Sujet Précédent Sujet Suivant

Problème cheval de troie

Résolu
CMPA -  
 CMPA -
Bonjour,

Mon antivirus me dit que j'ai un cheval de troie et à chaque fois qu'il analyse il ne le trouve plus, mais je n'ai plus accès à certains fichiers et et certaines fonctionnalités.

Est ce que quelqu'un pourrais m'aidée ?

Merci d'avance.

51 réponses

Réponse 1 / 51
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis
1
Réponse 2 / 51
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Tu peux supprimer ComboFix, Tools Cleaner et FindyKill.
1
Réponse 3 / 51
CMPA
 
Alors voilà le contenu du bloc note :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:10, on 13/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [winapl] C:\WINDOWS\system32\qvkdirwf.exe
O4 - HKCU\..\Run: [infogen] C:\WINDOWS\system32\fmfwbgxa.exe
O4 - HKCU\..\Run: [setproc] C:\WINDOWS\system32\qdizelqz.exe
O4 - HKCU\..\Run: [hlpwinapp] C:\WINDOWS\system32\gnmdunqt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
0
Réponse 4 / 51
CMPA
 
D'accord, je suis en train de faire le scan mais comme il bloque un peu, ça va prendre un petit peu de temps, mais dès qu'il a fini je post le rapport.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 51
CMPA
 
Voilà le rapport :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1145
Windows 5.1.2600 Service Pack 2

13/09/2008 18:37:43
mbam-log-2008-09-13 (18-37-43).txt

Type de recherche: Examen rapide
Eléments examinés: 57731
Temps écoulé: 12 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 277

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec1a2105-5621-440f-987d-27ef428131d9} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\config\48810242.Evt (Rootkit.Agent.H) -> Delete on reboot.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.
C:\Documents and Settings\claudine\Local Settings\Temp\elopkduv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\wxajejml.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\132656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\188875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\200515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\210562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\599250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\627968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\803171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\814187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\819828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\360Panovision Professional Suite 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\4Sale2 1.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Aardvark Aadventures 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Acid Scanner 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Active Directory Network Manager 1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Active Privacy Guardian Washer 1.57.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\AddaButton 4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Aepryus Graph 1.0 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Age of Mythology - Infiltrator scenario.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\AK-FireFrame 1.6 Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Alice DVD any Video to Sony PSP Converter 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\AlphaChess 3.2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\ALTools Christmas Desktop Wallpapers 2005.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\AppLauncher Deluxe 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Attachments Processor for Outlook 4.2 [Patch].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Audio Record Wizard 3.99 [Key+Serial].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\BBB Bar 0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Best_Firewall_2007_AIO__ZoneAlarm__Kaspersky__McAfee__Sygate__etc_.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\BillPlus 2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Bluebeam PDF Revu AutoCAD Edition 4.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Change Case of Directory Names Software 7.0 Key.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\chm2web 2.7 Build 174 Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Cibersql Web Admin 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Code Weaver 1.7.0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Coding Workshop Ringtone Converter 5.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\ComBonus 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Computer_Associates_Practice_Tests_from_Boson_5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\copy2calendar 2.0.0.23 Cracked.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\CopyWipe 1.14.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Count 3 1.06.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Crypto Composer 0.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\DBArtisan 8.1.2 build 3218 Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Deductus disk catalog 1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\DFIncBackup Home 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\DivXRepair 1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\DNews News Server 5.7e1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Doc Organizer 3.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Easy Mail Merge for Outlook 1.1.85 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\eBooks Compiler 1.0 [KeyGen].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\EBRcart 5.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Email Security Labels for Outlook 1.0 [Serial].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\EMS SQL Manager 2005 for SQL Server 2.5.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\EnCalcE 2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Engineering Power Tools 1.9.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\English & Armenian Dictionary 2.7 Cracked.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\EssentialPIM Pro 1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Essien VideoConvert 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Eyes Relaxing and Focusing 2.0 [Serial].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Family Database 2008 1.0.0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Filecom Order System 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Files Search Assistant 3.1 (Key+Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\FirstStop WebSearch Standard Edition 5.0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Folio First 1.0.0.371 [Key+Serial].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Fontabulator 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\FotoPrint 3.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Free XP Style Icons 0.1 [Key].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Fresh UI 7.62.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Gadwin Web Snapshot 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Gammadyne Mailer 27.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\GatherBird SQLGrep 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\gdShredder 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\GeometryProof Professional Edition 5.10 [Serial].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\GetBot 3.04 [Cracked].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\GoogImager Browser 1.0 [With Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Halo Combat Evolved Chutes and Ladders map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\HandoVideo Converter Lite 2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\HDDlife plug-in for Google Desktop 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Hotel Pro 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\hsCADence 1.0.10.18.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Imaging Matrix - Image Converter Lite 2.0 Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Inline Search for IE 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Innovatools Email Control 1.0 (Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Instant Eyedropper Free 1.75.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Intelliant OCR 1.1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Internet Traffic Agent 2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\InterWARN 4.0 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\IsoMaker 2000 6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\ISQLme 1.0.04.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Janitor Dan the Spaceman 1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\JXMLAppKit 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\KaZaZZ! Ask Anything Toolbar 7.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\KittyXplorer 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\KLogicalDrives 1.0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\kmAnywhere 2005 Pro build 060901 [Key].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\LBE Web Helpdesk 4.0.123.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Learn the Secrets to Texas Holdem Poker 2005.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\LingvoSoft Talking Picture Dictionary 2007 English - Arabic 1.1.19.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Link Exchange Easy 3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\LinkScanner Pro 2.6.2.0068.7 (KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Little Black Book Trailer.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Lizard Application Monitor 7.11.93.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Lizard Protector Secure Viewer 1.1.90.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\LockDown My Computer 1.1.1 (Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Lomond Home PhotoLab 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Love Fortune Clock screensaver 2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Mansfield Park 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\McAfee.VirusScan.Enterprise.v8.5.0i-DVT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\MechWarrior 4 Vengeance - Martian Range map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\mnoGoSearch SQL 3.2.41.1 Key.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\ModelPress Desktop 4.4.0.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\ModemLockDown 3.31.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\MP3 and WAV Solutions 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\MSCCrypto 2.0 [Cracked].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\MSN Nick Changer for Windows Media Player 1b.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\MSN Space Helper 1.51.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\MSN Winks Remover 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Multi-Mail Notifier 3.1.002.04 Key.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Multiple Choice 1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\My Web News January 2006.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\MyAlert For MySpace 1.3 (KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\MyDbDump 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Myspace the Guide 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Natural Login Pro 1.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\NCM Webcams 1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\nCRYPTION 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Nerocode MySQL Client 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Network Assistant 4.2.0.2525 (With Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Network Tools 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\NetworkView 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\NewsPoint 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\NRG Orb - 3D Fully Animated Wallpaper 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Orbitz Search Widget 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Orkut Cute 6.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\OSCheck 1.2 Build 1000.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Outlook Express ActiveX Control 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Oven Fresh Developer Pack 2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\OverCAD Blocks 1.21 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Panda.Antivirus.2007.Beta.-.Valid.Crack.July.2007.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Panda.antivirus.titanium.2005.french.(multilang).retail.Ressed.By.M@RtZXO5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Panorama 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Password Guard 5.0.600.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\PC Activity Monitor Net (PC Acme Net) 6.4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\PDF2Office Professional 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\PDF417 ActiveX Control 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\PGP Desktop 9.6.0 Public Beta 1 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Photo Mishmash Screensaver 2.2.4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Photocopier Pro 3.04.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Plaxoft Time Tracker 1.0 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Portable Vault 2.1.5.0 [Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Projectexplorer 2.3 (Cracked).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\PSS Update Check Control 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Quality Golf Stats 5.10.27.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\QWallet 2.0 [Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Radsoft RadVWM 1.3.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Random Clock# Generator 5.3 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Red Dot Forever 1.03.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Red Flower Jigsaw Puzzle 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Registry Repair Doctor 1.0.0.1 With Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\RelayFax Server 6.7.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Risk 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\River Past Video Slice 5.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\RumorMill 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Scam Escrow Detector 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\SecureAway 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\ShareCrypt 2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Sib Icon Converter 2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\SimpleFTP 1.1 Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\SlavaNap 3.0.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Sniper 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\SpamWeed Anti-Spam Filter 2.5 rev290.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Speak 1.8.84.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Speaking Notepad 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\SplitWiz 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Stay On Top 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\StopItNow! 5.17i.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\StoragePatrol 2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\StrikeIron Reverse Phone Lookup 2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Swiff Player 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Swift POS 5.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Talismania Deluxe 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Taskbar Control 2.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Texas Hold'em Poker 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\THRSim11 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\TradeAccountant Pro 3.4.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\TSOfficePool - Pro Football 6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Turbo Icon Editor 2.0.1 [Serial].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\TWAIN Integration Kit 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Unreal Tournament 2003 - Nanika skin.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Unreal Tournament 2003 - Silver deathmatch map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\VicFTPS 3.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Virtua Tennis demo.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Virtual Safe 1.2.2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Vue d'Esprit 4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Walrus Screensaver 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Warcraft II demo.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Weather Manager 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\Web Research Network Add-on 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\WinCron 4.3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\WinSpy 3.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\WinUtilities EXE Protector 2.1 [Key+Serial].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\WordSafe Voyager 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\WorldCup 2006 Lite 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\wxDownload Fast 0.6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\XHP CMS 0.5.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\XMLSpy Enterprise Edition 2007 SP2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\YeoSoft Text to MP3 Speaker 5.1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\ZeroTrace 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Application Data\m\shared\ZW Net Send Manager 2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav.ooo (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\claudine\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc733j0e9ev.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Il me met aussi que certains éléments n'ont pas pu être supprimés et qu'ils ont été ajoutés à la liste des éléments qui seront supprimés au redémarrage et il me demande si je veux redémarrer mon ordinateur.

Dois-je le redémarrer ?
0
Réponse 6 / 51
CMPA
 
Voilà, j'ai redémarré.
0
Réponse 7 / 51
CMPA
 
Voilà :

----------------- FindyKill V3.075 ------------------

Recherche effectuée à 18:54:27 le 13/09/2008
Emplacement : C:\Program Files\FindyKill\FindyKill.bat
Outils Mis a jours le 11/09/08

----------------- *** Recherche *** ------------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

»»»» Presence des fichiers dans C:\WINDOWS\system32

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\claudine\Application Data

»»»» Registre :

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
lxcrmon.exe REG_SZ "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
EzPrint REG_SZ "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
CTHelper REG_SZ CTHELPER.EXE
UpdReg REG_SZ C:\WINDOWS\UpdReg.EXE
Jet Detection REG_SZ "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
LXCRCATS REG_SZ rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
winapl REG_SZ C:\WINDOWS\system32\qvkdirwf.exe
infogen REG_SZ C:\WINDOWS\system32\fmfwbgxa.exe
setproc REG_SZ C:\WINDOWS\system32\qdizelqz.exe
hlpwinapp REG_SZ C:\WINDOWS\system32\gnmdunqt.exe

»»»» Presence d infections dans Support amovible :

----------- ! Recherche realisée avec success ! -----------
0
Réponse 8 / 51
CMPA
 
Voilà, je suis en train de faire le scan.
0
Réponse 9 / 51
CMPA
 
Il me dit qu'un virus ou un programme indésirable a été trouvé et me demande ce que je veux faire :

le déplacer en quarantaine
le supprimer
le renommer
ou l'ignorer

Que dois-je choisir ?
0
Réponse 10 / 51
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Supprime.
0
Réponse 11 / 51
CMPA
 
Il en a trouvé 3 autres aussi et je les ai supprimer aussi
0
Réponse 12 / 51
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Poste le rapport à la fin de l'analyse.
0
Réponse 13 / 51
CMPA
 
D'accord, je posterais le rapport dès qu'il aura fini.
0
Réponse 14 / 51
CMPA
 
C'est enfin fini, voici le rapport :

Avira AntiVir Personal
Date de création du fichier de rapport : samedi 13 septembre 2008 19:13

La recherche porte sur 1612438 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :CLAUDINE-UJIXUA

Informations de version :
BUILD.DAT : 8.1.0.47 16931 Bytes 19/08/2008 11:45:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:49
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 17:12:11
ANTIVIR3.VDF : 7.0.6.154 2048 Bytes 12/09/2008 17:12:11
Version du moteur: 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 13/09/2008 17:12:24
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 13/09/2008 17:12:22
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 13/09/2008 17:12:21
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 13/09/2008 17:12:20
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 13/09/2008 17:12:14
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 13/09/2008 17:12:13
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 13/09/2008 17:12:12
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : samedi 13 septembre 2008 19:13

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'locator.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'oodag.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lxcrcoms.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleUpdaterService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BTNtService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleUpdater.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LogitechDesktopMessenger.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BlueSoleil.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HOMERunner.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CTHELPER.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'ezprint.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lxcrmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'39' processus ont été contrôlés avec '39' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '53' fichiers).

La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Documents and Settings\claudine\Local Settings\Temp\IXP000.TMP\oput.exe
[RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\claudine\Local Settings\Temp\IXP001.TMP\oput.exe
[RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\claudine\Local Settings\Temp\IXP002.TMP\oput.exe
[RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\claudine\Local Settings\Temp\IXP003.TMP\oput.exe
[RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\claudine\Mes documents\jeux\Jojo's Fashion Show\Jojo's Fashion Show.exe
[0] Type d'archive: RAR SFX (self extracting)
--> Uninstall.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Gampass.CV
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\claudine\Mes documents\jeux\[PC Game] Dress Shop Hop\dress shop hop.exe
[0] Type d'archive: RAR SFX (self extracting)
--> Uninstall.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Gampass.CV
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\claudine\Mes documents\jeux\[PC Game] Dress Shop Hop\[PC Game] Dress Shop Hop.rar
[0] Type d'archive: RAR
--> dress shop hop.exe
[1] Type d'archive: RAR SFX (self extracting)
--> Uninstall.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Gampass.CV
[REMARQUE] Fichier supprimé.
C:\Program Files\Dress Shop Hop\Uninstall.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Gampass.CV
[REMARQUE] Fichier supprimé.
C:\Program Files\Jojo's Fashion Show\Uninstall.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Gampass.CV
[REMARQUE] Fichier supprimé.
C:\Program Files\ZeCheval`Script\mirc.exe
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/mIRC-1755648.A
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0017208.exe
[0] Type d'archive: RAR SFX (self extracting)
--> MSA.exe
[RESULTAT] Contient le cheval de Troie TR/Fake.UltimaAV.bh
--> MSA.cpl
[RESULTAT] Contient le cheval de Troie TR/FakeAV.AO
[RESULTAT] Contient le modèle de détection du dropper DR/FraudTool.MSAntivirus.T.1
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0017227.exe
[0] Type d'archive: RAR SFX (self extracting)
--> MSA.exe
[RESULTAT] Contient le cheval de Troie TR/Fake.UltimaAV.bh
--> MSA.cpl
[RESULTAT] Contient le cheval de Troie TR/FakeAV.AO
[RESULTAT] Contient le modèle de détection du dropper DR/FraudTool.MSAntivirus.T.1
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0018425.exe
[0] Type d'archive: RAR SFX (self extracting)
--> MSA.exe
[RESULTAT] Contient le cheval de Troie TR/Fake.UltimaAV.bh
--> MSA.cpl
[RESULTAT] Contient le cheval de Troie TR/FakeAV.AO
[RESULTAT] Contient le modèle de détection du dropper DR/FraudTool.MSAntivirus.T.1
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0018460.exe
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Frauder.bu
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0018519.exe
[RESULTAT] Contient le cheval de Troie TR/Obfuscated.GX.736
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0018786.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0018847.dll
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0018974.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Gampass.CV
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0018975.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Gampass.CV
[REMARQUE] Fichier supprimé.
C:\System Volume Information\_restore{D5EF2C8A-C965-404E-AB53-7917EC7C6340}\RP187\A0018976.exe
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/mIRC-1755648.A
[REMARQUE] Fichier supprimé.

Fin de la recherche : samedi 13 septembre 2008 20:43
Temps nécessaire: 1:30:28 Heure(s)

La recherche a été effectuée intégralement

6148 Les répertoires ont été contrôlés
293969 Des fichiers ont été contrôlés
26 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
20 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
293942 Fichiers non infectés
1318 Les archives ont été contrôlées
1 Avertissements
20 Consignes
0
Réponse 15 / 51
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Poste un nouveau rapport HijackThis.
0
Réponse 16 / 51
CMPA
 
Voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:36, on 13/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [winapl] C:\WINDOWS\system32\qvkdirwf.exe
O4 - HKCU\..\Run: [infogen] C:\WINDOWS\system32\fmfwbgxa.exe
O4 - HKCU\..\Run: [setproc] C:\WINDOWS\system32\qdizelqz.exe
O4 - HKCU\..\Run: [hlpwinapp] C:\WINDOWS\system32\gnmdunqt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
0
Réponse 17 / 51
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 18 / 51
CMPA
 
Quand je clique sur le lien je met exécuter et après Combofix charge mais ça me met ça :

You cannot rename ComboFix as ComboFix[1]

Please user another name, preferbaly made up of alphanumeric characters

et quand je clique sur OK il ne se passe rien
0
Réponse 19 / 51
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Essaie avec ce lien :
https://forospyware.com
0
Réponse 20 / 51
CMPA
 
Ca me marque toujours la même chose
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses