Infection WIN32:Horst-HW[trj] et WIN32Horst-GZ[trj] HELP
Forum Sécurité - Virus : Infection WIN32:Horst-HW[trj] et WIN32Horst-GZ[trj] HELP
Bonjour à tous!
Alors voilà, comme le titre le dit j'ai quelques soucis d'infection par des trojan. J'utilise Avast comme antivirus, et le pare-feu windows est activé.
Il m'indique à chaque fois que c'est des fichiers dans le dossier TEMP dans C:\Documents and Settings\Esteves\Local Settings qui sont infectés. J'ai beau les avoir supprimer en mode sans échec ils "réaparaissent", j'imagine que la source ne vient pas de là...
Si vous pouviez m'aider en m'indiquant quels étapes je devrais suivre ce serait bien gentil 
Le rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 16:21:11, on 01.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/671 [...] taller.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Le rapport de SDFix:
SDFix: Version 1.81
Run by Esteves - 01.05.2007 - 16:02:41.10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\Esteves\LOCALS~1\Temp\autorun.inf - Deleted
C:\WINDOWS\odbc.INI - Deleted
C:\WINDOWS\system\smss.exe - Deleted
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe:*:Enabled:Mathematica 5.1"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe:*:Enabled:Mathematica 5.1 Kernel"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe:*:Enabled:math.exe"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe"="C:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe:*:Enabled:LabVIEW 8.0 Development System"
"C:\\Documents and Settings\\Esteves\\Bureau\\Defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Bureau\\Defcon\\defcon.exe:*:Enabled
efcon"
"C:\\Program Files\\Codemasters\\Race Driver 3\\RD3.exe"="C:\\Program Files\\Codemasters\\Race Driver 3\\RD3.exe:*:Enabled:RaceDriver 3 Application"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Programmes\\Defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Programmes\\Defcon\\defcon.exe:*:Enabledefcon"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Metrowerks\\CodeWarrior CW12_V3.1\\prog\\hiwave.exe"="C:\\Program Files\\Metrowerks\\CodeWarrior CW12_V3.1\\prog\\hiwave.exe:*:Enabled:HIWAVE EXE"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Altium Designer 6\\DXP.exe"="C:\\Program Files\\Altium Designer 6\\DXP.exe:*:EnabledXP"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes fichiers reçus\\defcon\\defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes fichiers reçus\\defcon\\defcon\\defcon.exe:*:Enabledefcon"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Esteves\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Esteves\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe"="C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe:*isabled:MATLAB"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\apache2\\bin\\Apache.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\87exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\87exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\30exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\30exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\36exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\36exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\66exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\66exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\1exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\1exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\43exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\43exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\51exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\51exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\42exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\42exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\93exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\93exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\19exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\19exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\49exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\49exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\15exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\15exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\70exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\70exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\35exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\35exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\77exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\77exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\92exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\92exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\37exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\37exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\20exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\6exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\2exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\13exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\53exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\54exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\11exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\83exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\83exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\90exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\90exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\65exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\65exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\28exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\28exinjs.a9.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\daniel_esteves@hotmail.com\Sharing Folders\linouch01@hotmail.com\Thumbs.db
C:\Program Files\National Instruments\NI-CAN\bin\CanCoreVersion.dll
C:\Program Files\National Instruments\NI-CAN\bin\CANProviderVersion.dll
C:\Program Files\National Instruments\NI-CAN\bin\CANSupportVersion.dll
C:\Program Files\National Instruments\NI-DNET\bin\NidnetVersion.dll
C:\Program Files\National Instruments\NI-488.2\Bin\LaunchUtility.exe
C:\Program Files\National Instruments\NI-488.2\Help\LaunchUtility.exe
C:\Documents and Settings\Esteves\Mes documents\Mes Documents\HE-ARC\Modules Niveau I\Labo de physique\QuatriŠme exp‚rience - Pression et volume des gaz\~WRL0004.tmp
C:\Documents and Settings\Esteves\Mes documents\Mes Documents\HE-ARC\Modules Niveau II\LabView\Fichiers du prof\02_VI&sub_VI\~WRL0004.tmp
C:\Documents and Settings\Esteves\Mes documents\Mes images\Mes photos\Tor‚e … Pierre-…-Bot [9 juin 2006]\SIV5.tmp
Finished
Les fichiers qu'avast me dit infectées sont ceux qui ressemble à ca (qui sont dans la liste):
C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME
C'est grave docteur? 
Message édité par ESD le 01-05-2007 à 16:25:59
Re,
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Répondre à Angeldark
Comme j'ai écris avant je n'ai plus ces fichiers et les alertes avast, j'imagine que ça doit être tout bon alors
Merci beaucoup en tout cas! Tu m'as été d'une grande aide! C'est bien gentil.
Crois-tu que ça ait pu effacer des programmes ou quelque chose? J'ai l'impression qu'avec ces trojan mon disque dur à été liberé d'environ 1Go, mais je peux me tromper (surtout que je n'ai pas encore remarqué de fichiers manquants).
Je ne pense pas. Lié à notre nettoyage 
Répondre à Angeldark
| Citation : qu'est ce que tu arrive à voir ou à déceller? |
Pleins de choses : infections...
Répondre à Angeldark
