104 trojan

troy -  
NicoVA Messages postés 1126 Statut Contributeur sécurité -
Bonjour j'ai Avira qui me siganle avoir trouvé tr/fakeAV.DH.15104 trojan pouvez vous m'aider svp je ne peux rien faire du tout les fenetres pop a la suite j'en ai 2 maintenant ... Merci

A voir également:

72 réponses

Précédent
Réponse 21 / 72
TRoy64100 Messages postés 27 Statut Membre
 
Avira AntiVir Personal
Report file date: samedi 8 mai 2010 13:57

Scanning for 2081209 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KLIENT-E124487A

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 09/03/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 23/12/2009 16:42:03
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:11
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:18:13
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 14:48:27
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:21:19
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 20:27:09
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 06:28:48
VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 06:28:48
VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 06:28:48
VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 06:28:49
VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 06:28:49
VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 06:28:49
VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 06:28:49
VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 06:28:49
VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 06:28:49
VBASE014.VDF : 7.10.6.123 126464 Bytes 19/04/2010 06:20:54
VBASE015.VDF : 7.10.6.152 123392 Bytes 21/04/2010 06:21:10
VBASE016.VDF : 7.10.6.178 122880 Bytes 22/04/2010 13:01:43
VBASE017.VDF : 7.10.6.206 120320 Bytes 26/04/2010 15:53:31
VBASE018.VDF : 7.10.6.232 99328 Bytes 28/04/2010 15:53:34
VBASE019.VDF : 7.10.7.2 155648 Bytes 30/04/2010 15:53:38
VBASE020.VDF : 7.10.7.26 119808 Bytes 04/05/2010 15:53:48
VBASE021.VDF : 7.10.7.51 118272 Bytes 06/05/2010 15:53:39
VBASE022.VDF : 7.10.7.52 2048 Bytes 06/05/2010 15:53:40
VBASE023.VDF : 7.10.7.53 2048 Bytes 06/05/2010 15:53:40
VBASE024.VDF : 7.10.7.54 2048 Bytes 06/05/2010 15:53:40
VBASE025.VDF : 7.10.7.55 2048 Bytes 06/05/2010 15:53:40
VBASE026.VDF : 7.10.7.56 2048 Bytes 06/05/2010 15:53:40
VBASE027.VDF : 7.10.7.57 2048 Bytes 06/05/2010 15:53:40
VBASE028.VDF : 7.10.7.58 2048 Bytes 06/05/2010 15:53:40
VBASE029.VDF : 7.10.7.59 2048 Bytes 06/05/2010 15:53:40
VBASE030.VDF : 7.10.7.60 2048 Bytes 06/05/2010 15:53:40
VBASE031.VDF : 7.10.7.66 70656 Bytes 07/05/2010 15:53:52
Engineversion : 8.2.1.236
AEVDF.DLL : 8.1.2.0 106868 Bytes 24/04/2010 13:01:46
AESCRIPT.DLL : 8.1.3.28 1298810 Bytes 05/05/2010 15:53:45
AESCN.DLL : 8.1.5.0 127347 Bytes 25/02/2010 20:00:19
AESBX.DLL : 8.1.3.1 254324 Bytes 24/04/2010 13:01:46
AERDL.DLL : 8.1.4.6 541043 Bytes 16/04/2010 06:29:06
AEPACK.DLL : 8.2.1.1 426358 Bytes 19/03/2010 20:00:54
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 20:55:39
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05/05/2010 15:53:44
AEHELP.DLL : 8.1.11.3 242039 Bytes 02/04/2010 06:20:28
AEGEN.DLL : 8.1.3.7 373106 Bytes 16/04/2010 06:28:54
AEEMU.DLL : 8.1.2.0 393588 Bytes 24/04/2010 13:01:44
AECORE.DLL : 8.1.15.1 192886 Bytes 05/05/2010 15:53:39
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 13:01:44
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 23/12/2009 16:42:03
AVREP.DLL : 8.0.0.7 159784 Bytes 17/02/2010 20:00:19
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 23/12/2009 16:42:03

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:, G:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,

Start of the scan: samedi 8 mai 2010 13:57

Starting search for hidden objects.
'65083' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
c:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources7.6.61660.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
c:\Program Files\Nero\Nero 9\Nero SoundTrax\LibrarySoundTrax86000.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\Program Files\Nero\Nero 9\Nero SoundTrax\LibrarySoundTrax86000.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
c:\Program Files\Fichiers communs\Microsoft Shared\Triedit\EditingDHTML6.01.9246.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
c:\Program Files\Nero\Nero 9\Nero Burning ROM\Nero.BDThumbnail\ThumbnailThumbnail.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan

The registry was scanned ( '61' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\EditingDHTML6.01.9246.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\Program Files\Nero\Nero 9\Nero Burning ROM\Nero.BDThumbnail\ThumbnailThumbnail.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\Program Files\Nero\Nero 9\Nero SoundTrax\LibrarySoundTrax86000.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources7.6.61660.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP779\A0132231.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP780\A0133336.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'
Begin scan in 'G:\' <STOREX>

Beginning disinfection:
c:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources7.6.61660.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] TR/FakeAV.DH.15104:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<QuickTimeResourcesQuickTimeResources>=sz:QuickTimeResourcesQuickTimeResources7.6.61660.exe
[NOTE] TR/FakeAV.DH.15104:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<QuickTimeQuickTimeResources>=sz:QuickTimeResourcesQuickTimeResources7.6.61660.exe
[NOTE] The file was moved to '4c4e5a46.qua'!
c:\Program Files\Nero\Nero 9\Nero SoundTrax\LibrarySoundTrax86000.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] TR/FakeAV.DH.15104:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<ScoutSoundTrax>=sz:LibrarySoundTrax86000.exe
[NOTE] TR/FakeAV.DH.15104:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<NMDllHostBCGControlBar>=sz:LibrarySoundTrax86000.exe
[NOTE] The file was moved to '4c475a3a.qua'!
C:\Program Files\Nero\Nero 9\Nero SoundTrax\LibrarySoundTrax86000.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
c:\Program Files\Fichiers communs\Microsoft Shared\Triedit\EditingDHTML6.01.9246.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] The file was moved to '4c4e5a44.qua'!
c:\Program Files\Nero\Nero 9\Nero Burning ROM\Nero.BDThumbnail\ThumbnailThumbnail.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] The file was moved to '4c5a5a48.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\EditingDHTML6.01.9246.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\Program Files\Nero\Nero 9\Nero Burning ROM\Nero.BDThumbnail\ThumbnailThumbnail.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\Program Files\Nero\Nero 9\Nero SoundTrax\LibrarySoundTrax86000.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources7.6.61660.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP779\A0132231.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] The file was moved to '4c165a8e.qua'!
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP780\A0133336.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] The file was moved to '4dc8020f.qua'!


End of the scan: samedi 8 mai 2010 14:34
Used time: 31:58 Minute(s)

The scan has been done completely.

10779 Scanned directories
335742 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
335729 Files not concerned
3035 Archives were scanned
7 Warnings
12 Notes
65083 Objects were scanned with rootkit scan
0 Hidden objects were found
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
Salut

The file is scheduled for deleting after reboot

As tu redémarrer ton ordi ? Je me demande si ce ne serais pas un FP. Je vais me renseigner.

++
0
Réponse 22 / 72
TRoy64100 Messages postés 27 Statut Membre
 
Re ! oui j'ai reboot juste apres le scan...

Un FP tu dis? c'est quoi?
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
un Faux Positif. Car il appartiennent à Nero et QuickTime.
Ce ne sont pas des logiciels crackés ?

++
0
Réponse 23 / 72
TRoy64100 Messages postés 27 Statut Membre
 
Non Nero j'ai dl un jour la version d'essai et essayé de le desinstaller plein de fois sans succés et Quicktime je l'ai eu en telechargeant I-tunes ... ... Sinon Voici le dernier rapport Avira si ca peut aider




Avira AntiVir Personal
Report file date: samedi 8 mai 2010 21:50

Scanning for 2081209 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KLIENT-E124487A

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 09/03/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 23/12/2009 16:42:03
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:11
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:18:13
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 14:48:27
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:21:19
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 20:27:09
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 06:28:48
VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 06:28:48
VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 06:28:48
VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 06:28:49
VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 06:28:49
VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 06:28:49
VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 06:28:49
VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 06:28:49
VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 06:28:49
VBASE014.VDF : 7.10.6.123 126464 Bytes 19/04/2010 06:20:54
VBASE015.VDF : 7.10.6.152 123392 Bytes 21/04/2010 06:21:10
VBASE016.VDF : 7.10.6.178 122880 Bytes 22/04/2010 13:01:43
VBASE017.VDF : 7.10.6.206 120320 Bytes 26/04/2010 15:53:31
VBASE018.VDF : 7.10.6.232 99328 Bytes 28/04/2010 15:53:34
VBASE019.VDF : 7.10.7.2 155648 Bytes 30/04/2010 15:53:38
VBASE020.VDF : 7.10.7.26 119808 Bytes 04/05/2010 15:53:48
VBASE021.VDF : 7.10.7.51 118272 Bytes 06/05/2010 15:53:39
VBASE022.VDF : 7.10.7.52 2048 Bytes 06/05/2010 15:53:40
VBASE023.VDF : 7.10.7.53 2048 Bytes 06/05/2010 15:53:40
VBASE024.VDF : 7.10.7.54 2048 Bytes 06/05/2010 15:53:40
VBASE025.VDF : 7.10.7.55 2048 Bytes 06/05/2010 15:53:40
VBASE026.VDF : 7.10.7.56 2048 Bytes 06/05/2010 15:53:40
VBASE027.VDF : 7.10.7.57 2048 Bytes 06/05/2010 15:53:40
VBASE028.VDF : 7.10.7.58 2048 Bytes 06/05/2010 15:53:40
VBASE029.VDF : 7.10.7.59 2048 Bytes 06/05/2010 15:53:40
VBASE030.VDF : 7.10.7.60 2048 Bytes 06/05/2010 15:53:40
VBASE031.VDF : 7.10.7.66 70656 Bytes 07/05/2010 15:53:52
Engineversion : 8.2.1.236
AEVDF.DLL : 8.1.2.0 106868 Bytes 24/04/2010 13:01:46
AESCRIPT.DLL : 8.1.3.28 1298810 Bytes 05/05/2010 15:53:45
AESCN.DLL : 8.1.5.0 127347 Bytes 25/02/2010 20:00:19
AESBX.DLL : 8.1.3.1 254324 Bytes 24/04/2010 13:01:46
AERDL.DLL : 8.1.4.6 541043 Bytes 16/04/2010 06:29:06
AEPACK.DLL : 8.2.1.1 426358 Bytes 19/03/2010 20:00:54
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 20:55:39
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05/05/2010 15:53:44
AEHELP.DLL : 8.1.11.3 242039 Bytes 02/04/2010 06:20:28
AEGEN.DLL : 8.1.3.7 373106 Bytes 16/04/2010 06:28:54
AEEMU.DLL : 8.1.2.0 393588 Bytes 24/04/2010 13:01:44
AECORE.DLL : 8.1.15.1 192886 Bytes 05/05/2010 15:53:39
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 13:01:44
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 23/12/2009 16:42:03
AVREP.DLL : 8.0.0.7 159784 Bytes 17/02/2010 20:00:19
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 23/12/2009 16:42:03

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,

Start of the scan: samedi 8 mai 2010 21:50

Starting search for hidden objects.
'65225' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP781\A0133357.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP781\A0133358.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP781\A0133359.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP781\A0133360.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'

Beginning disinfection:
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP781\A0133357.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] The file was moved to '4c16c7f4.qua'!
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP781\A0133358.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] The file was moved to '4851fd2d.qua'!
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP781\A0133359.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] The file was moved to '4857cbdd.qua'!
C:\System Volume Information\_restore{DB006B39-8110-49B6-A12E-31261A17778B}\RP781\A0133360.exe
[DETECTION] Is the TR/FakeAV.DH.15104 Trojan
[NOTE] The file was moved to '4855dc4d.qua'!


End of the scan: samedi 8 mai 2010 22:21
Used time: 29:55 Minute(s)

The scan has been done completely.

10648 Scanned directories
334604 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
334598 Files not concerned
3033 Archives were scanned
2 Warnings
5 Notes
65225 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 24 / 72
TRoy64100 Messages postés 27 Statut Membre
 
tous les fichiers précédemment détectés comme le Trojan sont maintenant dans la quarantaine de Avira....Pourquoi ne l'a t'il pas fait avant?je ne sais pas me servir de mon antivirus? lol ! le problème de parait résolu?je n'ai plus d'alertes pour le moment ... Merci encore pour tout en tout cas :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 72
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
Tous les virus qu'il a detéctés sont dans la resto système, il faut donc la purger. Pour cela :

♠ Sous XP

→ Désactiver la restauration du système

♦ Clic droit sur le Poste de travailPropriétésOnglet Restauration du système ⇒ coche la case Désactiver la Restauration du système sur tous les lecteursAppliquerOk

→ Ré-activer la restauration du système

Suis le même chemin ⇒ décoche la case Désactiver la Restauration du système sur tous les lecteursAppliquer


♠ Sous Vista/Seven

→ Désactiver la restauration du système

♦ Clique droit sur OrdinateurPropriétésParamètres système avancés ⇒ onglet Protection du Système
Décoche tes partitions, un message de confirmation va apparaître clique sur Désactiver la protection du systèmeAppliquerOK.

→ Ré-activer la restauration du système

♦ Suis le même chemin , décoche Désactiver la protection du système
Appliquer
OK.

Redémarre le PC

========================================

Peux tu me refaire un ZHPdiag ?
0
Réponse 26 / 72
TRoy64100 Messages postés 27 Statut Membre
 
pas moyen de poster le rapport sur le site ni de le transmettre ici ...
0
Réponse 27 / 72
TRoy64100 Messages postés 27 Statut Membre
 
Toujours pas moyen ... Connexion réinitialisée... j'ai aussi un souci depuis ces fameuses alertes le lien sur msn pour aller directement sur ma boite mail semble corrompu...ca ouvre toujours mon navigateur mais dans la barre d'adresse il est écrit : about:blank... ... trop bizarre
0
Réponse 28 / 72
TRoy64100 Messages postés 27 Statut Membre
 
un autre problème mon pc rame maintenant un truc de fou et il me semble qu'il y ait des processus en cours que je ne connais pas comme "hpqste08.exe""hpqgpc01.exe""hpqbam08.exe" et quand je surf avec firefox des onglets s'ouvrent tout seuls vers des sites de jeu en ligne ...
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
Ok,

Peux tu essayer de poster le rapport ici si tu peux sinon poste le en plusieurs fois sur le forum. Si tu n'y arrive toujours pas alors dis le moi on avisera.

++
0
Réponse 29 / 72
TRoy64100
 
connexion réinitialisée encore ... ... Et pas moyen de le poster ici en plusieurs fois ... Ca me dit "syntax error" ou veuillez activer javascript
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
Ahhhhh ba alors essaye ceci :

Dans firefox -< Outils -> Options -> Contenu -> Activer JavaScript.

Dis moi si y'a du mieux .

++
0
Réponse 30 / 72
TRoy64100
 
La case était déja cochée mais la ca me dit (syntax error)
0
Réponse 31 / 72
TRoy64100
 
tiens encore veuillez activer java script pourtant il est activé :'(
0
Réponse 32 / 72
TRoy64100
 
tu peux juste me dire si les processus que j'ai repérés comme inconnus sont des menaces ou j m'inquiète pour rien?et tous les petits soucis que je rencontre maintenant sont liés a cette histoire de Trojan??
Encore merci pour ton aide c'est vraiment super je sais pas ce que j'aurais fait sinon ;-)
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
Salut

Pour les processus ils font partis de HP.
Pour tes problèmes internet essaye de désinstaller puis ré-installer Firefox.

++
0
Réponse 33 / 72
TRoy64100
 
Rapport de ZHPDiag v1.25.1421 par Nicolas Coolman, Update du 06/05/2010
Run by Propriétaire at 09/05/2010 00:10:03
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.6.3)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (70% free)
System drive C: has 8 GB (19%) free of 40 GB

---\\ Logged in mode
Computer Name: KLIENT-E124487A
User Name: Propriétaire
Unselected Option: O1,O45,O61,O65
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 40 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 144 Go of 193 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 146 Go of 298 Go)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
0
Réponse 34 / 72
TRoy64100
 
---\\ Processus lancés
[MD5.440688592F2315F5881418A55A902BD9] - (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll [8466432]
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040]
[MD5.5C2DEF31326B9F873ED0B5F0272589E2] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [202256]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840]
[MD5.ED7A6D40B20DC34BE06F4AE196AE7D50] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [421888]
[MD5.59C0BDCFE273334D3133C7F2B57A2A13] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [142120]
[MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856]
[MD5.18B4B12358EFCF68D76812058A26181F] - (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [3883856]
[MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360]
[MD5.1AF1360E070BD8EA402F793EF6FBAAEB] - (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128]
[MD5.435F79D364B796A4EA0B5CAF24CA78BD] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200]
[MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289]
[MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089]
[MD5.ACB095E7E1663F1B83A41C22C5D75F90] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [144672]
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336]
[MD5.A065F048E9E23E6C026A7BB548D126A7] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376]
[MD5.C3FB1D70CB88722267949694BA51759E] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104]
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [133104]
[MD5.5467F1FF0AF264566740F67E8B810735] - (.Google - gusvc.) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [183280]
[MD5.74E30A41CDCF331C74BC4D97BE40CC5B] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [335872]
[MD5.B90E093E7A7250906F1054418B5339C0] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208]
[MD5.E534FBD8340B7C6C6A80589383430A53] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 162.3.) -- C:\WINDOWS\system32\nvsvc32.exe [155716]
[MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe [13312]
[MD5.271077B91D7AD1B616F8AFDFE8E3F981] - (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [240512]
[MD5.460E4CE148BD07218DA0B6A3D31885A9] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856]


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: Shell=explorer.exe


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww11.fr.udark.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww11.fr.udark.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.17036 (vista_gdr.100308-0235)) -- C:\WINDOWS\system32\ieframe.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
0
Réponse 35 / 72
TRoy64100
 
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} . (.Pas de propriétaire - Easy-WebPrint.) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Pas de propriétaire - Pas de description.) --
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} . (.Pas de propriétaire - Pas de description.) --


---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions . (.Pas de propriétaire - Module de ressources Easy-WebPrint - Français.) -- C:\Program Files\Canon\Easy-WebPrint\Resource.dll
O8 - Extra context menu item: Easy-WebPrint Impression rapide . (.Pas de propriétaire - Module de ressources Easy-WebPrint - Français.) -- C:\Program Files\Canon\Easy-WebPrint\Resource.dll
O8 - Extra context menu item: Easy-WebPrint Imprimer . (.Pas de propriétaire - Module de ressources Easy-WebPrint - Français.) -- C:\Program Files\Canon\Easy-WebPrint\Resource.dll
O8 - Extra context menu item: Easy-WebPrint Prévisualiser . (.Pas de propriétaire - Module de ressources Easy-WebPrint - Français.) -- C:\Program Files\Canon\Easy-WebPrint\Resource.dll


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll
0
Réponse 36 / 72
TRoy64100
 
Bon la suite ne passe pas... syntax error ... c'est naze dsl !
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
Tu peux l'héberger sur ci-joint ? Puis transmettre le lien ?

++
0
Réponse 37 / 72
TRoy64100
 
Comment ca sur ci-joint?
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
tu te rends sur Ci-joint, tu fait parcourir, là tu choisi le rapport de ZHPdiag que tu a du enregistrer sur ton bureau ( si tu ne l'a pas fait refais un scan ) puis tu clique sur Ouvrir.
Enfin tu copie/colle le lien qu'il te fournira ;) Il te reste plus qu'a poster le lien sur le forum.

++
0
Réponse 38 / 72
TRoy64100
 
comme d'habitude dès que je clique sur "déposer le fichier" ca me met


La connexion a été réinitialisée













La connexion avec le serveur a été réinitialisée pendant le chargement de la page.








* Le site est peut-être temporairement indisponible ou surchargé. Réessayez plus
tard ;

* Si vous n'arrivez à naviguer sur aucun site, vérifiez la connexion
au réseau de votre ordinateur ;

* Si votre ordinateur ou votre réseau est protégé par un pare-feu ou un proxy,
assurez-vous que Firefox est autorisé à accéder au Web.
0
Réponse 39 / 72
TRoy64100
 
je peux te l'envoyer sur une adresse mail?
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
Envoie le moi en plusieurs MP.

++
0
Réponse 40 / 72
TRoy64100 Messages postés 27 Statut Membre
 
Bon ca marche pas syntax error .... c'est relou
0
NicoVA Messages postés 1126 Statut Contributeur sécurité 71
 
Tu fais sa par Firefox ou Internet Explorer. Si c'est par Firefox alors tu peux essayer avec internet explorer.
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses