De nombreux virus hijackthis à vérifier svp
Fermé
chr3
Messages postés
31
Date d'inscription
mardi 29 mars 2005
Statut
Membre
Dernière intervention
20 février 2008
-
24 mars 2006 à 12:30
chr3 Messages postés 31 Date d'inscription mardi 29 mars 2005 Statut Membre Dernière intervention 20 février 2008 - 24 mars 2006 à 22:13
chr3 Messages postés 31 Date d'inscription mardi 29 mars 2005 Statut Membre Dernière intervention 20 février 2008 - 24 mars 2006 à 22:13
A voir également:
- De nombreux virus hijackthis à vérifier svp
- Verifier un lien - Guide
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Verifier compatibilite windows 11 - Guide
- Vérifier si mot de passe piraté - Guide
- Youtu.be virus - Accueil - Guide virus
7 réponses
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
24 mars 2006 à 12:56
24 mars 2006 à 12:56
Salut,
T'es profondément infecté.
Commence par faire ceci :
1/ Si tu n'en n'a pas, télécharge un firewall.
Par exemple, la version GRATUITE de ZoneAlarm® : http://www.zonelabs.com/store/content/company/products/znalm/freeDownload2.jsp?dc=34std&ctry=FR&lang=fr
Tutorial là : http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tutorial_zonealarm-323293/messages-1.html
2/ Télécharge et scanne ton PC avec Ewido Security Suite : http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html
Copie/colle le rapport entier sur le forum.
3/ Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Copie/colle le rapport entier sur le forum.
3/ Remets un log HijackThis.
Bonne chance.
++
T'es profondément infecté.
Commence par faire ceci :
1/ Si tu n'en n'a pas, télécharge un firewall.
Par exemple, la version GRATUITE de ZoneAlarm® : http://www.zonelabs.com/store/content/company/products/znalm/freeDownload2.jsp?dc=34std&ctry=FR&lang=fr
Tutorial là : http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tutorial_zonealarm-323293/messages-1.html
2/ Télécharge et scanne ton PC avec Ewido Security Suite : http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html
Copie/colle le rapport entier sur le forum.
3/ Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Copie/colle le rapport entier sur le forum.
3/ Remets un log HijackThis.
Bonne chance.
++
chr3
Messages postés
31
Date d'inscription
mardi 29 mars 2005
Statut
Membre
Dernière intervention
20 février 2008
24 mars 2006 à 15:13
24 mars 2006 à 15:13
et voici mon nouvel hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 15:12:29, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe (file missing)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:12:29, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe (file missing)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
24 mars 2006 à 18:30
24 mars 2006 à 18:30
Bonjour chr3,
Effectue bien mes prescriptions dans l'ordre, c'est important.
1/ Je te répète, installe obligatoirement un firewall si tu n'en as pas (cf. message < 1 >).
2/ Ensuite, il faut absolument régler la question de MSN.
Désinstalle impérativement MessengerPlus! 3 car c'est une fontaine de spyware !
Aussi, quand tu as installé MSN, as-tu pris le soin de cocher ceci : http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg ?
Si tu as accepté les sponsors, il faudra songer la réinstallation de MSN sans accepter les sponsors
3/ Lance HijackThis, puis -> Do a system scan only et
coche ces lignes qui t'envoie directement en Ukraine, à Kharkiv très probablement lol :
O17 - HKLMSystemCCSServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLMSystemCCSServicesTcpip..{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLMSystemCCSServicesTcpip..{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLMSystemCS1ServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLMSystemCS2ServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
4/ Télécharge, mets à jour et scanne ton PC avec Ad-Aware et SpyBot Search & Destroy :
Ad-Aware :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
SpyBot Search & Destroy :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
5/ Télécharge et nettoie ton PC avec ces deux logiciels :
CCLEANER https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé).
CleanUp40
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo d’utilisation :
http://pageperso.aol.fr/balltrap34/democleanup.htm
6/ Scanne ton PC avec cet antivirus en ligne : https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm
Copie/colle le rapport sur le forum.
7/ Reposte enfin un nouveau log HijackThis.
Courage :)
++
Effectue bien mes prescriptions dans l'ordre, c'est important.
1/ Je te répète, installe obligatoirement un firewall si tu n'en as pas (cf. message < 1 >).
2/ Ensuite, il faut absolument régler la question de MSN.
Désinstalle impérativement MessengerPlus! 3 car c'est une fontaine de spyware !
Aussi, quand tu as installé MSN, as-tu pris le soin de cocher ceci : http://theroot.chez-alice.fr/imgs/tuto/msgplus.jpg ?
Si tu as accepté les sponsors, il faudra songer la réinstallation de MSN sans accepter les sponsors
3/ Lance HijackThis, puis -> Do a system scan only et
coche ces lignes qui t'envoie directement en Ukraine, à Kharkiv très probablement lol :
O17 - HKLMSystemCCSServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLMSystemCCSServicesTcpip..{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLMSystemCCSServicesTcpip..{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLMSystemCS1ServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLMSystemCS2ServicesTcpip..{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
4/ Télécharge, mets à jour et scanne ton PC avec Ad-Aware et SpyBot Search & Destroy :
Ad-Aware :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
SpyBot Search & Destroy :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
5/ Télécharge et nettoie ton PC avec ces deux logiciels :
CCLEANER https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé).
CleanUp40
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo d’utilisation :
http://pageperso.aol.fr/balltrap34/democleanup.htm
6/ Scanne ton PC avec cet antivirus en ligne : https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm
Copie/colle le rapport sur le forum.
7/ Reposte enfin un nouveau log HijackThis.
Courage :)
++
chr3
Messages postés
31
Date d'inscription
mardi 29 mars 2005
Statut
Membre
Dernière intervention
20 février 2008
24 mars 2006 à 19:45
24 mars 2006 à 19:45
il ne veux pas me faire l'analyse avec pandasoftware comment pourrais-je faire stp
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
>
chr3
Messages postés
31
Date d'inscription
mardi 29 mars 2005
Statut
Membre
Dernière intervention
20 février 2008
24 mars 2006 à 19:51
24 mars 2006 à 19:51
T'en es déjà à l'analyse antivirus ?
Pour le scan avec Panda c'est vraiment dommage, car il est excellent...
Quel est le message d'erreur ?
Tu peux le remplacer avec celui-là :
http://www.secuser.com/antivirus/index.htm
Coche la case "Auto Clean" et clique sur "Poste de travail".
Une fois le scan en ligne terminé et les infections nettoyées, colle le nouveau log HT.
bye bye
Pour le scan avec Panda c'est vraiment dommage, car il est excellent...
Quel est le message d'erreur ?
Tu peux le remplacer avec celui-là :
http://www.secuser.com/antivirus/index.htm
Coche la case "Auto Clean" et clique sur "Poste de travail".
Une fois le scan en ligne terminé et les infections nettoyées, colle le nouveau log HT.
bye bye
chr3
Messages postés
31
Date d'inscription
mardi 29 mars 2005
Statut
Membre
Dernière intervention
20 février 2008
24 mars 2006 à 21:26
24 mars 2006 à 21:26
voici l'hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 21:25:06, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B5ACCCA-C787-40A8-9301-94F0A158FE5B}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:25:06, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B5ACCCA-C787-40A8-9301-94F0A158FE5B}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{86CF9709-BEB4-49F9-8031-E67169271794}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8489838-9A59-4621-9A37-0568657364DC}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B7626E4-1761-41A6-9C3A-BA237463C956}: NameServer = 85.255.115.38,85.255.112.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
24 mars 2006 à 21:45
24 mars 2006 à 21:45
Re,
Décidément, tu fais fi de mes conseils.
Relis le message < 5 > et fais ce qui est demandé.
++
Décidément, tu fais fi de mes conseils.
Relis le message < 5 > et fais ce qui est demandé.
++
chr3
Messages postés
31
Date d'inscription
mardi 29 mars 2005
Statut
Membre
Dernière intervention
20 février 2008
24 mars 2006 à 21:50
24 mars 2006 à 21:50
pour zone alarm avant je l'avait mais il m'avait bloqué internet du coup j'avait du formater et je n'ai pas envie de reformer aurait-tu un autre firewall a me proposé stp
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
24 mars 2006 à 21:54
24 mars 2006 à 21:54
Il suffit de chercher sur google.
Sunbelt Kerio Personal Firewall est pas mal :
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
a+
Sunbelt Kerio Personal Firewall est pas mal :
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
a+
chr3
Messages postés
31
Date d'inscription
mardi 29 mars 2005
Statut
Membre
Dernière intervention
20 février 2008
24 mars 2006 à 22:13
24 mars 2006 à 22:13
voici mon hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 22:11:55, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:11:55, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\lefief\Mes documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.numericable.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1B7D1E-77C7-C16A-B76C-70C87701EC30} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [2 atom find enc] C:\Documents and Settings\All Users\Application Data\basehelp2atom\Junk For.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Insidecdrom] C:\DOCUME~1\lefief\APPLIC~1\Dash Mpeg Fast\softheartmp3.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.numericable.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
24 mars 2006 à 13:41
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 13:40:05, 24/03/2006
+ Somme de contrôle: C286653C
+ Résultats du scan:
HKU\S-1-5-21-2000478354-1450960922-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Nettoyer et sauvegarder
[684] C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe -> Downloader.Swizzor.bo : Nettoyer et sauvegarder
[1844] VM_003B0000 -> Downloader.Agent.tc : Erreur durant le nettoyage
[2988] C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe -> Downloader.Swizzor.bo : Erreur durant le nettoyage
[4084] C:\DOCUME~1\lefief\APPLIC~1\Dataadmin\Grey Bleh.exe -> Downloader.Swizzor.bo : Erreur durant le nettoyage
C:\Documents and Settings\lefief\Cookies\lefief@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Cookies\lefief@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Cookies\lefief@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Cookies\lefief@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Cookies\lefief@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Cookies\lefief@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Cookies\lefief@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Cookies\lefief@wreport.weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Cookies\lefief@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\856J05IZ\ErrorSafeScannerInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.Agent.d : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\CUQX2GM7\ErrorSafeScannerInstallFR[1].cab/UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\JNDBRLWW\ErrorSafeScannerInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.Agent.d : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\adv625[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\xml[1].htm -> Downloader.Cobase.d : Nettoyer et sauvegarder
C:\Documents and Settings\lefief\Mes documents\hijackthis.zip/backups/backup-20050403-223344-486.dll -> Hijacker.StartPage.ix : Nettoyer et sauvegarder
::Fin du rapport
24 mars 2006 à 15:11
BitDefender Online Scanner
Scan report generated at: Fri, Mar 24, 2006 - 15:05:26
Scan path: C:\;E:\;F:\;
Statistics
Time
01:20:04
Files
418833
Folders
4098
Boot Sectors
2
Archives
2050
Packed Files
34438
Results
Identified Viruses
8
Infected Files
24
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
25
Engines Info
Virus Definitions
329905
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\lefief\Application Data\Dash Mpeg Fast\Move show bike.exe
Infected with: Trojan.Swizzor.DH
C:\Documents and Settings\lefief\Application Data\Dash Mpeg Fast\Move show bike.exe
Disinfection failed
C:\Documents and Settings\lefief\Application Data\Dash Mpeg Fast\Move show bike.exe
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\37BBFSL1\movie[1].htm
Infected with: Exploit.Html.Codebase.Exec.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\37BBFSL1\movie[1].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\37BBFSL1\movie[1].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\5[1].htm
Suspected of: Exploit.ADODB.Stream.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\5[1].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\5[1].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[10].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[10].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[10].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[1].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[1].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[1].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[2].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[2].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[2].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[3].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[3].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[3].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[4].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[4].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[4].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[5].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[5].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[5].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[6].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[6].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[6].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[7].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[7].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[7].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[8].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[8].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[8].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[9].ani
Infected with: Exploit.Win32.MS05-002.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[9].ani
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\ani[9].ani
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[1].htm
Infected with: Exploit.IECrashJS2.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[1].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[1].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[2].htm
Infected with: Exploit.IECrashJS2.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[2].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[2].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[3].htm
Infected with: Exploit.IECrashJS2.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[3].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[3].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[4].htm
Infected with: Exploit.IECrashJS2.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[4].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[4].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[5].htm
Infected with: Exploit.IECrashJS2.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[5].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[5].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[6].htm
Infected with: Exploit.IECrashJS2.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[6].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[6].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[7].htm
Infected with: Exploit.IECrashJS2.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[7].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[7].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[8].htm
Infected with: Exploit.IECrashJS2.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[8].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\fillmemadv625[8].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\wow[1].htm
Infected with: Exploit.Html.MhtRedir.Gen
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\wow[1].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\wow[1].htm
Deleted
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\x2[1].htm
Infected with: JS.Dword.dropper
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\x2[1].htm
Disinfection failed
C:\Documents and Settings\lefief\Local Settings\Temporary Internet Files\Content.IE5\X3RVL5OA\x2[1].htm
Deleted
C:\ms32.sys
Infected with: Trojan.Downloader.Small.NF
C:\ms32.sys
Disinfection failed
C:\ms32.sys
Deleted
C:\Program Files\Adv\install.exe
Infected with: Trojan.Lopad.K
C:\Program Files\Adv\install.exe
Disinfection failed
C:\Program Files\Adv\install.exe
Deleted