Votre question

Spyware, trojan et compagnie

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Mars 2008 19:02:44

Bonjour. Je demande de l'aide ici car je suis desperé :roll:

Entre les analayses CCleaner que je fais, les alertes Avast! et les popups qui s'ouvrent s'en arret, je stature :kaola: 

Voila mon rapport Hijackthis :

Spoiler
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:03, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Alwil Software\Avast4\aswUpdSv.exe
D:\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\antiviirus.exe
D:\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\winmed.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\WINDOWS\TEMP\winlogan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\steam\steam.exe
D:\DAEMON Tools Lite\daemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\winlugan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Connect\mswmcls.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\windows media connect\mswmccds.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Alwil Software\Avast4\ashMaiSv.exe
D:\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Connect\mswmc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
D:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13A4630D-1B08-477E-8581-0E155C929C24} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: RDL Rolex - {3437F77C-C103-47BF-BF1D-7EAFC400BE8F} - C:\WINDOWS\drnpfdxrfw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: C:\WINDOWS\system32\Kf93jfg.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Kf93jfg.dll
O3 - Toolbar: etlrlws - {5CFAD498-79F2-4A82-91A3-4BADDE0281B1} - C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [avast!] D:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinMed] winmed.exe
O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VoipBuster] "D:\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: msn_0803_upd041807.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: msn_0803_upd041807.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O21 - SSODL: altvxvm - {E9CF12B2-010E-476C-A1AF-D4973B30B4B5} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: CDSys - {9357dba9-cb7e-4d45-9a32-5587efb8452b} - C:\WINDOWS\Installer\{9357dba9-cb7e-4d45-9a32-5587efb8452b}\CDSys.dll
O21 - SSODL: zip - {ba6e5363-947a-4140-ba19-8008f62883b6} - C:\WINDOWS\Installer\{ba6e5363-947a-4140-ba19-8008f62883b6}\zip.dll
O21 - SSODL: bokpkov - {DF4F9DAD-AD6E-4681-88A8-30B721917F56} - (no file)
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Kf93jfg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlugan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9359 bytes


Merci de m'aider :pt1cable:  :hello: 

Autres pages sur : spyware trojan compagnie

11 Mars 2008 19:22:20

:hello: 

Tu es sacrément infecté(e) !

Télécharge SDFix (créé par AndyManchesta ) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
    N.B.:
    - Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    - Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.
    11 Mars 2008 20:22:11

    Spoiler
    SDFix: Version 1.155

    Run by Florian on 11/03/2008 at 19:51

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\Florian\Bureau\SDFix

    Checking Services :

    Name:
    Google Online Search Service
    riode32

    Path:
    C:\WINDOWS\system32\winlugan.exe -A
    \??\C:\WINDOWS\system32\drivers\riode32.sys

    Google Online Search Service - Deleted
    riode32 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default HomePage Value
    Restoring Default Desktop Components Value

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\Installer\{9357dba9-cb7e-4d45-9a32-5587efb8452b}\CDSys.dll - Deleted
    C:\WINDOWS\Installer\{ba6e5363-947a-4140-ba19-8008f62883b6}\zip.dll - Deleted
    C:\WINDOWS\system32\Kf93jfg.dll - Deleted
    C:\WINDOWS\SYSTEM32\6TO4SV.DLL - Deleted
    C:\WINDOWS\SYSTEM32\AT.DLL - Deleted
    C:\WINDOWS\SYSTEM32\ATMLI.DLL - Deleted
    C:\WINDOWS\SYSTEM32\CI.DLL - Deleted
    C:\WINDOWS\privacy_danger\index.htm - Deleted
    C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
    C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
    C:\WINDOWS\privacy_danger\images\down.gif - Deleted
    C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
    C:\WINDOWS\drnpfdxrfw.dll - Deleted
    C:\WINDOWS\system32\msgk374.exe - Deleted
    C:\Program Files\antiviirus.exe - Deleted
    C:\Documents and Settings\Florian\ie_updates3r.exe - Deleted
    C:\DOCUME~1\Florian\LOCALS~1\Temp\ac8zt2.dat - Deleted
    C:\WINDOWS\altvxvm.dll - Deleted
    C:\WINDOWS\etlrlws.dll - Deleted
    C:\WINDOWS\fmsxwqs.exe - Deleted
    C:\WINDOWS\rs.txt - Deleted
    C:\WINDOWS\system32\svchost.t__ - Deleted
    C:\WINDOWS\system32\winlogans.tmp - Deleted
    C:\WINDOWS\system32\winlugan.exe - Deleted
    C:\WINDOWS\system32\winmed.exe - Deleted
    C:\WINDOWS\Temp\winlogan.exe - Deleted



    Folder C:\WINDOWS\Installer\{9357dba9-cb7e-4d45-9a32-5587efb8452b} - Removed
    Folder C:\WINDOWS\Installer\{ba6e5363-947a-4140-ba19-8008f62883b6} - Removed
    Folder C:\WINDOWS\privacy_danger - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 20:15:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:5e,68,d6,f6,ce,8d,cc,21,01,b1,5a,c8,c6,9c,2e,49,40,df,36,99,32,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,88,57,e3,ec,69,be,ea,bd,c0,e1,53,2e,ec,da,74,7a,4e,..
    "khjeh"=hex:bf,e3,1c,37,38,b5,9c,f2,02,91,49,8c,2e,73,92,2c,97,44,6e,ab,96,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:ec,a2,06,25,d7,07,58,3a,4e,dc,2d,39,9d,38,2d,7c,82,80,a0,63,c6,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:5e,68,d6,f6,ce,8d,cc,21,01,b1,5a,c8,c6,9c,2e,49,40,df,36,99,32,..
    "p0"="D:\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:bf,e3,1c,37,38,b5,9c,f2,02,91,49,8c,2e,73,92,2c,97,44,6e,ab,96,..
    "a0"=hex:20,01,00,00,03,c4,49,f1,88,2f,a2,e5,7f,1c,d2,5b,f5,05,ae,59,a5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:7f,46,c0,27,d0,ac,59,7a,b6,63,a8,2f,a4,82,ad,c3,60,f4,84,41,e2,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:5e,68,d6,f6,ce,8d,cc,21,01,b1,5a,c8,c6,9c,2e,49,40,df,36,99,32,..
    "p0"="D:\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:bf,e3,1c,37,38,b5,9c,f2,02,91,49,8c,2e,73,92,2c,97,44,6e,ab,96,..
    "a0"=hex:20,01,00,00,03,c4,49,f1,88,2f,a2,e5,7f,1c,d2,5b,f5,05,ae,59,a5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:7f,46,c0,27,d0,ac,59,7a,b6,63,a8,2f,a4,82,ad,c3,60,f4,84,41,e2,..

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 9


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:p ro Evolution Soccer 2008"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "D:\\Steam\\steamapps\\popip\\garrysmod\\hl2.exe"="D:\\Steam\\steamapps\\popip\\garrysmod\\hl2.exe:*:D isabled:hl2"
    "D:\\Steam\\steamapps\\popip\\counter-strike source\\hl2.exe"="D:\\Steam\\steamapps\\popip\\counter-strike source\\hl2.exe:*:Enabled:hl2"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "D:\\mIRC\\mirc.exe"="D:\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "D:\\Football Manager 2008\\fm.exe"="D:\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "D:\\VoipBuster\\VoipBuster.exe"="D:\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
    "C:\\WINDOWS\\system32\\winmed.exe"="C:\\WINDOWS\\system32\\winmed.exe:*:Enabled:ENABLE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\DOCUME~1\Florian\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Sun 9 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp189281.exe"
    Sun 9 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp195609.exe"
    Sun 9 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp41109.exe"
    Sun 9 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp41312.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp42187.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp42609.exe"
    Sun 9 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp4274734.exe"
    Sun 9 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp4279750.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp43406.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp43468.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp45625.exe"
    Sun 9 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp46281.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp47328.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp47750.exe"
    Sun 9 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp47859.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp48546.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp48562.exe"
    Tue 11 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp53125.exe"
    Mon 10 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp53421.exe"
    Mon 10 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp58578.exe"
    Mon 10 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp59125.exe"
    Mon 10 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp815828.exe"
    Mon 10 Mar 2008 16,464 ..SHR --- "C:\Program Files\tmp821171.exe"
    Thu 24 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Finished!


    Au fait, a quoi voyez vous que je suis autant infesté ? :whistle:  En tout cas, merci pour l'aide :love: 
    Contenus similaires
    11 Mars 2008 20:30:38

    Re,

    Je l'ai vu en analysant ton rapport hijackthis.

    Et regarde un peu tout les trojans que t'as trouvé sdfix :p 

    Poste un nouveau hijackthis stp ;) 
    11 Mars 2008 20:33:39

    Spoiler
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:33:15, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Alwil Software\Avast4\aswUpdSv.exe
    D:\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Media Connect\mswmcls.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    D:\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    D:\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Media Connect\mswmc.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
    D:\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\PowerArchiver\PASTARTER.EXE
    C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
    D:\steam\steam.exe
    D:\DAEMON Tools Lite\daemon.exe
    D:\VoipBuster\VoipBuster.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13A4630D-1B08-477E-8581-0E155C929C24} - C:\WINDOWS\system32\atmli.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] D:\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [VoipBuster] "D:\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 7607 bytes
    11 Mars 2008 20:36:16

    Et bien ! Sdfix a bien fait son travail héhé ;) 

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.
    11 Mars 2008 21:58:36

    Spoiler


    AntiVir PersonalEdition Classic
    Report file date: mardi 11 mars 2008 21:13

    Scanning for 1142609 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Florian
    Computer name: SAUVAGNA-C8AE47

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:00:28
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 20:00:28
    ANTIVIR3.VDF : 7.0.3.17 79360 Bytes 11/03/2008 20:00:28
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 11/03/2008 20:00:28
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/03/2008 20:00:28
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: M:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 11 mars 2008 21:13

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!
    Boot sector 'E:\'
    [NOTE] In the drive 'E:\' no data medium is inserted!
    Boot sector 'F:\'
    [NOTE] In the drive 'F:\' no data medium is inserted!
    Boot sector 'G:\'
    [NOTE] In the drive 'G:\' no data medium is inserted!
    Boot sector 'H:\'
    [NOTE] In the drive 'H:\' no data medium is inserted!
    Boot sector 'I:\'
    [NOTE] In the drive 'I:\' no data medium is inserted!
    Boot sector 'L:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '38' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Florian\Bureau\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/antiviirus.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    --> backups/drnpfdxrfw.dll
    [DETECTION] Is the Trojan horse TR/BHO.Agent.221184
    --> backups/ie_updates3r.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Tiny.agx.1
    --> backups/Kf93jfg.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    --> backups/msgk374.exe
    [DETECTION] Is the Trojan horse TR/Hijacker.Gen
    --> backups/winlogan.exe
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    --> backups/winlugan.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Tiny.agx.1
    --> backups/winmed.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01ULWTST\krab[1].exe
    [DETECTION] Is the Trojan horse TR/Agent.7680.95
    [INFO] The file was deleted!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27KH2RCZ\loaderZ253[1].exe
    [DETECTION] Is the Trojan horse TR/Pakes.cif
    [INFO] The file was deleted!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2FAN2ZQX\cd[1].htm
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IH030Z43\i5[1].exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was deleted!
    C:\Program Files\instaler.exe
    [DETECTION] Is the Trojan horse TR/Shell.Eviell
    [INFO] The file was deleted!
    C:\Program Files\tmp189281.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp195609.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp41109.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp41312.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp42187.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp42609.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp4274734.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp4279750.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp43406.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp43468.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp45625.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp46281.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp47328.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp47750.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp47859.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp48546.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp48562.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp53125.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp53421.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp58578.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp59125.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp815828.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\Program Files\tmp821171.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.ftu
    [INFO] The file was deleted!
    C:\WINDOWS\system32\657373.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\upc.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'


    End of the scan: mardi 11 mars 2008 21:48
    Used time: 34:52 min

    The scan has been canceled!

    4057 Scanning directories
    194505 Files were scanned
    38 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    31 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    194467 Files not concerned
    893 Archives were scanned
    2 Warnings
    0 Notes
    12 Mars 2008 21:52:56

    :hello: 

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L%u2019extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS