Grosse infection!help!
oslo
-
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
apres avoir formaté hier soir pour cause de trojan et tout reinstaller ce matin je fait une premiere analise avec spywre terminator et voila ce quil ma trouvé direct(je suis degouter):
trojan.agent.qwt
trojan.downloader.agent.aar
invalid startup items(invalid items)
donc voila je vous poste quelque rapport si vous pouvez maider je vous enn cerait reconnaissant!
Logfile of Spyware Terminator v2.2.2.438 (db:2.009.022.000)
Scan Time: 23/09/2008 11:00:41 length: 598 s
Platform: VISTA (6.0.0.6000)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 151832 (Critical:3)
Filter: No System items, No Safe items, No Invalid items
Running Processes
SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
vsmon.exe [Check Point Software Technologies LTD] : C:\Windows\system32\ZoneLabs\vsmon.exe
sched.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
SynTPStart.exe [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPStart.exe
QLBCTRL.exe [ Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
HPKBDAPP.exe [ Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
hpwuSchd2.exe [Hewlett-Packard Co.] : C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
avgnt.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
LightScribeControlPanel.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
avguard.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
XAudio.exe [Conexant Systems, Inc.] : C:\Windows\system32\drivers\XAudio.exe
hpqWmiEx.exe [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
wmplayer.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmplayer.exe
HPHC_Service.exe [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - [RealPlayer] : C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LightScribe Control Panel : [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NvSvc : [NVIDIA Corporation] : C:\Windows\system32\NVSVC.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SynTPStart : [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPStart.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, QlbCtrl : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, OnScreenDisplay : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UCam_Menu : [CyberLink Corp.] : C:\Program Files\CYBERLINK\YOUCAM\MUITRANSFER\MUISTARTMENU.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Co.] : C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avgnt : [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
Shell Extensions
CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
&Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll
- {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll
Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll
PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll
Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
Tablet PC Input Panel - {15D633E2-AD00-465b-9EC7-F56B7CDF8E27} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll
Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll
ShellViewRTF - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - [XSS] : C:\Windows\system32\ShellvRTF.dll
- {2F603045-309F-11CF-9774-0020AFD0CFF6} - [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll
Protocol Handler
MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Microsoft Infotech Storage Protocol for IE 4.0 - {0A9007C0-4076-11D3-8789-0000F8105754} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
Services
23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
23 - [Atheros Communications, Inc.] : C:\Windows\system32\DRIVERS\athr.sys
23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
23 - [Avira GmbH] : C:\Windows\system32\DRIVERS\avipbb.sys
23 - [Conexant Systems Inc.] : C:\Windows\system32\drivers\CHDART.sys
23 - [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
23 - [Hewlett-Packard Development Company, L.P.] : C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23 - [Hewlett-Packard Development Company, L.P.] : C:\Windows\system32\DRIVERS\HpqRemHid.sys
23 - [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSX_DPV.sys
23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23 - [Conexant] : C:\Windows\system32\DRIVERS\mdmxsdk.sys
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mssmbios.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvmfdx32.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvlddmkm.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvsmu.sys
23 - [REDC] : C:\Windows\system32\DRIVERS\rimmptsk.sys
23 - [REDC] : C:\Windows\system32\DRIVERS\rimsptsk.sys
23 - [REDC] : C:\Windows\system32\DRIVERS\rixdptsk.sys
23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
23 - [Crawler.com] : C:\Windows\system32\drivers\sp_rsdrv2.sys
23 - [Avira GmbH] : C:\Windows\system32\DRIVERS\ssmdrv.sys
23 - [Synaptics, Inc.] : C:\Windows\system32\DRIVERS\SynTP.sys
23 - [Check Point Software Technologies LTD] : C:\Windows\system32\DRIVERS\vsdatant.sys
23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\xaudio.sys
23 - [Conexant Systems, Inc.] : C:\Windows\system32\drivers\XAudio.exe
Threat Files
<Trojan.Downloader.Agent.aaar> : C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe
<Trojan.Agent.qwt> : C:\Program Files\Hp\QuickPlay\Kernel\Partner\libcurl.dll
Advanced Files Report
%SYSDIR%\SLsvc.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A1DCD30534835CB67733AD00175125A6 SIZE=2605568
%SYSDIR%\ZoneLabs\vsmon.exe [Check Point Software Technologies LTD] [TrueVector Service] MD5=0238690AB96AD9E08C643D7A7AD8B293 SIZE=79400
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sched.exe [Avira GmbH] [AntiVir Workstation] MD5=1C51917C9B30530A781F438F6A4AC49F SIZE=68865
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\schedr.dll [Avira GmbH] [AntiVir Workstation] MD5=EFBABD350FA0E4804CD98CE6FFE98743 SIZE=7937
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avevtlog.dll [Avira GmbH] [AntiVir Workstation] MD5=3A5874F76D8EA78F5AB0B158191C1EE4 SIZE=114945
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sqlite3.dll [SQLite Database] MD5=A467ACDA6C73AE3F8DBC6B94602921B5 SIZE=339968
%SYSDIR%\nvd3dum.dll [NVIDIA Corporation] [NVIDIA Windows Vista WDDM driver] MD5=8785A60FEFC28B795358EF25536ED72A SIZE=4943872
%PROGRAMFILES%\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll [HP] [MediaLamp] MD5=816ACB76EC72ADCB58EC90D275F9FEB6 SIZE=110592
%PROGRAMFILES%\BillP Studios\WinPatrol\PATROLPRO.DLL [BillP Studios] [BillP Studios Window Detection] MD5=87103EC411FE220740A93C99D007764E SIZE=62776
%SYSDIR%\rundll32.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4B555106290BD117334E9A08761C035A SIZE=44544
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=8B9F4298264C267EC43C0BF8CADA343C SIZE=368640
%PROGRAMFILES%\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.DLL [Hewlett-Packard Development Company, L.P.] [QLB] MD5=116E4539035CD02324C893F904263BDC SIZE=300336
%PROGRAMFILES%\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.DLL [Hewlett-Packard Company] [HP Quick Launch Buttons] MD5=DE88D1D0609B8AFB0ECC7270E0B0A798 SIZE=222512
%PROGRAMFILES%\Hewlett-Packard\HP QuickTouch\HPShared.dll [Hewlett-Packard Development Company, L.P.] [HP Shared Dynamic Link Library] MD5=B23E277835E7A259C3A5BA0ED2A86D8A SIZE=15696
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\cclib.dll [Avira GmbH] [AntiVir Workstation] MD5=18F68A243BDA79BBA9D01FA39ECE8598 SIZE=160001
%PROGRAMFILES%\avira\antivir personaledition classic\ccgen.dll [Avira GmbH] [AntiVir Workstation] MD5=B9875A5471B3CF425BAAF9B3CE813A9C SIZE=270593
%PROGRAMFILES%\avira\antivir personaledition classic\ccgenrc.dll [Avira GmbH] [AntiVir Workstation] MD5=856DBDB418067A7E87A2302F94AC31F5 SIZE=17665
%PROGRAMFILES%\avira\antivir personaledition classic\ccguard.dll [Avira GmbH] [AntiVir Workstation] MD5=3E1F96DE993B8D6E87ACF9146F9DF0D9 SIZE=217345
%PROGRAMFILES%\avira\antivir personaledition classic\ccgrdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=B09D14A806D30132C427AA3745C46D54 SIZE=20225
%PROGRAMFILES%\avira\antivir personaledition classic\avipc.dll [Avira GmbH] [AntiVir Workstation] MD5=922EE25E719104E6D0E166451118E9F4 SIZE=73985
%PROGRAMFILES%\avira\antivir personaledition classic\ccupdate.dll [Avira GmbH] [AntiVir Workstation] MD5=E19C269071C08D9D30D91CE896480CA6 SIZE=114945
%PROGRAMFILES%\avira\antivir personaledition classic\ccupdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=445F5AF6DFC84EFECB242209F3C12412 SIZE=12545
%PROGRAMFILES%\avira\antivir personaledition classic\cclic.dll [Avira GmbH] [AntiVir Workstation] MD5=708A5119B4C625B1AD300CD351A61F9B SIZE=61697
%PROGRAMFILES%\avira\antivir personaledition classic\cclicrc.dll [Avira GmbH] [AntiVir Workstation] MD5=35443145C1F3987262B8DD2AC6D53B05 SIZE=5889
%PROGRAMFILES%\avira\antivir personaledition classic\ccmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=61DFF7D04472B97F33D66BF0934A4D48 SIZE=155905
%COMMONFILES%\LightScribe\QtCore4.dll [Trolltech ASA] [Qt4] MD5=FA6C29F3668505A0C85C770951C68CF6 SIZE=1581056
%COMMONFILES%\LightScribe\QtGui4.dll [Trolltech ASA] [Qt4] MD5=90703BD8D71099E43993F3AFAF2B5A10 SIZE=6365184
%COMMONFILES%\LightScribe\plugins\imageformats\qjpeg4.dll [Trolltech ASA] [Qt4] MD5=3C1DC306F1F20A8071C363FA4FCBE16B SIZE=131072
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avguard.exe [Avira GmbH] [AntiVir Workstation] MD5=980825559F7C70B565ADD5F5C71CFE8F SIZE=147201
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\guardmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=0F3552C80887EB93BE8FFAF26F8D7006 SIZE=46849
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL [Avira GmbH] [AntiVir Workstation] MD5=0B4552C1E399392E0494D074941C6218 SIZE=25857
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL [Avira GmbH] [AntiVir Workstation] MD5=F2D83E33EC3F82835FA631F8FF2CCE64 SIZE=28929
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVGIO.DLL [Avira GmbH] MD5=24D54A9DF157869A7DE4D61D37D10FC8 SIZE=122113
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aecore.dll [Avira GmbH] [AVCORE] MD5=79CFCBE53CC1643B346BA4BF5E937A7F SIZE=172406
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aevdf.dll [Avira GmbH] [AVVDF] MD5=C9FFFD5005F4FE7131DF6128E98E3A6A SIZE=102772
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescript.dll [Avira GmbH] [AVSCRIPT] MD5=940CD41BFAAF19ACE1AD43EF0E135F4D SIZE=319867
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescn.dll [Avira GmbH] [AVSCN] MD5=F519C10B10D73B2B6B75CFEBC5096236 SIZE=119156
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aerdl.dll [Avira GmbH] [AVRDL] MD5=63E0D3672EAD934C49F37CDC1F2CEF23 SIZE=438644
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aepack.dll [Avira GmbH] [AVPACK] MD5=BC3A6DDC19C4511CA2C37F0938EB8853 SIZE=364917
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\unacev2.dll [ACE Compression Software] [UNACE - freeware ACE extraction component] MD5=DE02C4D04088B69E64ECC30A3D9E22E5 SIZE=77312
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeoffice.dll [Avira GmbH] [AVOFFICE] MD5=CEE6E30E4D1A7569F0E83C739EDF1547 SIZE=196986
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeheur.dll [Avira GmbH] [AVHEUR] MD5=E14B955CE30DE445A680677BA9A7CA85 SIZE=1438071
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aehelp.dll [Avira GmbH] [AVHELP] MD5=83BAC707A4B7682201A1EB9766B54CEB SIZE=115063
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aegen.dll [Avira GmbH] [AVGEN] MD5=63F18A1FD1A6D1069B892EC25280E595 SIZE=315764
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeemu.dll [Avira GmbH] [AVEMU] MD5=87A6C6E3993D3A635F8E7152FC6D1907 SIZE=430452
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aebb.dll [Avira GmbH] [AVBB] MD5=BBAD1D9B0694F5E8FE2ACB85283CC5FE SIZE=53617
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=53710476495886D9961BE46983A6A33F SIZE=79136
%COMMONFILES%\LightScribe\LSSProxy.dll [Hewlett-Packard Company] [LightScribe] MD5=F686D5839A3B0079D20D57FB7683880F SIZE=110592
%COMMONFILES%\LightScribe\LSLog.dll [Hewlett-Packard Company] [LightScribe] MD5=C227B31C13D80CBE59742B0C858CC0FA SIZE=33280
%SYSDIR%\drivers\XAudio.exe [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=CDA0BC78672B50C43649FF34E1FD0FF8 SIZE=386560
%PROGRAMFILES%\Hewlett-Packard\Shared\hpqWmiEx.exe [Hewlett-Packard Development Company, L.P.] [hpqwmiex Module] MD5=04C1DCBB226C6AE647B794833CE3CEB6 SIZE=135168
%SYSDIR%\SynCOM.dll [Synaptics, Inc.] [COM SDK] MD5=D9DC6BF7DFC07BD4B76C34412C550F16 SIZE=163840
%SYSDIR%\SynTPAPI.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=A895C257DDCC405C2F89117B65CE1251 SIZE=147456
%PROGRAMFILES%\Windows Media Player\wmplayer.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=81D386F15E10E19F9A0804D900460324 SIZE=168960
%PROGRAMFILES%\Hewlett-Packard\HP Health Check\HPHC_Service.exe [Hewlett-Packard] [HP Health Check Service] MD5=0D26C438E2938A3E6BDD91173BC96FF0 SIZE=65536
%WINDIR%\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll [Hewlett-Packard] [HP Active Support Library] MD5=0775A7424B1828AD1452BAE43F7069A8 SIZE=86016
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
%SYSDIR%\inetcomm.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=2497E0909F2136C9F6B190FCF1E54BBD SIZE=737792
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=C9F8C752ED450D74A51FC4DA40B0DA16 SIZE=338432
%PROGRAMFILES%\Windows Photo Gallery\PhotoViewer.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=7CB1C510F55B2D5E3DE24823839D320D SIZE=2313216
%PROGRAMFILES%\Windows Media Player\wmpband.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4AEED1FBB53F915CBE30671793776A80 SIZE=99328
%SYSDIR%\emdmgmt.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=3226FDA08988526E819E364E8CCE4CEE SIZE=560640
%SYSDIR%\audiodev.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=BC59360E14159C67FF257FB424F3B723 SIZE=244224
%PROGRAMFILES%\Windows Photo Gallery\PhotoAcq.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=571B269F346E518F0D2BB7B067ECFFCD SIZE=1030656
%COMMONFILES%\microsoft shared\ink\TipBand.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A8F2BB769FA35F9C2867746B671EB662 SIZE=114688
%PROGRAMFILES%\Windows Sidebar\sbdrop.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=1690302570CC80160F68B604E6806802 SIZE=66048
%SYSDIR%\ShellvRTF.dll [XSS] [XSS ShellvRTF] MD5=1AD7E7296F62B998C157A4BDA006EC01 SIZE=274432
%PROGRAMFILES%\Synaptics\SynTP\SynTPCpl.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=E4D7E410A044E58FB20E310B848C45C7 SIZE=942080
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH] [AntiVir Workstation] MD5=655A36AB49696FFE33FB376719B298C1 SIZE=69889
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=F8C799BB63C6020BE54E4132E1866BE0 SIZE=63040
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\DRIVERS\athr.sys [Atheros Communications, Inc.] [Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter] MD5=0437199C88F6E88A387CFEC8A8886A6E SIZE=735232
%SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [Avira GmbH] [AntiVir Workstation] MD5=D1A025056656C572AD90CC6C2BFBE9F6 SIZE=49472
%SYSDIR%\DRIVERS\avipbb.sys [Avira GmbH] MD5=1A1068D7C0E1C836164ED924390CB407 SIZE=79424
%SYSDIR%\svchost.exe -k LocalServiceNoNetwork
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k DcomLaunch
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\drivers\CHDART.sys [Conexant Systems Inc.] [Conexant HDAudio Driver] MD5=7BE40BB4CD16D8760E18EA981FF452EC SIZE=176640
%SYSDIR%\DRIVERS\HpqKbFiltr.sys [Hewlett-Packard Development Company, L.P.] [HP Quick Launch Buttons] MD5=35956140E686D53BF676CF0C778880FC SIZE=16768
%SYSDIR%\DRIVERS\HpqRemHid.sys [Hewlett-Packard Development Company, L.P.] [HP Remote Control HID Device] MD5=115C0933B3ED51DFBEC4449348C8065B SIZE=7168
%SYSDIR%\DRIVERS\HSX_DPV.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=1882827F41DEE51C70E24C567C35BFB5 SIZE=984064
%SYSDIR%\DRIVERS\HSXHWAZL.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=A44DDF3BA83E4664BF4DE9220097578C SIZE=208896
%SYSDIR%\DRIVERS\mdmxsdk.sys [Conexant] [Diagnostic Interface x86 Driver] MD5=0CEA2D0D3FA284B85ED5B68365114F76 SIZE=12672
%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=1F6F7159C75E4B27D138B5225808860F SIZE=28776
%SYSDIR%\DRIVERS\nvmfdx32.sys [NVIDIA Corporation] [nvmfdx32] MD5=A1108084B0D2FC43DCC401735770E2A3 SIZE=1059112
%SYSDIR%\DRIVERS\nvlddmkm.sys [NVIDIA Corporation] [NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65] MD5=442EAC1B12ACF1BAD6F1224167E034C8 SIZE=7626400
%SYSDIR%\DRIVERS\nvsmu.sys [NVIDIA Corporation] [NVIDIA nForce(TM) PCA Driver] MD5=9AEBC32F9D6E02EBEE0369AB296FE7C8 SIZE=12032
%SYSDIR%\svchost.exe -k NetworkServiceNetworkRestricted
%SYSDIR%\DRIVERS\rimmptsk.sys [REDC] [RICOH SD/MMC Driver] MD5=355AAC141B214BEF1DBC1483AFD9BD50 SIZE=39936
%SYSDIR%\DRIVERS\rimsptsk.sys [REDC] [Ricoh Memorystick Controller] MD5=A4216C71DD4F60B26418CCFD99CD0815 SIZE=42496
%SYSDIR%\DRIVERS\rixdptsk.sys [REDC] [R5C852 Ricoh xD Controller] MD5=D231B577024AA324AF13A42F3A807D10 SIZE=37376
%SYSDIR%\svchost.exe -k rpcss
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=CCD6E6C387E3EFA3BA5FE0E7883821C1 SIZE=141312
%SYSDIR%\DRIVERS\ssmdrv.sys [Avira GmbH] MD5=3D2829FDE1C52FC64DA5413889CE4DEE SIZE=28352
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\SynTP.sys [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=3D6316279C3540AA268BF025F4621EF3 SIZE=191408
%SYSDIR%\DRIVERS\vsdatant.sys [Check Point Software Technologies LTD] [ZoneAlarm Firewalling Driver] MD5=C8F5455F43977580D489CE31178F4166 SIZE=279440
%SYSDIR%\ZoneLabs\vsmon.exe -service
%SYSDIR%\svchost.exe -k WerSvcGroup
%SYSDIR%\DRIVERS\HSX_CNXT.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=E096FFB754F1E45AE1BDDAC1275AE2C5 SIZE=660480
%SYSDIR%\svchost.exe -k secsvcs
%SYSDIR%\SearchIndexer.exe \Embedding
%SYSDIR%\DRIVERS\xaudio.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=19E7C173B6242AD7521E537AE54768BF SIZE=8704
%COMMONFILES%\Microsoft Shared\Information Retrieval\msitss.dll [Microsoft Corporation] [Microsoft(R) Infotech Information Storage System Library] MD5=BBFF7F0AC61F8A29241BC00B3785CCB0 SIZE=230760
%SYSDIR%\msdxm.ocx [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=506CF5D6E38FD7DEC7B6D7D3030E7BC9 SIZE=4096
%SYSDIR%\powrprof.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=3CDEC51291F735C5C276B957239017A3 SIZE=96768
%SYSDIR%\WPDSP.DLL [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=C72D3E9282DFE01E1D363DDB5DC1A66C SIZE=349184
%PROGRAMFILES%\Java\jre1.6.0_07\bin\JdbcOdbc.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=F708430AE09C4102933E24CD6D12780D SIZE=36352
%PROGRAMFILES%\Java\jre1.6.0_07\bin\dcpr.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=D6E7FFCD38ECDFE4BD8DCE29D8D1A654 SIZE=143360
%PROGRAMFILES%\Java\jre1.6.0_07\bin\ioser12.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=5CF15BC4493299F6645DB27B51278D2A SIZE=12800
%PROGRAMFILES%\Java\jre1.6.0_07\bin\policytool.exe [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=1C0C6888952D9EC22A7B5C6FAD0E8160 SIZE=25600
%SYSDIR%\msvcp71.dll [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=561FA2ABB31DFA8FAB762145F81667C2 SIZE=499712
%PROGRAMFILES%\Microsoft Works\ltkrn13n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=9F55BFD2C68DDD94F261B4E7A177042B SIZE=468568
End of Report
apres avoir formaté hier soir pour cause de trojan et tout reinstaller ce matin je fait une premiere analise avec spywre terminator et voila ce quil ma trouvé direct(je suis degouter):
trojan.agent.qwt
trojan.downloader.agent.aar
invalid startup items(invalid items)
donc voila je vous poste quelque rapport si vous pouvez maider je vous enn cerait reconnaissant!
Logfile of Spyware Terminator v2.2.2.438 (db:2.009.022.000)
Scan Time: 23/09/2008 11:00:41 length: 598 s
Platform: VISTA (6.0.0.6000)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 151832 (Critical:3)
Filter: No System items, No Safe items, No Invalid items
Running Processes
SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
vsmon.exe [Check Point Software Technologies LTD] : C:\Windows\system32\ZoneLabs\vsmon.exe
sched.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
SynTPStart.exe [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPStart.exe
QLBCTRL.exe [ Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
HPKBDAPP.exe [ Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
hpwuSchd2.exe [Hewlett-Packard Co.] : C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
avgnt.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
LightScribeControlPanel.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
avguard.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
XAudio.exe [Conexant Systems, Inc.] : C:\Windows\system32\drivers\XAudio.exe
hpqWmiEx.exe [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
wmplayer.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmplayer.exe
HPHC_Service.exe [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - [RealPlayer] : C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LightScribe Control Panel : [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NvSvc : [NVIDIA Corporation] : C:\Windows\system32\NVSVC.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SynTPStart : [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPStart.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, QlbCtrl : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, OnScreenDisplay : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UCam_Menu : [CyberLink Corp.] : C:\Program Files\CYBERLINK\YOUCAM\MUITRANSFER\MUISTARTMENU.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Co.] : C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avgnt : [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
Shell Extensions
CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
&Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll
- {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll
Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll
PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll
Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
Tablet PC Input Panel - {15D633E2-AD00-465b-9EC7-F56B7CDF8E27} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll
Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll
ShellViewRTF - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - [XSS] : C:\Windows\system32\ShellvRTF.dll
- {2F603045-309F-11CF-9774-0020AFD0CFF6} - [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll
Protocol Handler
MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Microsoft Infotech Storage Protocol for IE 4.0 - {0A9007C0-4076-11D3-8789-0000F8105754} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
Services
23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
23 - [Atheros Communications, Inc.] : C:\Windows\system32\DRIVERS\athr.sys
23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
23 - [Avira GmbH] : C:\Windows\system32\DRIVERS\avipbb.sys
23 - [Conexant Systems Inc.] : C:\Windows\system32\drivers\CHDART.sys
23 - [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
23 - [Hewlett-Packard Development Company, L.P.] : C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23 - [Hewlett-Packard Development Company, L.P.] : C:\Windows\system32\DRIVERS\HpqRemHid.sys
23 - [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSX_DPV.sys
23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23 - [Conexant] : C:\Windows\system32\DRIVERS\mdmxsdk.sys
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mssmbios.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvmfdx32.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvlddmkm.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvsmu.sys
23 - [REDC] : C:\Windows\system32\DRIVERS\rimmptsk.sys
23 - [REDC] : C:\Windows\system32\DRIVERS\rimsptsk.sys
23 - [REDC] : C:\Windows\system32\DRIVERS\rixdptsk.sys
23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
23 - [Crawler.com] : C:\Windows\system32\drivers\sp_rsdrv2.sys
23 - [Avira GmbH] : C:\Windows\system32\DRIVERS\ssmdrv.sys
23 - [Synaptics, Inc.] : C:\Windows\system32\DRIVERS\SynTP.sys
23 - [Check Point Software Technologies LTD] : C:\Windows\system32\DRIVERS\vsdatant.sys
23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\xaudio.sys
23 - [Conexant Systems, Inc.] : C:\Windows\system32\drivers\XAudio.exe
Threat Files
<Trojan.Downloader.Agent.aaar> : C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe
<Trojan.Agent.qwt> : C:\Program Files\Hp\QuickPlay\Kernel\Partner\libcurl.dll
Advanced Files Report
%SYSDIR%\SLsvc.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A1DCD30534835CB67733AD00175125A6 SIZE=2605568
%SYSDIR%\ZoneLabs\vsmon.exe [Check Point Software Technologies LTD] [TrueVector Service] MD5=0238690AB96AD9E08C643D7A7AD8B293 SIZE=79400
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sched.exe [Avira GmbH] [AntiVir Workstation] MD5=1C51917C9B30530A781F438F6A4AC49F SIZE=68865
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\schedr.dll [Avira GmbH] [AntiVir Workstation] MD5=EFBABD350FA0E4804CD98CE6FFE98743 SIZE=7937
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avevtlog.dll [Avira GmbH] [AntiVir Workstation] MD5=3A5874F76D8EA78F5AB0B158191C1EE4 SIZE=114945
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sqlite3.dll [SQLite Database] MD5=A467ACDA6C73AE3F8DBC6B94602921B5 SIZE=339968
%SYSDIR%\nvd3dum.dll [NVIDIA Corporation] [NVIDIA Windows Vista WDDM driver] MD5=8785A60FEFC28B795358EF25536ED72A SIZE=4943872
%PROGRAMFILES%\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll [HP] [MediaLamp] MD5=816ACB76EC72ADCB58EC90D275F9FEB6 SIZE=110592
%PROGRAMFILES%\BillP Studios\WinPatrol\PATROLPRO.DLL [BillP Studios] [BillP Studios Window Detection] MD5=87103EC411FE220740A93C99D007764E SIZE=62776
%SYSDIR%\rundll32.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4B555106290BD117334E9A08761C035A SIZE=44544
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=8B9F4298264C267EC43C0BF8CADA343C SIZE=368640
%PROGRAMFILES%\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.DLL [Hewlett-Packard Development Company, L.P.] [QLB] MD5=116E4539035CD02324C893F904263BDC SIZE=300336
%PROGRAMFILES%\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.DLL [Hewlett-Packard Company] [HP Quick Launch Buttons] MD5=DE88D1D0609B8AFB0ECC7270E0B0A798 SIZE=222512
%PROGRAMFILES%\Hewlett-Packard\HP QuickTouch\HPShared.dll [Hewlett-Packard Development Company, L.P.] [HP Shared Dynamic Link Library] MD5=B23E277835E7A259C3A5BA0ED2A86D8A SIZE=15696
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\cclib.dll [Avira GmbH] [AntiVir Workstation] MD5=18F68A243BDA79BBA9D01FA39ECE8598 SIZE=160001
%PROGRAMFILES%\avira\antivir personaledition classic\ccgen.dll [Avira GmbH] [AntiVir Workstation] MD5=B9875A5471B3CF425BAAF9B3CE813A9C SIZE=270593
%PROGRAMFILES%\avira\antivir personaledition classic\ccgenrc.dll [Avira GmbH] [AntiVir Workstation] MD5=856DBDB418067A7E87A2302F94AC31F5 SIZE=17665
%PROGRAMFILES%\avira\antivir personaledition classic\ccguard.dll [Avira GmbH] [AntiVir Workstation] MD5=3E1F96DE993B8D6E87ACF9146F9DF0D9 SIZE=217345
%PROGRAMFILES%\avira\antivir personaledition classic\ccgrdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=B09D14A806D30132C427AA3745C46D54 SIZE=20225
%PROGRAMFILES%\avira\antivir personaledition classic\avipc.dll [Avira GmbH] [AntiVir Workstation] MD5=922EE25E719104E6D0E166451118E9F4 SIZE=73985
%PROGRAMFILES%\avira\antivir personaledition classic\ccupdate.dll [Avira GmbH] [AntiVir Workstation] MD5=E19C269071C08D9D30D91CE896480CA6 SIZE=114945
%PROGRAMFILES%\avira\antivir personaledition classic\ccupdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=445F5AF6DFC84EFECB242209F3C12412 SIZE=12545
%PROGRAMFILES%\avira\antivir personaledition classic\cclic.dll [Avira GmbH] [AntiVir Workstation] MD5=708A5119B4C625B1AD300CD351A61F9B SIZE=61697
%PROGRAMFILES%\avira\antivir personaledition classic\cclicrc.dll [Avira GmbH] [AntiVir Workstation] MD5=35443145C1F3987262B8DD2AC6D53B05 SIZE=5889
%PROGRAMFILES%\avira\antivir personaledition classic\ccmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=61DFF7D04472B97F33D66BF0934A4D48 SIZE=155905
%COMMONFILES%\LightScribe\QtCore4.dll [Trolltech ASA] [Qt4] MD5=FA6C29F3668505A0C85C770951C68CF6 SIZE=1581056
%COMMONFILES%\LightScribe\QtGui4.dll [Trolltech ASA] [Qt4] MD5=90703BD8D71099E43993F3AFAF2B5A10 SIZE=6365184
%COMMONFILES%\LightScribe\plugins\imageformats\qjpeg4.dll [Trolltech ASA] [Qt4] MD5=3C1DC306F1F20A8071C363FA4FCBE16B SIZE=131072
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avguard.exe [Avira GmbH] [AntiVir Workstation] MD5=980825559F7C70B565ADD5F5C71CFE8F SIZE=147201
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\guardmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=0F3552C80887EB93BE8FFAF26F8D7006 SIZE=46849
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL [Avira GmbH] [AntiVir Workstation] MD5=0B4552C1E399392E0494D074941C6218 SIZE=25857
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL [Avira GmbH] [AntiVir Workstation] MD5=F2D83E33EC3F82835FA631F8FF2CCE64 SIZE=28929
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVGIO.DLL [Avira GmbH] MD5=24D54A9DF157869A7DE4D61D37D10FC8 SIZE=122113
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aecore.dll [Avira GmbH] [AVCORE] MD5=79CFCBE53CC1643B346BA4BF5E937A7F SIZE=172406
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aevdf.dll [Avira GmbH] [AVVDF] MD5=C9FFFD5005F4FE7131DF6128E98E3A6A SIZE=102772
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescript.dll [Avira GmbH] [AVSCRIPT] MD5=940CD41BFAAF19ACE1AD43EF0E135F4D SIZE=319867
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescn.dll [Avira GmbH] [AVSCN] MD5=F519C10B10D73B2B6B75CFEBC5096236 SIZE=119156
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aerdl.dll [Avira GmbH] [AVRDL] MD5=63E0D3672EAD934C49F37CDC1F2CEF23 SIZE=438644
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aepack.dll [Avira GmbH] [AVPACK] MD5=BC3A6DDC19C4511CA2C37F0938EB8853 SIZE=364917
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\unacev2.dll [ACE Compression Software] [UNACE - freeware ACE extraction component] MD5=DE02C4D04088B69E64ECC30A3D9E22E5 SIZE=77312
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeoffice.dll [Avira GmbH] [AVOFFICE] MD5=CEE6E30E4D1A7569F0E83C739EDF1547 SIZE=196986
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeheur.dll [Avira GmbH] [AVHEUR] MD5=E14B955CE30DE445A680677BA9A7CA85 SIZE=1438071
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aehelp.dll [Avira GmbH] [AVHELP] MD5=83BAC707A4B7682201A1EB9766B54CEB SIZE=115063
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aegen.dll [Avira GmbH] [AVGEN] MD5=63F18A1FD1A6D1069B892EC25280E595 SIZE=315764
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeemu.dll [Avira GmbH] [AVEMU] MD5=87A6C6E3993D3A635F8E7152FC6D1907 SIZE=430452
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aebb.dll [Avira GmbH] [AVBB] MD5=BBAD1D9B0694F5E8FE2ACB85283CC5FE SIZE=53617
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=53710476495886D9961BE46983A6A33F SIZE=79136
%COMMONFILES%\LightScribe\LSSProxy.dll [Hewlett-Packard Company] [LightScribe] MD5=F686D5839A3B0079D20D57FB7683880F SIZE=110592
%COMMONFILES%\LightScribe\LSLog.dll [Hewlett-Packard Company] [LightScribe] MD5=C227B31C13D80CBE59742B0C858CC0FA SIZE=33280
%SYSDIR%\drivers\XAudio.exe [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=CDA0BC78672B50C43649FF34E1FD0FF8 SIZE=386560
%PROGRAMFILES%\Hewlett-Packard\Shared\hpqWmiEx.exe [Hewlett-Packard Development Company, L.P.] [hpqwmiex Module] MD5=04C1DCBB226C6AE647B794833CE3CEB6 SIZE=135168
%SYSDIR%\SynCOM.dll [Synaptics, Inc.] [COM SDK] MD5=D9DC6BF7DFC07BD4B76C34412C550F16 SIZE=163840
%SYSDIR%\SynTPAPI.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=A895C257DDCC405C2F89117B65CE1251 SIZE=147456
%PROGRAMFILES%\Windows Media Player\wmplayer.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=81D386F15E10E19F9A0804D900460324 SIZE=168960
%PROGRAMFILES%\Hewlett-Packard\HP Health Check\HPHC_Service.exe [Hewlett-Packard] [HP Health Check Service] MD5=0D26C438E2938A3E6BDD91173BC96FF0 SIZE=65536
%WINDIR%\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll [Hewlett-Packard] [HP Active Support Library] MD5=0775A7424B1828AD1452BAE43F7069A8 SIZE=86016
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
%SYSDIR%\inetcomm.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=2497E0909F2136C9F6B190FCF1E54BBD SIZE=737792
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=C9F8C752ED450D74A51FC4DA40B0DA16 SIZE=338432
%PROGRAMFILES%\Windows Photo Gallery\PhotoViewer.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=7CB1C510F55B2D5E3DE24823839D320D SIZE=2313216
%PROGRAMFILES%\Windows Media Player\wmpband.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4AEED1FBB53F915CBE30671793776A80 SIZE=99328
%SYSDIR%\emdmgmt.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=3226FDA08988526E819E364E8CCE4CEE SIZE=560640
%SYSDIR%\audiodev.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=BC59360E14159C67FF257FB424F3B723 SIZE=244224
%PROGRAMFILES%\Windows Photo Gallery\PhotoAcq.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=571B269F346E518F0D2BB7B067ECFFCD SIZE=1030656
%COMMONFILES%\microsoft shared\ink\TipBand.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A8F2BB769FA35F9C2867746B671EB662 SIZE=114688
%PROGRAMFILES%\Windows Sidebar\sbdrop.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=1690302570CC80160F68B604E6806802 SIZE=66048
%SYSDIR%\ShellvRTF.dll [XSS] [XSS ShellvRTF] MD5=1AD7E7296F62B998C157A4BDA006EC01 SIZE=274432
%PROGRAMFILES%\Synaptics\SynTP\SynTPCpl.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=E4D7E410A044E58FB20E310B848C45C7 SIZE=942080
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH] [AntiVir Workstation] MD5=655A36AB49696FFE33FB376719B298C1 SIZE=69889
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=F8C799BB63C6020BE54E4132E1866BE0 SIZE=63040
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\DRIVERS\athr.sys [Atheros Communications, Inc.] [Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter] MD5=0437199C88F6E88A387CFEC8A8886A6E SIZE=735232
%SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted
%PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [Avira GmbH] [AntiVir Workstation] MD5=D1A025056656C572AD90CC6C2BFBE9F6 SIZE=49472
%SYSDIR%\DRIVERS\avipbb.sys [Avira GmbH] MD5=1A1068D7C0E1C836164ED924390CB407 SIZE=79424
%SYSDIR%\svchost.exe -k LocalServiceNoNetwork
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k DcomLaunch
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\drivers\CHDART.sys [Conexant Systems Inc.] [Conexant HDAudio Driver] MD5=7BE40BB4CD16D8760E18EA981FF452EC SIZE=176640
%SYSDIR%\DRIVERS\HpqKbFiltr.sys [Hewlett-Packard Development Company, L.P.] [HP Quick Launch Buttons] MD5=35956140E686D53BF676CF0C778880FC SIZE=16768
%SYSDIR%\DRIVERS\HpqRemHid.sys [Hewlett-Packard Development Company, L.P.] [HP Remote Control HID Device] MD5=115C0933B3ED51DFBEC4449348C8065B SIZE=7168
%SYSDIR%\DRIVERS\HSX_DPV.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=1882827F41DEE51C70E24C567C35BFB5 SIZE=984064
%SYSDIR%\DRIVERS\HSXHWAZL.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=A44DDF3BA83E4664BF4DE9220097578C SIZE=208896
%SYSDIR%\DRIVERS\mdmxsdk.sys [Conexant] [Diagnostic Interface x86 Driver] MD5=0CEA2D0D3FA284B85ED5B68365114F76 SIZE=12672
%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=1F6F7159C75E4B27D138B5225808860F SIZE=28776
%SYSDIR%\DRIVERS\nvmfdx32.sys [NVIDIA Corporation] [nvmfdx32] MD5=A1108084B0D2FC43DCC401735770E2A3 SIZE=1059112
%SYSDIR%\DRIVERS\nvlddmkm.sys [NVIDIA Corporation] [NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65] MD5=442EAC1B12ACF1BAD6F1224167E034C8 SIZE=7626400
%SYSDIR%\DRIVERS\nvsmu.sys [NVIDIA Corporation] [NVIDIA nForce(TM) PCA Driver] MD5=9AEBC32F9D6E02EBEE0369AB296FE7C8 SIZE=12032
%SYSDIR%\svchost.exe -k NetworkServiceNetworkRestricted
%SYSDIR%\DRIVERS\rimmptsk.sys [REDC] [RICOH SD/MMC Driver] MD5=355AAC141B214BEF1DBC1483AFD9BD50 SIZE=39936
%SYSDIR%\DRIVERS\rimsptsk.sys [REDC] [Ricoh Memorystick Controller] MD5=A4216C71DD4F60B26418CCFD99CD0815 SIZE=42496
%SYSDIR%\DRIVERS\rixdptsk.sys [REDC] [R5C852 Ricoh xD Controller] MD5=D231B577024AA324AF13A42F3A807D10 SIZE=37376
%SYSDIR%\svchost.exe -k rpcss
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=CCD6E6C387E3EFA3BA5FE0E7883821C1 SIZE=141312
%SYSDIR%\DRIVERS\ssmdrv.sys [Avira GmbH] MD5=3D2829FDE1C52FC64DA5413889CE4DEE SIZE=28352
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\SynTP.sys [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=3D6316279C3540AA268BF025F4621EF3 SIZE=191408
%SYSDIR%\DRIVERS\vsdatant.sys [Check Point Software Technologies LTD] [ZoneAlarm Firewalling Driver] MD5=C8F5455F43977580D489CE31178F4166 SIZE=279440
%SYSDIR%\ZoneLabs\vsmon.exe -service
%SYSDIR%\svchost.exe -k WerSvcGroup
%SYSDIR%\DRIVERS\HSX_CNXT.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=E096FFB754F1E45AE1BDDAC1275AE2C5 SIZE=660480
%SYSDIR%\svchost.exe -k secsvcs
%SYSDIR%\SearchIndexer.exe \Embedding
%SYSDIR%\DRIVERS\xaudio.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=19E7C173B6242AD7521E537AE54768BF SIZE=8704
%COMMONFILES%\Microsoft Shared\Information Retrieval\msitss.dll [Microsoft Corporation] [Microsoft(R) Infotech Information Storage System Library] MD5=BBFF7F0AC61F8A29241BC00B3785CCB0 SIZE=230760
%SYSDIR%\msdxm.ocx [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=506CF5D6E38FD7DEC7B6D7D3030E7BC9 SIZE=4096
%SYSDIR%\powrprof.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=3CDEC51291F735C5C276B957239017A3 SIZE=96768
%SYSDIR%\WPDSP.DLL [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=C72D3E9282DFE01E1D363DDB5DC1A66C SIZE=349184
%PROGRAMFILES%\Java\jre1.6.0_07\bin\JdbcOdbc.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=F708430AE09C4102933E24CD6D12780D SIZE=36352
%PROGRAMFILES%\Java\jre1.6.0_07\bin\dcpr.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=D6E7FFCD38ECDFE4BD8DCE29D8D1A654 SIZE=143360
%PROGRAMFILES%\Java\jre1.6.0_07\bin\ioser12.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=5CF15BC4493299F6645DB27B51278D2A SIZE=12800
%PROGRAMFILES%\Java\jre1.6.0_07\bin\policytool.exe [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=1C0C6888952D9EC22A7B5C6FAD0E8160 SIZE=25600
%SYSDIR%\msvcp71.dll [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=561FA2ABB31DFA8FAB762145F81667C2 SIZE=499712
%PROGRAMFILES%\Microsoft Works\ltkrn13n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=9F55BFD2C68DDD94F261B4E7A177042B SIZE=468568
End of Report
A voir également:
- Grosse infection!help!
- Infection Bloom ? ✓ - Forum Virus
- Infection ad.doubleclick.net ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
- Infection WonderShare ✓ - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
37 réponses
Si SDfix ne marche pas :
il faut que tu decompresse sdfix.exe et que tu mette le dossier sdfix dans c:
ensuite tu fait demarrer executer et tu met ceci
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
la une fenetre dos va s ouvrir si c est le cas et qu il te demande confirmation repond par y et la touche entrer
referme ensuite la fenetre et essai de relancer runthisbat
il faut que tu decompresse sdfix.exe et que tu mette le dossier sdfix dans c:
ensuite tu fait demarrer executer et tu met ceci
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
la une fenetre dos va s ouvrir si c est le cas et qu il te demande confirmation repond par y et la touche entrer
referme ensuite la fenetre et essai de relancer runthisbat
on va essayer autrement :
▶ Télécharger et enregistrer lopSD sur le Bureau
(C est le numéro 4 en bas de la page)
▶ Double-clic Lop S&D
▶ Faire l'installation
▶ Fermer toutes les applications
▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
▶ Taper F pour français , puis presser entrée
▶ Taper 1
▶ Presser Entrée
▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
▶ Télécharger et enregistrer lopSD sur le Bureau
(C est le numéro 4 en bas de la page)
▶ Double-clic Lop S&D
▶ Faire l'installation
▶ Fermer toutes les applications
▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
▶ Taper F pour français , puis presser entrée
▶ Taper 1
▶ Presser Entrée
▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
--------------------\\ Lop S&D 4.2.4-4 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : terminator ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total : 137 Go Free : 100 Go
D:\ (Local Disk) - NTFS - Total : 83 Go Free : 83 Go
E:\ (Local Disk) - NTFS - Total : 11 Go Free : 2 Go
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 23/09/2008|14:05 )
[ UAC => 1 ]
--------------------\\ Listing des dossiers dans Local
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Application Data
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\AtStart.txt
[22/09/2008|22:19] C:\Users\TERMIN~1\AppData\Local\Downloaded Installations
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\DSwitch.txt
[22/09/2008|22:36] C:\Users\TERMIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[22/09/2008|22:26] C:\Users\TERMIN~1\AppData\Local\Hewlett-Packard
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Historique
[22/09/2008|22:33] C:\Users\TERMIN~1\AppData\Local\Microsoft
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\QSwitch.txt
[22/09/2008|21:41] C:\Users\TERMIN~1\AppData\Local\QuickPlay
[22/09/2008|22:39] C:\Users\TERMIN~1\AppData\Local\Seven Zip
[23/09/2008|13:36] C:\Users\TERMIN~1\AppData\Local\Temp
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Temporary Internet Files
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[23/09/2008 13:47][--ah-----] C:\Windows\tasks\SA.DAT
[23/09/2008 11:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[22/09/2008|22:58] C:\ProgramData\Adobe
[22/09/2008|22:08] C:\ProgramData\Application Data
[12/02/2008|17:48] C:\ProgramData\Atheros
[22/09/2008|22:38] C:\ProgramData\Avira
[22/09/2008|22:08] C:\ProgramData\Bureau
[22/09/2008|23:58] C:\ProgramData\CheckPoint
[12/02/2008|17:54] C:\ProgramData\CyberLink
[22/09/2008|22:08] C:\ProgramData\Documents
[22/09/2008|22:08] C:\ProgramData\Favoris
[22/09/2008|22:26] C:\ProgramData\Hewlett-Packard
[22/09/2008|23:22] C:\ProgramData\Malwarebytes
[22/09/2008|22:08] C:\ProgramData\Menu D‚marrer
[22/09/2008|22:32] C:\ProgramData\Microsoft
[22/09/2008|22:32] C:\ProgramData\Microsoft Help
[22/09/2008|22:08] C:\ProgramData\ModŠles
[24/10/2007|18:43] C:\ProgramData\muvee Technologies
[22/09/2008|22:25] C:\ProgramData\NVIDIA
[23/09/2008|11:14] C:\ProgramData\Spyware Terminator
[22/09/2008|22:32] C:\ProgramData\Symantec
[24/10/2007|18:20] C:\ProgramData\Viewpoint
[22/09/2008|23:21] C:\ProgramData\VistaCodecs
[22/09/2008|22:50] C:\ProgramData\WildTangent
--------------------\\ Listing des dossiers dans C:\Program Files
[22/09/2008|22:56] C:\Program Files\Adobe
[24/10/2007|18:20] C:\Program Files\AIM6
[12/02/2008|17:48] C:\Program Files\Atheros
[22/09/2008|22:38] C:\Program Files\Avira
[22/09/2008|22:09] C:\Program Files\BillP Studios
[22/09/2008|23:19] C:\Program Files\CCleaner
[23/09/2008|12:04] C:\Program Files\Common Files
[12/02/2008|17:48] C:\Program Files\CONEXANT
[12/02/2008|17:59] C:\Program Files\CyberLink
[22/09/2008|22:08] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[12/02/2008|17:56] C:\Program Files\Hewlett-Packard
[12/02/2008|17:52] C:\Program Files\Hp
[22/09/2008|22:50] C:\Program Files\HP Games
[22/09/2008|22:14] C:\Program Files\HPQ
[22/09/2008|22:42] C:\Program Files\InstallShield Installation Information
[22/09/2008|23:44] C:\Program Files\Internet Explorer
[22/09/2008|22:20] C:\Program Files\Java
[22/09/2008|23:23] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[22/09/2008|22:32] C:\Program Files\Microsoft Office
[22/09/2008|22:32] C:\Program Files\Microsoft Works
[25/10/2007|02:57] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[22/09/2008|23:16] C:\Program Files\MSXML 4.0
[24/10/2007|18:43] C:\Program Files\muvee Technologies
[12/02/2008|17:46] C:\Program Files\NetWaiting
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[12/02/2008|18:03] C:\Program Files\Services en ligne
[23/09/2008|11:23] C:\Program Files\Spyware Terminator
[12/02/2008|17:45] C:\Program Files\Synaptics
[23/09/2008|00:10] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/10/2007|18:20] C:\Program Files\Viewpoint
[22/09/2008|23:21] C:\Program Files\VistaCodecPack
[22/09/2008|23:20] C:\Program Files\VS Revo Group
[24/10/2007|18:14] C:\Program Files\Windows Calendar
[25/10/2007|02:57] C:\Program Files\Windows Collaboration
[24/10/2007|18:14] C:\Program Files\Windows Defender
[25/10/2007|02:57] C:\Program Files\Windows Journal
[22/09/2008|23:43] C:\Program Files\Windows Mail
[22/09/2008|23:44] C:\Program Files\Windows Media Player
[22/09/2008|22:08] C:\Program Files\Windows NT
[25/10/2007|02:57] C:\Program Files\Windows Photo Gallery
[22/09/2008|23:43] C:\Program Files\Windows Sidebar
[12/02/2008|17:48] C:\Program Files\WinTV
[22/09/2008|23:58] C:\Program Files\Zone Labs
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[22/09/2008|22:57] C:\Program Files\Common Files\Adobe
[24/10/2007|18:19] C:\Program Files\Common Files\AOL
[24/10/2007|19:09] C:\Program Files\Common Files\InstallShield
[24/10/2007|19:21] C:\Program Files\Common Files\Java
[22/09/2008|22:14] C:\Program Files\Common Files\LightScribe
[22/09/2008|22:32] C:\Program Files\Common Files\microsoft shared
[24/10/2007|18:43] C:\Program Files\Common Files\muvee Technologies
[23/09/2008|12:04] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[22/09/2008|22:34] C:\Program Files\Common Files\Symantec Shared
[24/10/2007|18:14] C:\Program Files\Common Files\System
--------------------\\ Process
( 60 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 14:05:20
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:44][D:10]-> C:\Users\TERMIN~1\AppData\Local\Temp
[F:24][D:1]-> C:\Users\TERMIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:168][D:4]-> C:\Users\TERMIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|14:06 - Option : [1]
--------------------\\ Fin du rapport a 14:06:02
[ UAC => 1 ]
voila en esperen que ce soit bon et merci de ta patience
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : terminator ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total : 137 Go Free : 100 Go
D:\ (Local Disk) - NTFS - Total : 83 Go Free : 83 Go
E:\ (Local Disk) - NTFS - Total : 11 Go Free : 2 Go
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 23/09/2008|14:05 )
[ UAC => 1 ]
--------------------\\ Listing des dossiers dans Local
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Application Data
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\AtStart.txt
[22/09/2008|22:19] C:\Users\TERMIN~1\AppData\Local\Downloaded Installations
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\DSwitch.txt
[22/09/2008|22:36] C:\Users\TERMIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[22/09/2008|22:26] C:\Users\TERMIN~1\AppData\Local\Hewlett-Packard
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Historique
[22/09/2008|22:33] C:\Users\TERMIN~1\AppData\Local\Microsoft
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\QSwitch.txt
[22/09/2008|21:41] C:\Users\TERMIN~1\AppData\Local\QuickPlay
[22/09/2008|22:39] C:\Users\TERMIN~1\AppData\Local\Seven Zip
[23/09/2008|13:36] C:\Users\TERMIN~1\AppData\Local\Temp
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Temporary Internet Files
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[23/09/2008 13:47][--ah-----] C:\Windows\tasks\SA.DAT
[23/09/2008 11:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[22/09/2008|22:58] C:\ProgramData\Adobe
[22/09/2008|22:08] C:\ProgramData\Application Data
[12/02/2008|17:48] C:\ProgramData\Atheros
[22/09/2008|22:38] C:\ProgramData\Avira
[22/09/2008|22:08] C:\ProgramData\Bureau
[22/09/2008|23:58] C:\ProgramData\CheckPoint
[12/02/2008|17:54] C:\ProgramData\CyberLink
[22/09/2008|22:08] C:\ProgramData\Documents
[22/09/2008|22:08] C:\ProgramData\Favoris
[22/09/2008|22:26] C:\ProgramData\Hewlett-Packard
[22/09/2008|23:22] C:\ProgramData\Malwarebytes
[22/09/2008|22:08] C:\ProgramData\Menu D‚marrer
[22/09/2008|22:32] C:\ProgramData\Microsoft
[22/09/2008|22:32] C:\ProgramData\Microsoft Help
[22/09/2008|22:08] C:\ProgramData\ModŠles
[24/10/2007|18:43] C:\ProgramData\muvee Technologies
[22/09/2008|22:25] C:\ProgramData\NVIDIA
[23/09/2008|11:14] C:\ProgramData\Spyware Terminator
[22/09/2008|22:32] C:\ProgramData\Symantec
[24/10/2007|18:20] C:\ProgramData\Viewpoint
[22/09/2008|23:21] C:\ProgramData\VistaCodecs
[22/09/2008|22:50] C:\ProgramData\WildTangent
--------------------\\ Listing des dossiers dans C:\Program Files
[22/09/2008|22:56] C:\Program Files\Adobe
[24/10/2007|18:20] C:\Program Files\AIM6
[12/02/2008|17:48] C:\Program Files\Atheros
[22/09/2008|22:38] C:\Program Files\Avira
[22/09/2008|22:09] C:\Program Files\BillP Studios
[22/09/2008|23:19] C:\Program Files\CCleaner
[23/09/2008|12:04] C:\Program Files\Common Files
[12/02/2008|17:48] C:\Program Files\CONEXANT
[12/02/2008|17:59] C:\Program Files\CyberLink
[22/09/2008|22:08] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[12/02/2008|17:56] C:\Program Files\Hewlett-Packard
[12/02/2008|17:52] C:\Program Files\Hp
[22/09/2008|22:50] C:\Program Files\HP Games
[22/09/2008|22:14] C:\Program Files\HPQ
[22/09/2008|22:42] C:\Program Files\InstallShield Installation Information
[22/09/2008|23:44] C:\Program Files\Internet Explorer
[22/09/2008|22:20] C:\Program Files\Java
[22/09/2008|23:23] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[22/09/2008|22:32] C:\Program Files\Microsoft Office
[22/09/2008|22:32] C:\Program Files\Microsoft Works
[25/10/2007|02:57] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[22/09/2008|23:16] C:\Program Files\MSXML 4.0
[24/10/2007|18:43] C:\Program Files\muvee Technologies
[12/02/2008|17:46] C:\Program Files\NetWaiting
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[12/02/2008|18:03] C:\Program Files\Services en ligne
[23/09/2008|11:23] C:\Program Files\Spyware Terminator
[12/02/2008|17:45] C:\Program Files\Synaptics
[23/09/2008|00:10] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/10/2007|18:20] C:\Program Files\Viewpoint
[22/09/2008|23:21] C:\Program Files\VistaCodecPack
[22/09/2008|23:20] C:\Program Files\VS Revo Group
[24/10/2007|18:14] C:\Program Files\Windows Calendar
[25/10/2007|02:57] C:\Program Files\Windows Collaboration
[24/10/2007|18:14] C:\Program Files\Windows Defender
[25/10/2007|02:57] C:\Program Files\Windows Journal
[22/09/2008|23:43] C:\Program Files\Windows Mail
[22/09/2008|23:44] C:\Program Files\Windows Media Player
[22/09/2008|22:08] C:\Program Files\Windows NT
[25/10/2007|02:57] C:\Program Files\Windows Photo Gallery
[22/09/2008|23:43] C:\Program Files\Windows Sidebar
[12/02/2008|17:48] C:\Program Files\WinTV
[22/09/2008|23:58] C:\Program Files\Zone Labs
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[22/09/2008|22:57] C:\Program Files\Common Files\Adobe
[24/10/2007|18:19] C:\Program Files\Common Files\AOL
[24/10/2007|19:09] C:\Program Files\Common Files\InstallShield
[24/10/2007|19:21] C:\Program Files\Common Files\Java
[22/09/2008|22:14] C:\Program Files\Common Files\LightScribe
[22/09/2008|22:32] C:\Program Files\Common Files\microsoft shared
[24/10/2007|18:43] C:\Program Files\Common Files\muvee Technologies
[23/09/2008|12:04] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[22/09/2008|22:34] C:\Program Files\Common Files\Symantec Shared
[24/10/2007|18:14] C:\Program Files\Common Files\System
--------------------\\ Process
( 60 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 14:05:20
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:44][D:10]-> C:\Users\TERMIN~1\AppData\Local\Temp
[F:24][D:1]-> C:\Users\TERMIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:168][D:4]-> C:\Users\TERMIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|14:06 - Option : [1]
--------------------\\ Fin du rapport a 14:06:02
[ UAC => 1 ]
voila en esperen que ce soit bon et merci de ta patience
ok maintenant :
▶ Relance Lop S&D
▶ Choisis cette fois-ci l'option 2 (Suppression)
▶ Ne ferme pas la fenêtre lors de la suppression !
▶ Poste le rapport généré (C:\lopR.txt)
* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
ensuite :
▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.
▶ Télécharge Combofix de sUBs
(c est le numéro 5 en bas de la page)
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
▶ Relance Lop S&D
▶ Choisis cette fois-ci l'option 2 (Suppression)
▶ Ne ferme pas la fenêtre lors de la suppression !
▶ Poste le rapport généré (C:\lopR.txt)
* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
ensuite :
▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.
▶ Télécharge Combofix de sUBs
(c est le numéro 5 en bas de la page)
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
bon te bien voila parcontre combofix ne marche pas et pourtant jai bien effectué toute les manip
voila le rapport lopSD:
--------------------\\ Lop S&D 4.2.4-4 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : terminator ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total : 137 Go Free : 100 Go
D:\ (Local Disk) - NTFS - Total : 83 Go Free : 83 Go
E:\ (Local Disk) - NTFS - Total : 11 Go Free : 2 Go
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [2] ( 23/09/2008|14:22 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\PROGRA~2\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Application Data
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\AtStart.txt
[22/09/2008|22:19] C:\Users\TERMIN~1\AppData\Local\Downloaded Installations
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\DSwitch.txt
[22/09/2008|22:36] C:\Users\TERMIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[22/09/2008|22:26] C:\Users\TERMIN~1\AppData\Local\Hewlett-Packard
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Historique
[22/09/2008|22:33] C:\Users\TERMIN~1\AppData\Local\Microsoft
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\QSwitch.txt
[22/09/2008|21:41] C:\Users\TERMIN~1\AppData\Local\QuickPlay
[22/09/2008|22:39] C:\Users\TERMIN~1\AppData\Local\Seven Zip
[23/09/2008|14:22] C:\Users\TERMIN~1\AppData\Local\Temp
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Temporary Internet Files
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[23/09/2008 14:07][--ah-----] C:\Windows\tasks\SA.DAT
[23/09/2008 14:06][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[22/09/2008|22:58] C:\ProgramData\Adobe
[22/09/2008|22:08] C:\ProgramData\Application Data
[12/02/2008|17:48] C:\ProgramData\Atheros
[22/09/2008|22:38] C:\ProgramData\Avira
[22/09/2008|22:08] C:\ProgramData\Bureau
[22/09/2008|23:58] C:\ProgramData\CheckPoint
[12/02/2008|17:54] C:\ProgramData\CyberLink
[22/09/2008|22:08] C:\ProgramData\Documents
[22/09/2008|22:08] C:\ProgramData\Favoris
[22/09/2008|22:26] C:\ProgramData\Hewlett-Packard
[22/09/2008|23:22] C:\ProgramData\Malwarebytes
[22/09/2008|22:08] C:\ProgramData\Menu D‚marrer
[22/09/2008|22:32] C:\ProgramData\Microsoft
[22/09/2008|22:32] C:\ProgramData\Microsoft Help
[22/09/2008|22:08] C:\ProgramData\ModŠles
[24/10/2007|18:43] C:\ProgramData\muvee Technologies
[22/09/2008|22:25] C:\ProgramData\NVIDIA
[23/09/2008|11:14] C:\ProgramData\Spyware Terminator
[22/09/2008|22:32] C:\ProgramData\Symantec
[22/09/2008|23:21] C:\ProgramData\VistaCodecs
[22/09/2008|22:50] C:\ProgramData\WildTangent
--------------------\\ Listing des dossiers dans C:\Program Files
[22/09/2008|22:56] C:\Program Files\Adobe
[24/10/2007|18:20] C:\Program Files\AIM6
[12/02/2008|17:48] C:\Program Files\Atheros
[22/09/2008|22:38] C:\Program Files\Avira
[22/09/2008|22:09] C:\Program Files\BillP Studios
[22/09/2008|23:19] C:\Program Files\CCleaner
[23/09/2008|12:04] C:\Program Files\Common Files
[12/02/2008|17:48] C:\Program Files\CONEXANT
[12/02/2008|17:59] C:\Program Files\CyberLink
[22/09/2008|22:08] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[12/02/2008|17:56] C:\Program Files\Hewlett-Packard
[12/02/2008|17:52] C:\Program Files\Hp
[22/09/2008|22:50] C:\Program Files\HP Games
[22/09/2008|22:14] C:\Program Files\HPQ
[22/09/2008|22:42] C:\Program Files\InstallShield Installation Information
[22/09/2008|23:44] C:\Program Files\Internet Explorer
[22/09/2008|22:20] C:\Program Files\Java
[22/09/2008|23:23] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[22/09/2008|22:32] C:\Program Files\Microsoft Office
[22/09/2008|22:32] C:\Program Files\Microsoft Works
[25/10/2007|02:57] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[22/09/2008|23:16] C:\Program Files\MSXML 4.0
[24/10/2007|18:43] C:\Program Files\muvee Technologies
[12/02/2008|17:46] C:\Program Files\NetWaiting
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[12/02/2008|18:03] C:\Program Files\Services en ligne
[23/09/2008|11:23] C:\Program Files\Spyware Terminator
[12/02/2008|17:45] C:\Program Files\Synaptics
[23/09/2008|00:10] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/09/2008|23:21] C:\Program Files\VistaCodecPack
[22/09/2008|23:20] C:\Program Files\VS Revo Group
[24/10/2007|18:14] C:\Program Files\Windows Calendar
[25/10/2007|02:57] C:\Program Files\Windows Collaboration
[24/10/2007|18:14] C:\Program Files\Windows Defender
[25/10/2007|02:57] C:\Program Files\Windows Journal
[22/09/2008|23:43] C:\Program Files\Windows Mail
[22/09/2008|23:44] C:\Program Files\Windows Media Player
[22/09/2008|22:08] C:\Program Files\Windows NT
[25/10/2007|02:57] C:\Program Files\Windows Photo Gallery
[22/09/2008|23:43] C:\Program Files\Windows Sidebar
[12/02/2008|17:48] C:\Program Files\WinTV
[22/09/2008|23:58] C:\Program Files\Zone Labs
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[22/09/2008|22:57] C:\Program Files\Common Files\Adobe
[24/10/2007|18:19] C:\Program Files\Common Files\AOL
[24/10/2007|19:09] C:\Program Files\Common Files\InstallShield
[24/10/2007|19:21] C:\Program Files\Common Files\Java
[22/09/2008|22:14] C:\Program Files\Common Files\LightScribe
[22/09/2008|22:32] C:\Program Files\Common Files\microsoft shared
[24/10/2007|18:43] C:\Program Files\Common Files\muvee Technologies
[23/09/2008|12:04] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[22/09/2008|22:34] C:\Program Files\Common Files\Symantec Shared
[24/10/2007|18:14] C:\Program Files\Common Files\System
--------------------\\ Process
( 59 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 14:22:15
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:44][D:10]-> C:\Users\TERMIN~1\AppData\Local\Temp
[F:24][D:1]-> C:\Users\TERMIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:168][D:4]-> C:\Users\TERMIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|14:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/09/2008|14:22 - Option : [2]
--------------------\\ Fin du rapport a 14:22:57
[ UAC => 1 ]
coment va ton faire je minquiete un peu..
voila le rapport lopSD:
--------------------\\ Lop S&D 4.2.4-4 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : terminator ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total : 137 Go Free : 100 Go
D:\ (Local Disk) - NTFS - Total : 83 Go Free : 83 Go
E:\ (Local Disk) - NTFS - Total : 11 Go Free : 2 Go
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [2] ( 23/09/2008|14:22 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\PROGRA~2\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Application Data
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\AtStart.txt
[22/09/2008|22:19] C:\Users\TERMIN~1\AppData\Local\Downloaded Installations
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\DSwitch.txt
[22/09/2008|22:36] C:\Users\TERMIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[22/09/2008|22:26] C:\Users\TERMIN~1\AppData\Local\Hewlett-Packard
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Historique
[22/09/2008|22:33] C:\Users\TERMIN~1\AppData\Local\Microsoft
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\QSwitch.txt
[22/09/2008|21:41] C:\Users\TERMIN~1\AppData\Local\QuickPlay
[22/09/2008|22:39] C:\Users\TERMIN~1\AppData\Local\Seven Zip
[23/09/2008|14:22] C:\Users\TERMIN~1\AppData\Local\Temp
[22/09/2008|22:12] C:\Users\TERMIN~1\AppData\Local\Temporary Internet Files
[22/09/2008|22:25] C:\Users\TERMIN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[23/09/2008 14:07][--ah-----] C:\Windows\tasks\SA.DAT
[23/09/2008 14:06][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[22/09/2008|22:58] C:\ProgramData\Adobe
[22/09/2008|22:08] C:\ProgramData\Application Data
[12/02/2008|17:48] C:\ProgramData\Atheros
[22/09/2008|22:38] C:\ProgramData\Avira
[22/09/2008|22:08] C:\ProgramData\Bureau
[22/09/2008|23:58] C:\ProgramData\CheckPoint
[12/02/2008|17:54] C:\ProgramData\CyberLink
[22/09/2008|22:08] C:\ProgramData\Documents
[22/09/2008|22:08] C:\ProgramData\Favoris
[22/09/2008|22:26] C:\ProgramData\Hewlett-Packard
[22/09/2008|23:22] C:\ProgramData\Malwarebytes
[22/09/2008|22:08] C:\ProgramData\Menu D‚marrer
[22/09/2008|22:32] C:\ProgramData\Microsoft
[22/09/2008|22:32] C:\ProgramData\Microsoft Help
[22/09/2008|22:08] C:\ProgramData\ModŠles
[24/10/2007|18:43] C:\ProgramData\muvee Technologies
[22/09/2008|22:25] C:\ProgramData\NVIDIA
[23/09/2008|11:14] C:\ProgramData\Spyware Terminator
[22/09/2008|22:32] C:\ProgramData\Symantec
[22/09/2008|23:21] C:\ProgramData\VistaCodecs
[22/09/2008|22:50] C:\ProgramData\WildTangent
--------------------\\ Listing des dossiers dans C:\Program Files
[22/09/2008|22:56] C:\Program Files\Adobe
[24/10/2007|18:20] C:\Program Files\AIM6
[12/02/2008|17:48] C:\Program Files\Atheros
[22/09/2008|22:38] C:\Program Files\Avira
[22/09/2008|22:09] C:\Program Files\BillP Studios
[22/09/2008|23:19] C:\Program Files\CCleaner
[23/09/2008|12:04] C:\Program Files\Common Files
[12/02/2008|17:48] C:\Program Files\CONEXANT
[12/02/2008|17:59] C:\Program Files\CyberLink
[22/09/2008|22:08] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[12/02/2008|17:56] C:\Program Files\Hewlett-Packard
[12/02/2008|17:52] C:\Program Files\Hp
[22/09/2008|22:50] C:\Program Files\HP Games
[22/09/2008|22:14] C:\Program Files\HPQ
[22/09/2008|22:42] C:\Program Files\InstallShield Installation Information
[22/09/2008|23:44] C:\Program Files\Internet Explorer
[22/09/2008|22:20] C:\Program Files\Java
[22/09/2008|23:23] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[22/09/2008|22:32] C:\Program Files\Microsoft Office
[22/09/2008|22:32] C:\Program Files\Microsoft Works
[25/10/2007|02:57] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[22/09/2008|23:16] C:\Program Files\MSXML 4.0
[24/10/2007|18:43] C:\Program Files\muvee Technologies
[12/02/2008|17:46] C:\Program Files\NetWaiting
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[12/02/2008|18:03] C:\Program Files\Services en ligne
[23/09/2008|11:23] C:\Program Files\Spyware Terminator
[12/02/2008|17:45] C:\Program Files\Synaptics
[23/09/2008|00:10] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/09/2008|23:21] C:\Program Files\VistaCodecPack
[22/09/2008|23:20] C:\Program Files\VS Revo Group
[24/10/2007|18:14] C:\Program Files\Windows Calendar
[25/10/2007|02:57] C:\Program Files\Windows Collaboration
[24/10/2007|18:14] C:\Program Files\Windows Defender
[25/10/2007|02:57] C:\Program Files\Windows Journal
[22/09/2008|23:43] C:\Program Files\Windows Mail
[22/09/2008|23:44] C:\Program Files\Windows Media Player
[22/09/2008|22:08] C:\Program Files\Windows NT
[25/10/2007|02:57] C:\Program Files\Windows Photo Gallery
[22/09/2008|23:43] C:\Program Files\Windows Sidebar
[12/02/2008|17:48] C:\Program Files\WinTV
[22/09/2008|23:58] C:\Program Files\Zone Labs
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[22/09/2008|22:57] C:\Program Files\Common Files\Adobe
[24/10/2007|18:19] C:\Program Files\Common Files\AOL
[24/10/2007|19:09] C:\Program Files\Common Files\InstallShield
[24/10/2007|19:21] C:\Program Files\Common Files\Java
[22/09/2008|22:14] C:\Program Files\Common Files\LightScribe
[22/09/2008|22:32] C:\Program Files\Common Files\microsoft shared
[24/10/2007|18:43] C:\Program Files\Common Files\muvee Technologies
[23/09/2008|12:04] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[22/09/2008|22:34] C:\Program Files\Common Files\Symantec Shared
[24/10/2007|18:14] C:\Program Files\Common Files\System
--------------------\\ Process
( 59 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 14:22:15
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:44][D:10]-> C:\Users\TERMIN~1\AppData\Local\Temp
[F:24][D:1]-> C:\Users\TERMIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:168][D:4]-> C:\Users\TERMIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|14:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/09/2008|14:22 - Option : [2]
--------------------\\ Fin du rapport a 14:22:57
[ UAC => 1 ]
coment va ton faire je minquiete un peu..
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
▶ Télécharge et enregistre Clean
(c est le numéro 9 en bas de la page)
▶ Ne double-clique pas directement sur le fichier clean.zip !! Pour cela, fais un clic droit puis dans le menu déroulant, choisis décompresser tout ou extraire tout. Ceci doit créer un nouveau dossier nommé clean.
▶ Double-clique sur le nouveau dossier clean
▶ Dans la liste, tu dois avoir clean.cmd (le .cmd peut ne pas être présent chez toi).
▶ Double-clique sur clean.cmd.
▶ Un menu s'ouvre... Choisis l'option 1 en tappant sur la touche 1 de ton clavier.
▶ Appuies sur la touche entrée pour valider.
▶ Une fois l analyse terminée.. un rapport va s'ouvrir sur le bloc-note.
▶ copier/coller le rapport dans la nouvelle réponse.
(c est le numéro 9 en bas de la page)
▶ Ne double-clique pas directement sur le fichier clean.zip !! Pour cela, fais un clic droit puis dans le menu déroulant, choisis décompresser tout ou extraire tout. Ceci doit créer un nouveau dossier nommé clean.
▶ Double-clique sur le nouveau dossier clean
▶ Dans la liste, tu dois avoir clean.cmd (le .cmd peut ne pas être présent chez toi).
▶ Double-clique sur clean.cmd.
▶ Un menu s'ouvre... Choisis l'option 1 en tappant sur la touche 1 de ton clavier.
▶ Appuies sur la touche entrée pour valider.
▶ Une fois l analyse terminée.. un rapport va s'ouvrir sur le bloc-note.
▶ copier/coller le rapport dans la nouvelle réponse.
▶ Télécharge a-squared free 3.5
▶ Un tutoriel est à ta disposition pour bien l utiliser.
▶ fais la mise à jour et une analyse complète.
▶ poste le rapport stp
ensuite refais un nouveau rapport hijackthis stp
▶ Un tutoriel est à ta disposition pour bien l utiliser.
▶ fais la mise à jour et une analyse complète.
▶ poste le rapport stp
ensuite refais un nouveau rapport hijackthis stp
non tu peux le laisser actif..
Je dois m absenter, je reviendrai plus tard pour vérifier ton rapport ;-)
@+
Je dois m absenter, je reviendrai plus tard pour vérifier ton rapport ;-)
@+
je suis de retour..
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
puis tu cliques sur fix checked.
télécharge le SP1 de vista : http://www.microsoft.com/downloads/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674&displaylang=fr
ensuite :
vas faire une analyse en ligne avec bitdefender à cette adresse :
http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
ensuite :
Fais une analyse avec trojan remover
Un tutoriel est à ta disposition sur le site à coté du lien de téléchargement.
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
puis tu cliques sur fix checked.
télécharge le SP1 de vista : http://www.microsoft.com/downloads/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674&displaylang=fr
ensuite :
vas faire une analyse en ligne avec bitdefender à cette adresse :
http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
ensuite :
Fais une analyse avec trojan remover
Un tutoriel est à ta disposition sur le site à coté du lien de téléchargement.
tu dois installer le SP1
si je l ai vue dans ton rapport hijackthis c est qu elle est là lol
Tu ne l as peut etre pas vue mais elle y est ;-)
si je l ai vue dans ton rapport hijackthis c est qu elle est là lol
Tu ne l as peut etre pas vue mais elle y est ;-)
Salut !!
essais à cette adresse : http://www.bitdefender.fr/scan_fr/scan8/ie.html
Tu dois la faire avec internet explorer
essais à cette adresse : http://www.bitdefender.fr/scan_fr/scan8/ie.html
Tu dois la faire avec internet explorer
tu dois normalement télécfharger l activeX qui s affiche dans une barre jaune en haut de ta page internet
