S'abonner :

Newsletters

Magazines

01men.

Avis sur les produits

Avis sur les logiciels

Avis sur les jeux

Actualités

A propos de 01net

193 utilisateurs connectés

Forum de 01net / Sécurité / Infection Spysheriff, blocage de bcp d'applis [Resolu]

Infection Spysheriff, blocage de bcp d'applis [Resolu]

unitednowhere le 10 décembre 2006 à 12h33

Bonjour a tous, voila j'ai été récement infecté par spysheriff, un virus visiblement tres coriasse d'apres ceux qui ont eu le probleme.
Les sybtomes chez moi sont:
- L'icone dans la barre de lancement rapide voulant me faire utiliser spysheriff, disant que j'ai été infecté par un virus,
- Impossibilité de lire des musiques (lorsque je veux lancer la console creative un message me dit "aucun peripherique audio pris en charge"), par contre j'ai le son de windows xp lors de l'arret ou du demarage du pc...
- Firefox ce ferme tout seul regulierement,
- Symantec corporate m'ouvre sans arret des fenetres disant qu'il a supprimer un "dialer trojan", un "downloader" je sais pas quoi d'autre. :pleure:

Je viens de faire un rapport HijackThis, dont voici le resultat:

EDIT MODO : Pas de rapport avant qu'il n'en soit demandé un !
Pour plus d'informations sur les règles, cliquez sur ce lien : http://forum.telecharger.com/telecharger/securite_virus_et_assimiles/obligato(...)

Voila j'espere que vous pourrez m'aider, j'ai deja passé un coup de ad-aware, Ccleaner et spybot mais sans grand succes...
Merci d'avance pour votre aide!!!

Nico

-->Message édité par unitednowhere le 12/12/2006 13:16:44<--

répondre

Malekal_morte le 10 décembre 2006 à 12h38

Bonjour,

- Télécharge HiJackThis de Merijn sur ton bureau.
- Renomme le fichier HiJackThis.exe en Scanner.exe pour cela, fais un clic droit sur le fichier HiJackThis.exe et choisis renommer dans la liste
- Tape Scanner.exe et Appuye sur la touche Entrée.
- Génère un rapport en suivant ces indications :
- Double-clic sur Scanner.exe
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -

ET :

-- Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
(Si tu as Norton Antivirus ou NOD32, désactive le)
-- Fais un clic droit puis Extraire tout sur le fichier SmitfraudFix.zip, cela va tout décompresser dans un nouveau dossier SmitFraudfix
-- Ouvre le dossier SmitfraudFix double clic sur SmitfraudFix.cmd (le .cmd peut ne pas être présent)
-- Choisis l'option 1 et appuie sur Entrée
-- Réponds o (Oui) aux deux questions suivantes si elles sont posées
-- Un rapport sera généré sauvegarde le dans un dossier
-- Copie/colle le contenu du rapport ici

-->Message édité par Malekal_morte le 10/12/2006 12:38:49<--

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

répondre

unitednowhere le 10 décembre 2006 à 12h48

Merci beaucoup pour ton aide tres rapide.
Voici ce que tu m'as demandé:

SmitfraudFix:

SmitFraudFix v2.128

Rapport fait à 12:41:02,35, 10/12/2006
Executé à partir de C:\Documents and Settings\Nicolas\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\cmd32.exe PRESENT !
C:\WINDOWS\system32\taskdir.exe PRESENT !
C:\WINDOWS\system32\z13.exe PRESENT !
C:\WINDOWS\system32\z14.exe PRESENT !
C:\WINDOWS\system32\z15.exe PRESENT !
C:\WINDOWS\system32\z16.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nicolas

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nicolas\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nicolas\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Et Scanner.exe:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:50, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\nordsys.exe
C:\WINDOWS\system32\cmd32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\taskdir.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nicolas\Bureau\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1944.exe gdtgh
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A3D349F-DEB6-45B9-99A4-F913AD973D27}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ZULuLnTTeY - {0CD683D1-A67C-297B-0A75-C372500144BA} - C:\WINDOWS\system32\oduca.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Merci encore pour ton aide!!!

répondre

Malekal_morte le 10 décembre 2006 à 12h56

Voici la manipulation à effectuer en entier
Merci de bien vouloir :
- Lire attentivement les instructions demandées et prendre son temps pour les effectuer convenablement, sinon la désinfection ne sera pas complète.
- Si certains éléments ne sont pas trouvés, merci de le signaler mais de poursuivre les manipulations jusqu'au bout.
- A l'issu de la procédure, merci de bien copier/coller TOUS les rapports demandés.
- N'hésitez pas à consulter les liens d'aides, ils sont là pour vous guider !

Sur HiJackThis, refais un scan et coches les lignes suivantes :

O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1944.exe gdtgh
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

---> puis clic sur le bouton "Fix Checked"
n'hésite pas à consulter l'aide HiJackThis

- Télécharge et installe AVG Anti-Spyware - Tutorial : http://www.malekal.com/tutorial_AVG_AntiSpyware.html
- Mets le à jour à partir du menu Mise à jour en haut
- Télécharge clean.zip, décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

-- Redémarre en mode en mode sans échec, si tu sais pas comment on fait lis ceci
-- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

- Ouvre AVG Anti-Spyware et clic sur l'onglet Analyse, puis le sous-onglet Paramètres
- Sélectionne dans Comment Réagir ? Quarantine. (voir l'aide l'aide AVG Anti-Spyware)
- Reviens au sous-onglet Analyser puis clique sur Analyse complète du système.
---> Le scan démarre.

A la fin clique sur Appliquer toutes les actions, les éléments doivent alors être déplacés en quarantaine.
Puis clique sur Enregistrer le rapport d'analyse et enregistre le rapport sur le Bureau.

Aide : N'hésite pas à consulter l'Aide AVG Anti-Spyware pour tout problème.

-- Redémarre en mode normal : Menu Démarrer / Arreter / Redémarre l'ordinateur
Attention : dans le cas où l'ordinateur redémarre en boucle en mode sans échec, faire la manipulation inverse en décochant l'option /SAFEBOOT à l'aide de msconfig : voir à nouveau cette page : cliquez-ici

-- Fais un scan en ligne avec Internet Explorer : Scan Kaspersky et colle le rapport ici. Si tu es perdu, tu peux suivre cette aide pour les scans en ligne
-- Copie/Colle ici les rapports :
- AVG Anti-Spyware
- le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
- ainsi qu'un nouveau log HiJackThis

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

répondre

unitednowhere le 10 décembre 2006 à 13h58

Bon alors je viens de faire tout ce qu'il y avait a faire en mde sans echec et au redemarage du pc, miracle, spysheriff semble avoir disparu et mes mp3 refonctionnent!!!
Merci infiniement a toi Malekal_morte. Je fais le scan en ligne tout de suite et je poste le nouveau rapport HiJackThis! :d

répondre

Malekal_morte le 10 décembre 2006 à 14h00

oui poste les rapports HijackThis stp.
C'est surement pas terminé.

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

répondre

unitednowhere le 10 décembre 2006 à 14h35

Bon le scan en ligne a l'ai tres long( 11min 4%). Je sais aps si c'est normal ou quoi.
Sinon effectivement spysheriff ne me pollue plus le pc, masi il doit etre toujours present car symantec corporate m'en a bloqué une attaque.
Voila en attendant la fin du scan les autres rapports:

AVG anti-spyware:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 13:42:35 10/12/2006

+ Résultat de l'analyse:

HKU\S-1-5-21-790525478-1078145449-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\SpySheriff -> Adware.SpySheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\SpySheriff\heur001.dll -> Adware.SpySheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\SpySheriff\heur002.dll -> Adware.SpySheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\SpySheriff\heur003.dll -> Adware.SpySheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001991.exe -> Adware.Spysheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Nicolas\cdegfr -> Dropper.Delf.va : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001524.exe -> Dropper.Delf.va : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002927.exe -> Dropper.Delf.va : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001961.dll -> Proxy.Agent.df : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.130:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.131:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.132:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.133:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Nicolas\Cookies\nicolas@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.112:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.113:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.138:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.139:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.140:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.141:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.142:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.33:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.26:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.15:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.36:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.101:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.96:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.97:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.54:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.58:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.59:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.60:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.61:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.7:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.8:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Nicolas\Cookies\nicolas@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.20:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.21:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.22:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.23:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.24:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.25:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Nicolas\Cookies\nicolas@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Nicolas\Cookies\nicolas@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.17:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.18:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.46:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.47:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.48:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.49:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.10:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.13:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.14:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.9:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001528.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001529.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport

Rapport Clean:

Script clean par Malekal_morte - http://www.malekal.com

Microsoft Windows XP [version 5.1.2600]
Script execute en mode sans echec

*** Suppression de fichiers sur C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\cmd32.exe FOUND
C:\WINDOWS\system32\google.png.exe FOUND
C:\WINDOWS\system32\install.exe FOUND
C:\WINDOWS\system32\nordsys.exe FOUND
C:\WINDOWS\system32\se.exe.exe FOUND
C:\WINDOWS\system32\swxcacls.exe FOUND
C:\WINDOWS\system32\taskdir.exe FOUND
C:\WINDOWS\system32\w.exe FOUND
C:\WINDOWS\system32\w.exe.exe FOUND
C:\WINDOWS\system32\z11.exe FOUND
C:\WINDOWS\system32\z13.exe FOUND
C:\WINDOWS\system32\z14.exe FOUND
C:\WINDOWS\system32\z15.exe FOUND
C:\WINDOWS\system32\z16.exe FOUND
C:\WINDOWS\system32\z1???.exe FOUND
C:\WINDOWS\system32\z2???.exe FOUND
C:\WINDOWS\system32\zlbw.dll FOUND

*** Suppression des clefs du registre effectuee..

Rapport HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 14:30:01, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nicolas\Bureau\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A3D349F-DEB6-45B9-99A4-F913AD973D27}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ZULuLnTTeY - {0CD683D1-A67C-297B-0A75-C372500144BA} - C:\WINDOWS\system32\oduca.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Voila je te laisse analyser tout cela perso moi j'y comprend aps grand chose^^
Merci!

répondre

unitednowhere le 10 décembre 2006 à 15h35

voici le rapport kaspersky:

KASPERSKY ONLINE SCANNER REPORT
Sunday, December 10, 2006 3:32:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/12/2006
Kaspersky Anti-Virus database records: 239570
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 79915
Number of viruses found 15
Number of infected objects 122 / 0
Number of suspicious objects 0
Duration of the scan process 01:16:14

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Creative\CADI\Preset\PCI_BUS1102-5-211102-A000.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05100000\45787820.VBN Infected: Trojan-Proxy.Win32.Wopla.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05100001\45787841.VBN Infected: Trojan-Downloader.Win32.CWS.ah skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05100002\4578784E.VBN Infected: Trojan-Downloader.Win32.CWS.ah skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE80000\4DF90D69.VBN Infected: Trojan.Win32.ExitWin.z skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cert8.db Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\history.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\key3.db Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\parent.lock Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Nicolas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Messenger\nicolasgenestar@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Messenger\nicolasgenestar@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Messenger\nicolasgenestar@hotmail.com\SharingMetadata\Working\database_F40C_D6C7_CD6_83D0\dfsr.db Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Messenger\nicolasgenestar@hotmail.com\SharingMetadata\Working\database_F40C_D6C7_CD6_83D0\fsr.log Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Messenger\nicolasgenestar@hotmail.com\SharingMetadata\Working\database_F40C_D6C7_CD6_83D0\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Messenger\nicolasgenestar@hotmail.com\SharingMetadata\Working\database_F40C_D6C7_CD6_83D0\tmp.edb Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Windows Live Contacts\nicolasgenestar@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Windows Live Contacts\nicolasgenestar@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Historique\History.IE5\MSHist012006121020061211\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temp\ mon011.log Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temp\~DF7651.tmp Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temp\~DF7943.tmp Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temp\~DF871B.tmp Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temp\~DF9102.tmp Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nicolas\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nicolas\zxczxc Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\Program Files\Creative\ShareDLL\CADI\CTPLang.dat Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0415NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001500.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001501.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001502.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001503.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001504.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001513.exe Infected: Trojan-Downloader.Win32.Small.ebu skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001525.exe Infected: Trojan-Proxy.Win32.Small.fe skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001526.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001527.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001544.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001545.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001546.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001566.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001567.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001568.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001569.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001570.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001582.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001583.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001937.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001939.exe Infected: not-virus:Hoax.Win32.Renos.gc skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001940.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001949.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001951.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001952.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001953.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001954.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001962.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001963.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001973.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001975.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001976.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001977.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001978.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001979.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001999.exe Infected: not-virus:Hoax.Win32.Renos.fl skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002001.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002002.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002003.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002004.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002005.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002723.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002724.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002725.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002726.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002727.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002730.exe Infected: not-virus:Hoax.Win32.Renos.gc skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002740.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002741.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002778.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002779.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002780.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002781.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002782.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002790.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002791.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002792.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002793.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002794.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002795.exe Infected: not-virus:Hoax.Win32.Renos.gc skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002840.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002841.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002842.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002843.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002844.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002856.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002857.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002858.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002859.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002860.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002861.exe Infected: not-virus:Hoax.Win32.Renos.gc skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002881.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002883.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002884.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002885.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002886.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002897.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002898.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002899.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002900.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002901.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002915.exe Infected: Trojan-Downloader.Win32.Delf.aeu skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002916.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002917.exe Infected: Trojan-Clicker.Win32.Costrat.z skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002918.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002919.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002921.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002922.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002923.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002924.exe Infected: not-virus:Hoax.Win32.Renos.gc skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002925.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002926.exe Infected: Trojan-Proxy.Win32.Small.fe skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002929.exe Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002930.exe Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002932.exe Infected: Trojan-Dropper.Win32.Small.atd skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002933.exe Infected: Trojan-Downloader.Win32.Delf.aeu skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002935.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002950.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4781.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ss.exe.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\z3100.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3109.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3243.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3285.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3386.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3393.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z341.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3424.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3577.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3589.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3682.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3711.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3832.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3863.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z3876.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z398.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\z399.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\WINDOWS\system32\__delete_on_reboot__u_s_b_p_d_a_._d_l_l_ Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Mes Documents\Mes Historiques de Conversation\décembre 2006\blueouarez@hotmail.com.html Object is locked skipped
D:\Mes Documents\Mes Historiques de Conversation\décembre 2006\choopsbidoowa@hotmail.fr.html Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Voila je te remercie encore une fois de te pencher sur mon probleme!!!

répondre

Malekal_morte le 10 décembre 2006 à 15h49

vas sur ce site http://siri.urz.free.fr/upload/
Clic sur Parcourir, sélectionne C:\WINDOWS\system32\z398.dll
puis clic sur Upload.

Dis moi quand c'est fait.

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

répondre

unitednowhere le 10 décembre 2006 à 15h50

C'est fait

répondre

Malekal_morte le 10 décembre 2006 à 16h16

Sur HijackThis, coche cette ligne :

O21 - SSODL: ZULuLnTTeY - {0CD683D1-A67C-297B-0A75-C372500144BA} - C:\WINDOWS\system32\oduca.dll (file missing)

--> clic sur fix checked

Télécharges et installes :
KillBox de Option^Explicit
Aide Killbox

sélectionne entièrement la liste ci-dessous :

C:\Documents and Settings\Nicolas\zxczxc
C:\WINDOWS\system32\z3100.dll
C:\WINDOWS\system32\z3109.dll
C:\WINDOWS\system32\z3243.dll
C:\WINDOWS\system32\z3285.dll
C:\WINDOWS\system32\z3386.dll
C:\WINDOWS\system32\z3393.dll
C:\WINDOWS\system32\z341.dll
C:\WINDOWS\system32\z3424.dll
C:\WINDOWS\system32\z3577.dll
C:\WINDOWS\system32\z3589.dll
C:\WINDOWS\system32\z3682.dll
C:\WINDOWS\system32\z3711.dll
C:\WINDOWS\system32\z3832.dll
C:\WINDOWS\system32\z3863.dll
C:\WINDOWS\system32\z3876.dll
C:\WINDOWS\system32\z398.dll
C:\WINDOWS\system32\z399.dll
C:\WINDOWS\system32\__delete_on_reboot__u_s_b_p_d_a_._d_l_l_
C:\WINDOWS\system32\ss.exe.exe

---> et tu fais clic droit / copier

Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le menu "File" -> "Past from clip board"
- Clique sur All Files
- Clique sur la croix rouge et et blanche
- Répond yes et laisse redémarrer ton pc.
N'hésite pas à consulter l'Aide killbox

NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!" et que l'ordinateur ne redémarre pas, redémarre le manuellement ---> Menu Démarrer / arreter / redémarrer l'ordinateur

Après redémarrage, relance Killbox puis clic sur le menu fichier -> Logq -> Actions History Log
Poste le rapport ici

Supprime C:\Program Files\SpySherrif si existant.

- Télécharges F-Secure Blacklight/ et mets le sur ton bureau
- Copie/colle ceci dans le bloc-note (Menu Démarrer / Programmes / Accessoires / Bloc-note)
- Enregistre le contenu (fichier / enregistrer-sous) dans un fichier que tu nomeras go.cmd, place le aussi sur ton bureau :

@echo off
title Lancement de F-Secure Blacklight en mode expert
echo Lancement de F-Secure Blacklight en mode expert
blbeta /expert
pause>nul
exit

- Double-clic sur go.cmd
- Un rapport fsbl-bxxxx.log va être créé dans le même dossier que blbeta.exe
- Ouvre fsbl-bxxxx.log et copie/colle le contenu ici, pour cela :
- Menu Edition / copier
- ici dans un nouveau message : clic droit / coller
Aide : Tu peux consulter le tutorial de F-Secure BlackLight

ET :
Refais un scan en ligne avec Kaspersky et poste le rapport ici.

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

répondre

unitednowhere le 10 décembre 2006 à 16h39

Alors voila le rapport Killbox:

Pocket Killbox version 2.0.0.648
Running on Windows XP as Nicolas(Administrator)
was started @ dimanche, décembre 10, 2006, 4:23 PM

# 1 [Delete on Reboot]
Path = C:\Documents and Settings\Nicolas\zxczxc

# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3100.dll

# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3109.dll

# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3243.dll

# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3285.dll

# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3386.dll

# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3393.dll

# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\z341.dll

# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3424.dll

# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3577.dll

# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3589.dll

# 12 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3682.dll

# 13 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3711.dll

# 14 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3832.dll

# 15 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3863.dll

# 16 [Delete on Reboot]
Path = C:\WINDOWS\system32\z3876.dll

# 17 [Delete on Reboot]
Path = C:\WINDOWS\system32\z398.dll

# 18 [Delete on Reboot]
Path = C:\WINDOWS\system32\z399.dll

# 19 [Delete on Reboot]
Path = C:\WINDOWS\system32\__delete_on_reboot__u_s_b_p_d_a_._d_l_l_

# 20 [Delete on Reboot]
Path = C:\WINDOWS\system32\ss.exe.exe

I Rebooted @ 4:25:40 PM
Killbox Closed(Exit) @ 4:25:50 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Nicolas(Administrator)
was started @ dimanche, décembre 10, 2006, 4:29 PM

Et le rapport fsbl-bxxxxLog:

12/10/06 16:32:38 [Info]: BlackLight Engine 1.0.47 initialized
12/10/06 16:32:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/10/06 16:32:38 [Note]: 7019 4
12/10/06 16:32:38 [Note]: 7005 0
12/10/06 16:32:41 [Note]: 7006 0
12/10/06 16:32:41 [Note]: 7022 0
12/10/06 16:32:41 [Note]: 7011 1536
12/10/06 16:32:41 [Note]: 7026 0
12/10/06 16:32:41 [Note]: 7026 0
12/10/06 16:32:41 [Note]: FSRAW library version 1.7.1020
12/10/06 16:34:48 [Note]: 7007 0

Je donne le nouveau rapport kaspersky des que j'ai fais le scan. Rah mon PC revit la

répondre

unitednowhere le 10 décembre 2006 à 19h36

Voila le resultat du scan:

KASPERSKY ONLINE SCANNER REPORT
Sunday, December 10, 2006 7:33:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/12/2006
Kaspersky Anti-Virus database records: 239609
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 80739
Number of viruses found 13
Number of infected objects 134 / 0
Number of suspicious objects 0
Duration of the scan process 01:16:37

Infected Object Name Virus Name Last Action
C:\!KillBox\( 1) Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\!KillBox\ss.exe.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\!KillBox\z3100.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3109.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3243.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3285.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3386.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3393.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z341.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3424.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3577.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3589.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3682.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3711.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3832.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3863.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z3876.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z398.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\z399.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\!KillBox\__delete_on_reboot__u_s_b_p_d_a_._d_l_l_ Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\Documents and Settings\All Users\Application Data\Creative\CADI\Preset\PCI_BUS1102-5-211102-A000.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05100000\45787820.VBN Infected: Trojan-Proxy.Win32.Wopla.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05100001\45787841.VBN Infected: Trojan-Downloader.Win32.CWS.ah skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05100002\4578784E.VBN Infected: Trojan-Downloader.Win32.CWS.ah skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE80000\4DF90D69.VBN Infected: Trojan.Win32.ExitWin.z skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\cert8.db Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\history.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\key3.db Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\parent.lock Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Nicolas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ihrpvpk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Historique\History.IE5\MSHist012006121020061211\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temp\ mon012.log Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nicolas\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Creative\ShareDLL\CADI\CTPLang.dat Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0414NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0881NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001500.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001501.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001502.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001503.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001504.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001513.exe Infected: Trojan-Downloader.Win32.Small.ebu skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001525.exe Infected: Trojan-Proxy.Win32.Small.fe skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001526.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001527.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001544.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001545.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001546.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001566.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001567.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001568.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001569.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001570.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001582.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP23\A0001583.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001937.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001940.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001949.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001951.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001952.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001953.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001954.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001962.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001963.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001973.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001975.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001976.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001977.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001978.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0001979.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002001.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002002.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002003.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002004.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002005.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002723.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002724.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002725.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002726.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002727.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002740.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002741.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002778.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002779.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002780.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002781.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002782.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002790.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002791.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002792.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002793.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002794.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002840.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002841.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002842.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002843.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002844.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002856.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002857.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002858.exe Infected: Email-Worm.Win32.Glowa.n skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002859.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002860.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002881.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002883.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002884.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002885.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002886.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002897.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002898.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002899.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002900.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002901.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002915.exe Infected: Trojan-Downloader.Win32.Delf.aeu skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002916.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002917.exe Infected: Trojan-Clicker.Win32.Costrat.z skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002918.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002919.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002921.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002922.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002923.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002925.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002926.exe Infected: Trojan-Proxy.Win32.Small.fe skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002929.exe Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002930.exe Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002932.exe Infected: Trojan-Dropper.Win32.Small.atd skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002933.exe Infected: Trojan-Downloader.Win32.Delf.aeu skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002935.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002950.dll Infected: Trojan-Clicker.Win32.Small.mk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002964.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002965.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002966.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002967.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002968.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002969.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002970.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002971.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002972.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002973.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002974.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002975.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002976.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002977.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002978.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002979.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002980.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP27\A0002981.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP28\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4781.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP28\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{A2F915ED-C675-48D3-B297-87D58BE9C174}\RP28\change.log Object is locked skipped
Scan process completed.

répondre

Malekal_morte le 10 décembre 2006 à 20h30

Supprime : C:\!KillBox\

C'est OK en suivant les dernières manipulations ci-dessous

Essaye de rapporter ton infection sur le site que je te donne ci-dessous, ce serait super cool

Ton infection : SpySherrif

- Nettoye ton ordinateur avec CCleaner : http://www.malekal.com/tutorial_CCleaner.html
- Désactive puis réactive la restauration du système :
- Mode d'emploi Windows XP

Tu peux ensuite désinstaller tous les programmes que l'on a utilisé.

je t'invite à jeter un coup d'oeil à ces liens dans la mesure du possible, essaye de rapporter ton infection :

Comment se protéger des virus : - Tout ceci est résume sur cette page : Sécuriser son ordinateur et connaître les menaces

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

Pour poster un message, clics sur le bouton "post reply" et remplir les informations - NE PAS CREER UN SUJET avec le bouton New Topic.

Pour toutes aides pour poster ton message, tu peux consulter ce lien : http://www.malekal.com/malwarecomplaints.html
Si tu as des questions ou des problèmes, n'hésites pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.

-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur

répondre

unitednowhere le 11 décembre 2006 à 11h09

Voila, désolé de ne pas avoir repondu plus tot j'ai du lacher le PC assez tot hier soir.
J'ai fais les dernieres manipulations que tu m'as indiqué c'est parfait tout marche bien.
Je tiens a te remercier encore une fois pour ton aide et ta presence (tes reponses sont plus que rapides!!!!^^).
J'ai posté sur le forum que tu m'as indiqué, il y avait deja un topic spysheriff donc j'ai rajouté ma voix.

Merci encore une fois, je n'hesiterai pas a te redemander de l'aide si j'ai besoin un de ces 4 vu tes competences!!!

répondre