Bonjour, apres avoir formaté hier soir pour cause de trojan et tout reinstaller ce matin je fait une premiere analise avec spywre terminator et voila ce quil ma trouvé direct(je suis degouter): trojan.agent.qwt trojan.downloader.agent.aar invalid startup items(invalid items) donc voila je vous poste quelque rapport si vous pouvez maider je vous enn cerait reconnaissant! Logfile of Spyware Terminator v2.2.2.438 (db:2.009.022.000) Scan Time: 23/09/2008 11:00:41 length: 598 s Platform: VISTA (6.0.0.6000) User: Admin Boot Mode: Normal Scan type: Full_Spyware_Scan Scanned Objects: 151832 (Critical:3) Filter: No System items, No Safe items, No Invalid items Running Processes SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe vsmon.exe [Check Point Software Technologies LTD] : C:\Windows\system32\ZoneLabs\vsmon.exe sched.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe SynTPStart.exe [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPStart.exe QLBCTRL.exe [ Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe HPKBDAPP.exe [ Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe hpwuSchd2.exe [Hewlett-Packard Co.] : C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe avgnt.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe LightScribeControlPanel.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe avguard.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe XAudio.exe [Conexant Systems, Inc.] : C:\Windows\system32\drivers\XAudio.exe hpqWmiEx.exe [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe wmplayer.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmplayer.exe HPHC_Service.exe [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe Internet Settings R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain = R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName = BHO 02 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - [RealPlayer] : C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll StartUps 04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LightScribe Control Panel : [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NvSvc : [NVIDIA Corporation] : C:\Windows\system32\NVSVC.DLL 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SynTPStart : [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPStart.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, QlbCtrl : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, OnScreenDisplay : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UCam_Menu : [CyberLink Corp.] : C:\Program Files\CYBERLINK\YOUCAM\MUITRANSFER\MUISTARTMENU.EXE 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Co.] : C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avgnt : [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe Shell Extensions CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll &Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll - {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\rundll32.exe Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll Tablet PC Input Panel - {15D633E2-AD00-465b-9EC7-F56B7CDF8E27} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll ShellViewRTF - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - [XSS] : C:\Windows\system32\ShellvRTF.dll - {2F603045-309F-11CF-9774-0020AFD0CFF6} - [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPCpl.dll Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll Protocol Handler MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll Microsoft Infotech Storage Protocol for IE 4.0 - {0A9007C0-4076-11D3-8789-0000F8105754} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll Services 23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 23 - [Atheros Communications, Inc.] : C:\Windows\system32\DRIVERS\athr.sys 23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 23 - [Avira GmbH] : C:\Windows\system32\DRIVERS\avipbb.sys 23 - [Conexant Systems Inc.] : C:\Windows\system32\drivers\CHDART.sys 23 - [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 23 - [Hewlett-Packard Development Company, L.P.] : C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 23 - [Hewlett-Packard Development Company, L.P.] : C:\Windows\system32\DRIVERS\HpqRemHid.sys 23 - [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSX_DPV.sys 23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSXHWAZL.sys 23 - [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe 23 - [Conexant] : C:\Windows\system32\DRIVERS\mdmxsdk.sys 23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mssmbios.sys 23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvmfdx32.sys 23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvlddmkm.sys 23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvsmu.sys 23 - [REDC] : C:\Windows\system32\DRIVERS\rimmptsk.sys 23 - [REDC] : C:\Windows\system32\DRIVERS\rimsptsk.sys 23 - [REDC] : C:\Windows\system32\DRIVERS\rixdptsk.sys 23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe 23 - [Crawler.com] : C:\Windows\system32\drivers\sp_rsdrv2.sys 23 - [Avira GmbH] : C:\Windows\system32\DRIVERS\ssmdrv.sys 23 - [Synaptics, Inc.] : C:\Windows\system32\DRIVERS\SynTP.sys 23 - [Check Point Software Technologies LTD] : C:\Windows\system32\DRIVERS\vsdatant.sys 23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSX_CNXT.sys 23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\xaudio.sys 23 - [Conexant Systems, Inc.] : C:\Windows\system32\drivers\XAudio.exe Threat Files <Trojan.Downloader.Agent.aaar> : C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe <Trojan.Agent.qwt> : C:\Program Files\Hp\QuickPlay\Kernel\Partner\libcurl.dll Advanced Files Report %SYSDIR%\SLsvc.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A1DCD30534835CB67733AD00175125A6 SIZE=2605568 %SYSDIR%\ZoneLabs\vsmon.exe [Check Point Software Technologies LTD] [TrueVector Service] MD5=0238690AB96AD9E08C643D7A7AD8B293 SIZE=79400 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sched.exe [Avira GmbH] [AntiVir Workstation] MD5=1C51917C9B30530A781F438F6A4AC49F SIZE=68865 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\schedr.dll [Avira GmbH] [AntiVir Workstation] MD5=EFBABD350FA0E4804CD98CE6FFE98743 SIZE=7937 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avevtlog.dll [Avira GmbH] [AntiVir Workstation] MD5=3A5874F76D8EA78F5AB0B158191C1EE4 SIZE=114945 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sqlite3.dll [SQLite Database] MD5=A467ACDA6C73AE3F8DBC6B94602921B5 SIZE=339968 %SYSDIR%\nvd3dum.dll [NVIDIA Corporation] [NVIDIA Windows Vista WDDM driver] MD5=8785A60FEFC28B795358EF25536ED72A SIZE=4943872 %PROGRAMFILES%\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll [HP] [MediaLamp] MD5=816ACB76EC72ADCB58EC90D275F9FEB6 SIZE=110592 %PROGRAMFILES%\BillP Studios\WinPatrol\PATROLPRO.DLL [BillP Studios] [BillP Studios Window Detection] MD5=87103EC411FE220740A93C99D007764E SIZE=62776 %SYSDIR%\rundll32.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4B555106290BD117334E9A08761C035A SIZE=44544 %SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=8B9F4298264C267EC43C0BF8CADA343C SIZE=368640 %PROGRAMFILES%\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.DLL [Hewlett-Packard Development Company, L.P.] [QLB] MD5=116E4539035CD02324C893F904263BDC SIZE=300336 %PROGRAMFILES%\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.DLL [Hewlett-Packard Company] [HP Quick Launch Buttons] MD5=DE88D1D0609B8AFB0ECC7270E0B0A798 SIZE=222512 %PROGRAMFILES%\Hewlett-Packard\HP QuickTouch\HPShared.dll [Hewlett-Packard Development Company, L.P.] [HP Shared Dynamic Link Library] MD5=B23E277835E7A259C3A5BA0ED2A86D8A SIZE=15696 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\cclib.dll [Avira GmbH] [AntiVir Workstation] MD5=18F68A243BDA79BBA9D01FA39ECE8598 SIZE=160001 %PROGRAMFILES%\avira\antivir personaledition classic\ccgen.dll [Avira GmbH] [AntiVir Workstation] MD5=B9875A5471B3CF425BAAF9B3CE813A9C SIZE=270593 %PROGRAMFILES%\avira\antivir personaledition classic\ccgenrc.dll [Avira GmbH] [AntiVir Workstation] MD5=856DBDB418067A7E87A2302F94AC31F5 SIZE=17665 %PROGRAMFILES%\avira\antivir personaledition classic\ccguard.dll [Avira GmbH] [AntiVir Workstation] MD5=3E1F96DE993B8D6E87ACF9146F9DF0D9 SIZE=217345 %PROGRAMFILES%\avira\antivir personaledition classic\ccgrdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=B09D14A806D30132C427AA3745C46D54 SIZE=20225 %PROGRAMFILES%\avira\antivir personaledition classic\avipc.dll [Avira GmbH] [AntiVir Workstation] MD5=922EE25E719104E6D0E166451118E9F4 SIZE=73985 %PROGRAMFILES%\avira\antivir personaledition classic\ccupdate.dll [Avira GmbH] [AntiVir Workstation] MD5=E19C269071C08D9D30D91CE896480CA6 SIZE=114945 %PROGRAMFILES%\avira\antivir personaledition classic\ccupdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=445F5AF6DFC84EFECB242209F3C12412 SIZE=12545 %PROGRAMFILES%\avira\antivir personaledition classic\cclic.dll [Avira GmbH] [AntiVir Workstation] MD5=708A5119B4C625B1AD300CD351A61F9B SIZE=61697 %PROGRAMFILES%\avira\antivir personaledition classic\cclicrc.dll [Avira GmbH] [AntiVir Workstation] MD5=35443145C1F3987262B8DD2AC6D53B05 SIZE=5889 %PROGRAMFILES%\avira\antivir personaledition classic\ccmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=61DFF7D04472B97F33D66BF0934A4D48 SIZE=155905 %COMMONFILES%\LightScribe\QtCore4.dll [Trolltech ASA] [Qt4] MD5=FA6C29F3668505A0C85C770951C68CF6 SIZE=1581056 %COMMONFILES%\LightScribe\QtGui4.dll [Trolltech ASA] [Qt4] MD5=90703BD8D71099E43993F3AFAF2B5A10 SIZE=6365184 %COMMONFILES%\LightScribe\plugins\imageformats\qjpeg4.dll [Trolltech ASA] [Qt4] MD5=3C1DC306F1F20A8071C363FA4FCBE16B SIZE=131072 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avguard.exe [Avira GmbH] [AntiVir Workstation] MD5=980825559F7C70B565ADD5F5C71CFE8F SIZE=147201 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\guardmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=0F3552C80887EB93BE8FFAF26F8D7006 SIZE=46849 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL [Avira GmbH] [AntiVir Workstation] MD5=0B4552C1E399392E0494D074941C6218 SIZE=25857 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL [Avira GmbH] [AntiVir Workstation] MD5=F2D83E33EC3F82835FA631F8FF2CCE64 SIZE=28929 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVGIO.DLL [Avira GmbH] MD5=24D54A9DF157869A7DE4D61D37D10FC8 SIZE=122113 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aecore.dll [Avira GmbH] [AVCORE] MD5=79CFCBE53CC1643B346BA4BF5E937A7F SIZE=172406 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aevdf.dll [Avira GmbH] [AVVDF] MD5=C9FFFD5005F4FE7131DF6128E98E3A6A SIZE=102772 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescript.dll [Avira GmbH] [AVSCRIPT] MD5=940CD41BFAAF19ACE1AD43EF0E135F4D SIZE=319867 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescn.dll [Avira GmbH] [AVSCN] MD5=F519C10B10D73B2B6B75CFEBC5096236 SIZE=119156 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aerdl.dll [Avira GmbH] [AVRDL] MD5=63E0D3672EAD934C49F37CDC1F2CEF23 SIZE=438644 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aepack.dll [Avira GmbH] [AVPACK] MD5=BC3A6DDC19C4511CA2C37F0938EB8853 SIZE=364917 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\unacev2.dll [ACE Compression Software] [UNACE - freeware ACE extraction component] MD5=DE02C4D04088B69E64ECC30A3D9E22E5 SIZE=77312 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeoffice.dll [Avira GmbH] [AVOFFICE] MD5=CEE6E30E4D1A7569F0E83C739EDF1547 SIZE=196986 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeheur.dll [Avira GmbH] [AVHEUR] MD5=E14B955CE30DE445A680677BA9A7CA85 SIZE=1438071 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aehelp.dll [Avira GmbH] [AVHELP] MD5=83BAC707A4B7682201A1EB9766B54CEB SIZE=115063 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aegen.dll [Avira GmbH] [AVGEN] MD5=63F18A1FD1A6D1069B892EC25280E595 SIZE=315764 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeemu.dll [Avira GmbH] [AVEMU] MD5=87A6C6E3993D3A635F8E7152FC6D1907 SIZE=430452 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aebb.dll [Avira GmbH] [AVBB] MD5=BBAD1D9B0694F5E8FE2ACB85283CC5FE SIZE=53617 %COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=53710476495886D9961BE46983A6A33F SIZE=79136 %COMMONFILES%\LightScribe\LSSProxy.dll [Hewlett-Packard Company] [LightScribe] MD5=F686D5839A3B0079D20D57FB7683880F SIZE=110592 %COMMONFILES%\LightScribe\LSLog.dll [Hewlett-Packard Company] [LightScribe] MD5=C227B31C13D80CBE59742B0C858CC0FA SIZE=33280 %SYSDIR%\drivers\XAudio.exe [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=CDA0BC78672B50C43649FF34E1FD0FF8 SIZE=386560 %PROGRAMFILES%\Hewlett-Packard\Shared\hpqWmiEx.exe [Hewlett-Packard Development Company, L.P.] [hpqwmiex Module] MD5=04C1DCBB226C6AE647B794833CE3CEB6 SIZE=135168 %SYSDIR%\SynCOM.dll [Synaptics, Inc.] [COM SDK] MD5=D9DC6BF7DFC07BD4B76C34412C550F16 SIZE=163840 %SYSDIR%\SynTPAPI.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=A895C257DDCC405C2F89117B65CE1251 SIZE=147456 %PROGRAMFILES%\Windows Media Player\wmplayer.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=81D386F15E10E19F9A0804D900460324 SIZE=168960 %PROGRAMFILES%\Hewlett-Packard\HP Health Check\HPHC_Service.exe [Hewlett-Packard] [HP Health Check Service] MD5=0D26C438E2938A3E6BDD91173BC96FF0 SIZE=65536 %WINDIR%\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll [Hewlett-Packard] [HP Active Support Library] MD5=0775A7424B1828AD1452BAE43F7069A8 SIZE=86016 [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe %SYSDIR%\inetcomm.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=2497E0909F2136C9F6B190FCF1E54BBD SIZE=737792 %SYSDIR%\zipfldr.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=C9F8C752ED450D74A51FC4DA40B0DA16 SIZE=338432 %PROGRAMFILES%\Windows Photo Gallery\PhotoViewer.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=7CB1C510F55B2D5E3DE24823839D320D SIZE=2313216 %PROGRAMFILES%\Windows Media Player\wmpband.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4AEED1FBB53F915CBE30671793776A80 SIZE=99328 %SYSDIR%\emdmgmt.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=3226FDA08988526E819E364E8CCE4CEE SIZE=560640 %SYSDIR%\audiodev.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=BC59360E14159C67FF257FB424F3B723 SIZE=244224 %PROGRAMFILES%\Windows Photo Gallery\PhotoAcq.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=571B269F346E518F0D2BB7B067ECFFCD SIZE=1030656 %COMMONFILES%\microsoft shared\ink\TipBand.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A8F2BB769FA35F9C2867746B671EB662 SIZE=114688 %PROGRAMFILES%\Windows Sidebar\sbdrop.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=1690302570CC80160F68B604E6806802 SIZE=66048 %SYSDIR%\ShellvRTF.dll [XSS] [XSS ShellvRTF] MD5=1AD7E7296F62B998C157A4BDA006EC01 SIZE=274432 %PROGRAMFILES%\Synaptics\SynTP\SynTPCpl.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=E4D7E410A044E58FB20E310B848C45C7 SIZE=942080 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH] [AntiVir Workstation] MD5=655A36AB49696FFE33FB376719B298C1 SIZE=69889 %PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=F8C799BB63C6020BE54E4132E1866BE0 SIZE=63040 %SYSDIR%\svchost.exe -k netsvcs %SYSDIR%\DRIVERS\athr.sys [Atheros Communications, Inc.] [Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter] MD5=0437199C88F6E88A387CFEC8A8886A6E SIZE=735232 %SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted %SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [Avira GmbH] [AntiVir Workstation] MD5=D1A025056656C572AD90CC6C2BFBE9F6 SIZE=49472 %SYSDIR%\DRIVERS\avipbb.sys [Avira GmbH] MD5=1A1068D7C0E1C836164ED924390CB407 SIZE=79424 %SYSDIR%\svchost.exe -k LocalServiceNoNetwork %SYSDIR%\svchost.exe -k NetworkService %SYSDIR%\svchost.exe -k DcomLaunch %SYSDIR%\svchost.exe -k LocalService %SYSDIR%\drivers\CHDART.sys [Conexant Systems Inc.] [Conexant HDAudio Driver] MD5=7BE40BB4CD16D8760E18EA981FF452EC SIZE=176640 %SYSDIR%\DRIVERS\HpqKbFiltr.sys [Hewlett-Packard Development Company, L.P.] [HP Quick Launch Buttons] MD5=35956140E686D53BF676CF0C778880FC SIZE=16768 %SYSDIR%\DRIVERS\HpqRemHid.sys [Hewlett-Packard Development Company, L.P.] [HP Remote Control HID Device] MD5=115C0933B3ED51DFBEC4449348C8065B SIZE=7168 %SYSDIR%\DRIVERS\HSX_DPV.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=1882827F41DEE51C70E24C567C35BFB5 SIZE=984064 %SYSDIR%\DRIVERS\HSXHWAZL.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=A44DDF3BA83E4664BF4DE9220097578C SIZE=208896 %SYSDIR%\DRIVERS\mdmxsdk.sys [Conexant] [Diagnostic Interface x86 Driver] MD5=0CEA2D0D3FA284B85ED5B68365114F76 SIZE=12672 %SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=1F6F7159C75E4B27D138B5225808860F SIZE=28776 %SYSDIR%\DRIVERS\nvmfdx32.sys [NVIDIA Corporation] [nvmfdx32] MD5=A1108084B0D2FC43DCC401735770E2A3 SIZE=1059112 %SYSDIR%\DRIVERS\nvlddmkm.sys [NVIDIA Corporation] [NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65] MD5=442EAC1B12ACF1BAD6F1224167E034C8 SIZE=7626400 %SYSDIR%\DRIVERS\nvsmu.sys [NVIDIA Corporation] [NVIDIA nForce(TM) PCA Driver] MD5=9AEBC32F9D6E02EBEE0369AB296FE7C8 SIZE=12032 %SYSDIR%\svchost.exe -k NetworkServiceNetworkRestricted %SYSDIR%\DRIVERS\rimmptsk.sys [REDC] [RICOH SD/MMC Driver] MD5=355AAC141B214BEF1DBC1483AFD9BD50 SIZE=39936 %SYSDIR%\DRIVERS\rimsptsk.sys [REDC] [Ricoh Memorystick Controller] MD5=A4216C71DD4F60B26418CCFD99CD0815 SIZE=42496 %SYSDIR%\DRIVERS\rixdptsk.sys [REDC] [R5C852 Ricoh xD Controller] MD5=D231B577024AA324AF13A42F3A807D10 SIZE=37376 %SYSDIR%\svchost.exe -k rpcss %SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=CCD6E6C387E3EFA3BA5FE0E7883821C1 SIZE=141312 %SYSDIR%\DRIVERS\ssmdrv.sys [Avira GmbH] MD5=3D2829FDE1C52FC64DA5413889CE4DEE SIZE=28352 %SYSDIR%\svchost.exe -k imgsvc %SYSDIR%\DRIVERS\SynTP.sys [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=3D6316279C3540AA268BF025F4621EF3 SIZE=191408 %SYSDIR%\DRIVERS\vsdatant.sys [Check Point Software Technologies LTD] [ZoneAlarm Firewalling Driver] MD5=C8F5455F43977580D489CE31178F4166 SIZE=279440 %SYSDIR%\ZoneLabs\vsmon.exe -service %SYSDIR%\svchost.exe -k WerSvcGroup %SYSDIR%\DRIVERS\HSX_CNXT.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=E096FFB754F1E45AE1BDDAC1275AE2C5 SIZE=660480 %SYSDIR%\svchost.exe -k secsvcs %SYSDIR%\SearchIndexer.exe \Embedding %SYSDIR%\DRIVERS\xaudio.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=19E7C173B6242AD7521E537AE54768BF SIZE=8704 %COMMONFILES%\Microsoft Shared\Information Retrieval\msitss.dll [Microsoft Corporation] [Microsoft(R) Infotech Information Storage System Library] MD5=BBFF7F0AC61F8A29241BC00B3785CCB0 SIZE=230760 %SYSDIR%\msdxm.ocx [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=506CF5D6E38FD7DEC7B6D7D3030E7BC9 SIZE=4096 %SYSDIR%\powrprof.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=3CDEC51291F735C5C276B957239017A3 SIZE=96768 %SYSDIR%\WPDSP.DLL [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=C72D3E9282DFE01E1D363DDB5DC1A66C SIZE=349184 %PROGRAMFILES%\Java\jre1.6.0_07\bin\JdbcOdbc.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=F708430AE09C4102933E24CD6D12780D SIZE=36352 %PROGRAMFILES%\Java\jre1.6.0_07\bin\dcpr.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=D6E7FFCD38ECDFE4BD8DCE29D8D1A654 SIZE=143360 %PROGRAMFILES%\Java\jre1.6.0_07\bin\ioser12.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=5CF15BC4493299F6645DB27B51278D2A SIZE=12800 %PROGRAMFILES%\Java\jre1.6.0_07\bin\policytool.exe [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=1C0C6888952D9EC22A7B5C6FAD0E8160 SIZE=25600 %SYSDIR%\msvcp71.dll [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=561FA2ABB31DFA8FAB762145F81667C2 SIZE=499712 %PROGRAMFILES%\Microsoft Works\ltkrn13n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=9F55BFD2C68DDD94F261B4E7A177042B SIZE=468568 End of Report

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:10:23, on 23/09/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /Q /c If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f O4 - HKCU\..\RunOnce: [x64setup2] cmd.exe /Q /c If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" regsvr32.exe /S "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax" O4 - HKCU\..\RunOnce: [x64setup3] cmd.exe /Q /c If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG DELETE "HKCR\Media Type\Extensions\.dts" /f O4 - HKCU\..\RunOnce: [x64setup4] cmd.exe /Q /c If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG DELETE "HKCR\Media Type\Extensions\.ac3" /f O4 - HKCU\..\RunOnce: [x64setup1] cmd.exe /Q /c If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-3839667330-3641315233-2077531565-1001\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'christophe') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O13 - Gopher Prefix: O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Grosse infection!help!

Réponse 21 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Si SDfix ne marche pas :

il faut que tu decompresse sdfix.exe et que tu mette le dossier sdfix dans c:

ensuite tu fait demarrer executer et tu met ceci
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

la une fenetre dos va s ouvrir si c est le cas et qu il te demande confirmation repond par y et la touche entrer
referme ensuite la fenetre et essai de relancer runthisbat

Réponse 22 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

on va essayer autrement :

▶ Télécharger et enregistrer lopSD sur le Bureau

(C est le numéro 4 en bas de la page)

▶ Double-clic Lop S&D

▶ Faire l'installation

▶ Fermer toutes les applications

▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

▶ Taper F pour français , puis presser entrée

▶ Taper 1

▶ Presser Entrée

▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR

oslo

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : terminator ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total : 137 Go Free : 100 Go
D:\ (Local Disk) - NTFS - Total : 83 Go Free : 83 Go
E:\ (Local Disk) - NTFS - Total : 11 Go Free : 2 Go
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 23/09/2008|14:05 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Application Data
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\AtStart.txt
[22/09/2008|22:19] C:\Users\TERMIN~1\AppData\Local\Downloaded Installations
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\DSwitch.txt
[22/09/2008|22:36] C:\Users\TERMIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[22/09/2008|22:26] C:\Users\TERMIN~1\AppData\Local\Hewlett-Packard
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Historique
[22/09/2008|22:33] C:\Users\TERMIN~1\AppData\Local\Microsoft
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\QSwitch.txt
[22/09/2008|21:41] C:\Users\TERMIN~1\AppData\Local\QuickPlay
[22/09/2008|22:39] C:\Users\TERMIN~1\AppData\Local\Seven Zip
[23/09/2008|13:36] C:\Users\TERMIN~1\AppData\Local\Temp
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Temporary Internet Files
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[23/09/2008 13:47][--ah-----] C:\Windows\tasks\SA.DAT
[23/09/2008 11:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[22/09/2008|22:58] C:\ProgramData\Adobe
[22/09/2008|22:08] C:\ProgramData\Application Data
[12/02/2008|17:48] C:\ProgramData\Atheros
[22/09/2008|22:38] C:\ProgramData\Avira
[22/09/2008|22:08] C:\ProgramData\Bureau
[22/09/2008|23:58] C:\ProgramData\CheckPoint
[12/02/2008|17:54] C:\ProgramData\CyberLink
[22/09/2008|22:08] C:\ProgramData\Documents
[22/09/2008|22:08] C:\ProgramData\Favoris
[22/09/2008|22:26] C:\ProgramData\Hewlett-Packard
[22/09/2008|23:22] C:\ProgramData\Malwarebytes
[22/09/2008|22:08] C:\ProgramData\Menu D‚marrer
[22/09/2008|22:32] C:\ProgramData\Microsoft
[22/09/2008|22:32] C:\ProgramData\Microsoft Help
[22/09/2008|22:08] C:\ProgramData\ModŠles
[24/10/2007|18:43] C:\ProgramData\muvee Technologies
[22/09/2008|22:25] C:\ProgramData\NVIDIA
[23/09/2008|11:14] C:\ProgramData\Spyware Terminator
[22/09/2008|22:32] C:\ProgramData\Symantec
[24/10/2007|18:20] C:\ProgramData\Viewpoint
[22/09/2008|23:21] C:\ProgramData\VistaCodecs
[22/09/2008|22:50] C:\ProgramData\WildTangent

--------------------\\ Listing des dossiers dans C:\Program Files

[22/09/2008|22:56] C:\Program Files\Adobe
[24/10/2007|18:20] C:\Program Files\AIM6
[12/02/2008|17:48] C:\Program Files\Atheros
[22/09/2008|22:38] C:\Program Files\Avira
[22/09/2008|22:09] C:\Program Files\BillP Studios
[22/09/2008|23:19] C:\Program Files\CCleaner
[23/09/2008|12:04] C:\Program Files\Common Files
[12/02/2008|17:48] C:\Program Files\CONEXANT
[12/02/2008|17:59] C:\Program Files\CyberLink
[22/09/2008|22:08] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[12/02/2008|17:56] C:\Program Files\Hewlett-Packard
[12/02/2008|17:52] C:\Program Files\Hp
[22/09/2008|22:50] C:\Program Files\HP Games
[22/09/2008|22:14] C:\Program Files\HPQ
[22/09/2008|22:42] C:\Program Files\InstallShield Installation Information
[22/09/2008|23:44] C:\Program Files\Internet Explorer
[22/09/2008|22:20] C:\Program Files\Java
[22/09/2008|23:23] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[22/09/2008|22:32] C:\Program Files\Microsoft Office
[22/09/2008|22:32] C:\Program Files\Microsoft Works
[25/10/2007|02:57] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[22/09/2008|23:16] C:\Program Files\MSXML 4.0
[24/10/2007|18:43] C:\Program Files\muvee Technologies
[12/02/2008|17:46] C:\Program Files\NetWaiting
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[12/02/2008|18:03] C:\Program Files\Services en ligne
[23/09/2008|11:23] C:\Program Files\Spyware Terminator
[12/02/2008|17:45] C:\Program Files\Synaptics
[23/09/2008|00:10] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/10/2007|18:20] C:\Program Files\Viewpoint
[22/09/2008|23:21] C:\Program Files\VistaCodecPack
[22/09/2008|23:20] C:\Program Files\VS Revo Group
[24/10/2007|18:14] C:\Program Files\Windows Calendar
[25/10/2007|02:57] C:\Program Files\Windows Collaboration
[24/10/2007|18:14] C:\Program Files\Windows Defender
[25/10/2007|02:57] C:\Program Files\Windows Journal
[22/09/2008|23:43] C:\Program Files\Windows Mail
[22/09/2008|23:44] C:\Program Files\Windows Media Player
[22/09/2008|22:08] C:\Program Files\Windows NT
[25/10/2007|02:57] C:\Program Files\Windows Photo Gallery
[22/09/2008|23:43] C:\Program Files\Windows Sidebar
[12/02/2008|17:48] C:\Program Files\WinTV
[22/09/2008|23:58] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[22/09/2008|22:57] C:\Program Files\Common Files\Adobe
[24/10/2007|18:19] C:\Program Files\Common Files\AOL
[24/10/2007|19:09] C:\Program Files\Common Files\InstallShield
[24/10/2007|19:21] C:\Program Files\Common Files\Java
[22/09/2008|22:14] C:\Program Files\Common Files\LightScribe
[22/09/2008|22:32] C:\Program Files\Common Files\microsoft shared
[24/10/2007|18:43] C:\Program Files\Common Files\muvee Technologies
[23/09/2008|12:04] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[22/09/2008|22:34] C:\Program Files\Common Files\Symantec Shared
[24/10/2007|18:14] C:\Program Files\Common Files\System

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 14:05:20
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:44][D:10]-> C:\Users\TERMIN~1\AppData\Local\Temp
[F:24][D:1]-> C:\Users\TERMIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:168][D:4]-> C:\Users\TERMIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|14:06 - Option : [1]

--------------------\\ Fin du rapport a 14:06:02
[ UAC => 1 ]

voila en esperen que ce soit bon et merci de ta patience

Réponse 23 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

ok maintenant :

▶ Relance Lop S&D

▶ Choisis cette fois-ci l'option 2 (Suppression)

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

ensuite :

▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.

▶ Télécharge Combofix de sUBs

(c est le numéro 5 en bas de la page)

▶ et enregistre le sur le Bureau.

▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

ensuite envois le rapport et refais un nouveau rapport hijackthis stp

oslo

bon te bien voila parcontre combofix ne marche pas et pourtant jai bien effectué toute les manip
voila le rapport lopSD:

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : terminator ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total : 137 Go Free : 100 Go
D:\ (Local Disk) - NTFS - Total : 83 Go Free : 83 Go
E:\ (Local Disk) - NTFS - Total : 11 Go Free : 2 Go
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [2] ( 23/09/2008|14:22 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\PROGRA~2\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Application Data
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\AtStart.txt
[22/09/2008|22:19] C:\Users\TERMIN~1\AppData\Local\Downloaded Installations
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\DSwitch.txt
[22/09/2008|22:36] C:\Users\TERMIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[22/09/2008|22:26] C:\Users\TERMIN~1\AppData\Local\Hewlett-Packard
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Historique
[22/09/2008|22:33] C:\Users\TERMIN~1\AppData\Local\Microsoft
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\QSwitch.txt
[22/09/2008|21:41] C:\Users\TERMIN~1\AppData\Local\QuickPlay
[22/09/2008|22:39] C:\Users\TERMIN~1\AppData\Local\Seven Zip
[23/09/2008|14:22] C:\Users\TERMIN~1\AppData\Local\Temp
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Temporary Internet Files
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[23/09/2008 14:07][--ah-----] C:\Windows\tasks\SA.DAT
[23/09/2008 14:06][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[22/09/2008|22:58] C:\ProgramData\Adobe
[22/09/2008|22:08] C:\ProgramData\Application Data
[12/02/2008|17:48] C:\ProgramData\Atheros
[22/09/2008|22:38] C:\ProgramData\Avira
[22/09/2008|22:08] C:\ProgramData\Bureau
[22/09/2008|23:58] C:\ProgramData\CheckPoint
[12/02/2008|17:54] C:\ProgramData\CyberLink
[22/09/2008|22:08] C:\ProgramData\Documents
[22/09/2008|22:08] C:\ProgramData\Favoris
[22/09/2008|22:26] C:\ProgramData\Hewlett-Packard
[22/09/2008|23:22] C:\ProgramData\Malwarebytes
[22/09/2008|22:08] C:\ProgramData\Menu D‚marrer
[22/09/2008|22:32] C:\ProgramData\Microsoft
[22/09/2008|22:32] C:\ProgramData\Microsoft Help
[22/09/2008|22:08] C:\ProgramData\ModŠles
[24/10/2007|18:43] C:\ProgramData\muvee Technologies
[22/09/2008|22:25] C:\ProgramData\NVIDIA
[23/09/2008|11:14] C:\ProgramData\Spyware Terminator
[22/09/2008|22:32] C:\ProgramData\Symantec
[22/09/2008|23:21] C:\ProgramData\VistaCodecs
[22/09/2008|22:50] C:\ProgramData\WildTangent

--------------------\\ Listing des dossiers dans C:\Program Files

[22/09/2008|22:56] C:\Program Files\Adobe
[24/10/2007|18:20] C:\Program Files\AIM6
[12/02/2008|17:48] C:\Program Files\Atheros
[22/09/2008|22:38] C:\Program Files\Avira
[22/09/2008|22:09] C:\Program Files\BillP Studios
[22/09/2008|23:19] C:\Program Files\CCleaner
[23/09/2008|12:04] C:\Program Files\Common Files
[12/02/2008|17:48] C:\Program Files\CONEXANT
[12/02/2008|17:59] C:\Program Files\CyberLink
[22/09/2008|22:08] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[12/02/2008|17:56] C:\Program Files\Hewlett-Packard
[12/02/2008|17:52] C:\Program Files\Hp
[22/09/2008|22:50] C:\Program Files\HP Games
[22/09/2008|22:14] C:\Program Files\HPQ
[22/09/2008|22:42] C:\Program Files\InstallShield Installation Information
[22/09/2008|23:44] C:\Program Files\Internet Explorer
[22/09/2008|22:20] C:\Program Files\Java
[22/09/2008|23:23] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[22/09/2008|22:32] C:\Program Files\Microsoft Office
[22/09/2008|22:32] C:\Program Files\Microsoft Works
[25/10/2007|02:57] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[22/09/2008|23:16] C:\Program Files\MSXML 4.0
[24/10/2007|18:43] C:\Program Files\muvee Technologies
[12/02/2008|17:46] C:\Program Files\NetWaiting
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[12/02/2008|18:03] C:\Program Files\Services en ligne
[23/09/2008|11:23] C:\Program Files\Spyware Terminator
[12/02/2008|17:45] C:\Program Files\Synaptics
[23/09/2008|00:10] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/09/2008|23:21] C:\Program Files\VistaCodecPack
[22/09/2008|23:20] C:\Program Files\VS Revo Group
[24/10/2007|18:14] C:\Program Files\Windows Calendar
[25/10/2007|02:57] C:\Program Files\Windows Collaboration
[24/10/2007|18:14] C:\Program Files\Windows Defender
[25/10/2007|02:57] C:\Program Files\Windows Journal
[22/09/2008|23:43] C:\Program Files\Windows Mail
[22/09/2008|23:44] C:\Program Files\Windows Media Player
[22/09/2008|22:08] C:\Program Files\Windows NT
[25/10/2007|02:57] C:\Program Files\Windows Photo Gallery
[22/09/2008|23:43] C:\Program Files\Windows Sidebar
[12/02/2008|17:48] C:\Program Files\WinTV
[22/09/2008|23:58] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[22/09/2008|22:57] C:\Program Files\Common Files\Adobe
[24/10/2007|18:19] C:\Program Files\Common Files\AOL
[24/10/2007|19:09] C:\Program Files\Common Files\InstallShield
[24/10/2007|19:21] C:\Program Files\Common Files\Java
[22/09/2008|22:14] C:\Program Files\Common Files\LightScribe
[22/09/2008|22:32] C:\Program Files\Common Files\microsoft shared
[24/10/2007|18:43] C:\Program Files\Common Files\muvee Technologies
[23/09/2008|12:04] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[22/09/2008|22:34] C:\Program Files\Common Files\Symantec Shared
[24/10/2007|18:14] C:\Program Files\Common Files\System

--------------------\\ Process

( 59 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 14:22:15
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:44][D:10]-> C:\Users\TERMIN~1\AppData\Local\Temp
[F:24][D:1]-> C:\Users\TERMIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:168][D:4]-> C:\Users\TERMIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|14:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/09/2008|14:22 - Option : [2]

--------------------\\ Fin du rapport a 14:22:57
[ UAC => 1 ]

coment va ton faire je minquiete un peu..

Réponse 24 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

tu as été désactiver le contrôle des comptes utilisateurs ??

oslo

et oui!

Réponse 25 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

▶ Télécharge et enregistre Clean

(c est le numéro 9 en bas de la page)

▶ Ne double-clique pas directement sur le fichier clean.zip !! Pour cela, fais un clic droit puis dans le menu déroulant, choisis décompresser tout ou extraire tout. Ceci doit créer un nouveau dossier nommé clean.

▶ Double-clique sur le nouveau dossier clean

▶ Dans la liste, tu dois avoir clean.cmd (le .cmd peut ne pas être présent chez toi).

▶ Double-clique sur clean.cmd.

▶ Un menu s'ouvre... Choisis l'option 1 en tappant sur la touche 1 de ton clavier.

▶ Appuies sur la touche entrée pour valider.

▶ Une fois l analyse terminée.. un rapport va s'ouvrir sur le bloc-note.

▶ copier/coller le rapport dans la nouvelle réponse.

Réponse 26 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

est ce que tu double-cliques sur clean (ou clean.cmd) ??

oslo

clean.cmd jete dis je fais tout ce que tu me dis et ca ne marche pas je viens de reeasseyer la a linstant

Réponse 27 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

▶ Télécharge a-squared free 3.5

▶ Un tutoriel est à ta disposition pour bien l utiliser.

▶ fais la mise à jour et une analyse complète.

▶ poste le rapport stp

ensuite refais un nouveau rapport hijackthis stp

oslo

doi je desactiver mon anti virus?

oslo

je voudrai voir si mes clef usb sont infecté..mai je ne me rapel plus lequel est ce dans la liste

Réponse 28 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

non tu peux le laisser actif..

Je dois m absenter, je reviendrai plus tard pour vérifier ton rapport ;-)

@+

oslo

ok je te remercie

Réponse 29 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

on fera ca tout à l heure, rappelle le moi ;-)

@+

Réponse 30 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

je suis de retour..

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

puis tu cliques sur fix checked.

télécharge le SP1 de vista : http://www.microsoft.com/downloads/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674&displaylang=fr

ensuite :

vas faire une analyse en ligne avec bitdefender à cette adresse :

http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php

ensuite :

Fais une analyse avec trojan remover

Un tutoriel est à ta disposition sur le site à coté du lien de téléchargement.

oslo

je le telecharge juste ou je linstalle ossi le sp1?

oslo

a oui excuse moi goeffrei5 la derniere ligne que tu ma cité netait pas dans le scan donc je nest pas pus la suprimé et la je mocupe de tout ce que ma dis de faire et jins talle le sp1

Réponse 31 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

tu dois installer le SP1

si je l ai vue dans ton rapport hijackthis c est qu elle est là lol

Tu ne l as peut etre pas vue mais elle y est ;-)

Réponse 32 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Salut !!

essais à cette adresse : http://www.bitdefender.fr/scan_fr/scan8/ie.html

Tu dois la faire avec internet explorer

oslo

ca ne marche toujour pas?!pourquoi?je ne dois pas faire un reglage dans les parametre internet explorer?merci pour ta reponse

Réponse 33 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

tu dois normalement télécfharger l activeX qui s affiche dans une barre jaune en haut de ta page internet

Réponse 34 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

ok...rends toi sur ce site et essai avec panda stp :

http://assiste.com.free.fr/...

oslo

bon toujour pareil ca doit venir de mon pc je me suis enregistrer jai activer mon comptes je telecharge le scan en ligne et la erreur techargement ??cest pas le virus qui fait ca?

Réponse 35 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

fais une analyse avec trojan remover comme je t avais demandé au message 34 stp

oslo

cest fait depuis lomgtems et cela na rien trouvé..

Réponse 36 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

ok...Connais tu les emplacements exacts des virus ??

Réponse 37 / 37

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

je les vois dans spyware terminator :

<Trojan.Downloader.Agent.aaar> : C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe
<Trojan.Agent.qwt> : C:\Program Files\Hp\QuickPlay\Kernel\Partner\libcurl.dll

Vas les désinstaller et supprimes les dossiers qui sont en gras

Grosse infection!help! - Page 2

Discussions similaires

Newsletters