Sujet Précédent Sujet Suivant

[Virus] infecté par worm_attck_v122.02a

lin_105 Messages postés 14 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Je vous prie de m'aider a fixer mon ordinateur. Il est infecté par le virus iworm_attck_v122.02a. J'ai les programmes ad-aware et spybot mais le virus est toujours la.

J'installé le programme HijackThis mais pour ce que j'ai lu dans plusieurs forum il faut l'utiliser avec precaution et sous la direction de quelqu'un specialisé.

Je vous remercie pour votre aide.

lin_105
A voir également:

24 réponses

Précédent
  • 1
  • 2
Réponse 21 / 24
lin_105 Messages postés 14 Statut Membre
 
Salut,

voici le log Hijackthis:

merci,

Logfile of HijackThis v1.99.1
Scan saved at 2:39:01 AM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planetatv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planetatv.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://store.hp.com/us/en?jumpid=re_r11662_redirect_ETR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "c:\documents and settings\owner\application data\winantiviruspro2006freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://store.hp.com/us/en?jumpid=re_r11662_redirect_ETR
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - https://www.wildtangent.com/
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://splr.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/07e9a5c18c21cc3aa803/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://210.211.81.160//activex/AMC.cab
O16 - DPF: {812A5592-FBF0-4D40-B0EF-CEA668406C0C} (Yahoo! Fotos – Carga fácil de fotos Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4e1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
0
Réponse 22 / 24
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Bonjour,

Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4
https://www.safer-networking.org/

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf

3/ Ewido:

http://perso.orange.fr/entraide-hijackthis/Ewido/

Installation puis mises à jour.

4/ Ccleaner :

https://www.pcastuces.com/logitheque/ccleaner.htm
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)

O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "c:\documents and settings\owner\application data\winantiviruspro2006freeinstall[1].exe" -nag

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

c:\documents and settings\owner\application data\winantiviruspro2006freeinstall[1].exe

----------------------------------------------------------------------------
¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
-------------------------------------------------------------------------------------------
¤ Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)
• Clique sur Analyse
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur Lancer le Nettoyage

Suppression des incohérence du registre

• Clique sur l'icône Erreurs situés dans la marge à gauche.
• Puis clique sur Analyser les erreurs
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur Corriger les erreurs.

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+
0
Réponse 23 / 24
lin_105 Messages postés 14 Statut Membre
 
Salut,

ok, d'abord le report de ewido... le premier.

Puis tout marché bien sauf que:

- Le fichier :
c:\documents and settings\owner\application data\winantiviruspro2006freeinstall[1].exe
n'était pas la..

- apres avoir fait le scan avec ewido, est-ce que j'ai du fixer les choses qui ont été detecté... j'ai seulement copié le rapport mais rien de plus.

- Dans le dernier hijack this (qui est a la fin), il semble que :
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
est toujours la... :s

A part de ça, il semble que tout marche bien...

merci,
a plus

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:30:32 PM 8/27/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : No action taken.
HKU\S-1-5-21-3660946461-2501954535-3646181656-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : No action taken.
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140916.exe -> Downloader.Zlob.afl : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140702.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140703.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140839.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140840.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140901.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140902.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140913.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0141007.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0141058.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0141072.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0141108.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0141118.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0141132.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0141149.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0141159.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1038\A0141830.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1038\A0141877.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1038\A0141914.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1042\A0141935.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1044\A0142509.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1046\A0142519.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1046\A0142525.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1047\A0142542.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1047\A0142548.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1048\A0142563.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1050\A0142586.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1051\A0142604.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1052\A0142648.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1053\A0142732.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1054\A0142738.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1055\A0142744.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1057\A0143762.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1058\A0143786.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1059\A0143795.exe -> Downloader.Zlob.afw : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1059\A0143796.exe -> Downloader.Zlob.yt : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140843.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\System Volume Information\_restore{83BE25CE-CF1F-4EE7-A83E-5EE431814AD3}\RP1037\A0140763.dll -> Not-A-Virus.Hoax.Win32.Renos.dp : No action taken.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@estat[1].txt -> TrackingCookie.Estat : No action taken.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\boe2fe9i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end

--------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:21:56 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planetatv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planetatv.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://store.hp.com/us/en?jumpid=re_r11662_redirect_ETR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://store.hp.com/us/en?jumpid=re_r11662_redirect_ETR
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - https://www.wildtangent.com/
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://splr.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/07e9a5c18c21cc3aa803/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://210.211.81.160//activex/AMC.cab
O16 - DPF: {812A5592-FBF0-4D40-B0EF-CEA668406C0C} (Yahoo! Fotos – Carga fácil de fotos Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4e1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
0
Réponse 24 / 24
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
salut

relance ewido et choisis l option delete

copie colle le rapport

a+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses