VIRUS ALERTE!!
Résolu
syberflo84
Messages postés
27
Statut
Membre
-
syberflo84 Messages postés 27 Statut Membre -
syberflo84 Messages postés 27 Statut Membre -
Bonjour,
j'ai un ami qu'un ma donner son pc car il n'arrivé pas a supprimer un virus qui peut s'appeler "VIRUS ALERT!"j'ai regarder sur ce forum et voit qu'il y a une solution mais assez compliquer, c'est pour cela que j'ai quand meme essayé et j'ai russit a avoir un rapport avec HijackThis. SVP aider moi !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57: VIRUS ALERT!, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79A77690-93EB-9CB6-375D-02CC50A4C093} - C:\DOCUME~1\damien\APPLIC~1\AMOKWE~1\setup rule.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {9BAB10CC-0EE5-4B15-9017-B7AF2326724D} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\damien\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\damien\Application Data\Microsoft\Windows\rayio.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.tiscali.it/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.com/initech/plugin/axINIplugin40.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
j'ai un ami qu'un ma donner son pc car il n'arrivé pas a supprimer un virus qui peut s'appeler "VIRUS ALERT!"j'ai regarder sur ce forum et voit qu'il y a une solution mais assez compliquer, c'est pour cela que j'ai quand meme essayé et j'ai russit a avoir un rapport avec HijackThis. SVP aider moi !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57: VIRUS ALERT!, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79A77690-93EB-9CB6-375D-02CC50A4C093} - C:\DOCUME~1\damien\APPLIC~1\AMOKWE~1\setup rule.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {9BAB10CC-0EE5-4B15-9017-B7AF2326724D} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\damien\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\damien\Application Data\Microsoft\Windows\rayio.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.tiscali.it/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.com/initech/plugin/axINIplugin40.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
A voir également:
- VIRUS ALERTE!!
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Alerte virus google - Accueil - Virus
- Fausse alerte connexion facebook - Guide
- Fausse alerte virus google - Guide
- Virus facebook demande d'amis - Accueil - Facebook
13 réponses
Search Navipromo version 3.6.7 commencé le 27/10/2008 à 14:26:13,73
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "damien"
Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\damien\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\damien\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\damien\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\damien\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\damien\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 27/10/2008 à 14:32:18,75 ***
c'est le rapport demandé avec Navilog 1 ;
Merci d'avance
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "damien"
Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\damien\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\damien\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\damien\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\damien\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\damien\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 27/10/2008 à 14:32:18,75 ***
c'est le rapport demandé avec Navilog 1 ;
Merci d'avance
ok rien de ce cote la
1) Télécharge et installe Malwarebyte's Anti-Malware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
quand tu demande une analyse, demande en mode sans échec.
Pourquoi en mode sans échec:
*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
1) Télécharge et installe Malwarebyte's Anti-Malware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
quand tu demande une analyse, demande en mode sans échec.
Pourquoi en mode sans échec:
*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
oui j'ai déja fai un rapport avec ce logiciel le problém étant que sur la machine en question je n'ai pas de connection internet! je ne peut donc pas mettre a jour le logiciel.Est-ce un probléme ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
27/10/2008 16:29:15
mbam-log-2008-10-27 (16-29-00).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 112699
Temps écoulé: 1 hour(s), 18 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 80
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> No action taken.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc35cj0endj (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc35cj0endj (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\antispyware 2008 (Rogue.Antispyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.bwdf (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc35cj0endj (Rogue.AntivirusXP2008) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0011903-00117) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> No action taken.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> No action taken.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> No action taken.
C:\Program Files\rhc35cj0endj (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Packages (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\damien\Local Settings\Temp\dssc32.exe (Rogue.Installer) -> No action taken.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP40\A0013004.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP40\A0013012.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP41\A0014010.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014282.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014288.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014296.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014306.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014311.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0015311.exe (Rogue.Agent) -> No action taken.
C:\WINDOWS\eepo.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\program.id (Rogue.MalWarrior) -> No action taken.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> No action taken.
C:\Program Files\PCPrivacyCleaner\pcpc.exe (Rogue.PCPrivacyCleaner) -> No action taken.
C:\Program Files\rhc35cj0endj\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\rhc35cj0endj.exe.local (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\program.ini (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.dat (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.tmp (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080501174100265.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080501180617453.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080503041254625.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080503195502375.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080504125218109.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506082958093.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506183731812.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506222404437.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506231846968.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080508024511625.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080510163358718.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080510164014734.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080511110519343.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512031947640.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512032356625.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512040340437.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512173322984.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512180305281.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512180734703.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512181743437.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512182342531.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512182647640.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080513014057703.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080513014719937.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080517214651445.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518094533828.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518133510140.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080519190932953.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\blphc75cj0endj.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phc75cj0endj.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\bindsrv2.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\damien\Application Data\TmpRecentIcons\PCPrivacyCleaner.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
27/10/2008 16:29:15
mbam-log-2008-10-27 (16-29-00).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 112699
Temps écoulé: 1 hour(s), 18 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 80
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> No action taken.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc35cj0endj (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc35cj0endj (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\antispyware 2008 (Rogue.Antispyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.bwdf (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc35cj0endj (Rogue.AntivirusXP2008) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0011903-00117) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> No action taken.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> No action taken.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> No action taken.
C:\Program Files\rhc35cj0endj (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Packages (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\damien\Local Settings\Temp\dssc32.exe (Rogue.Installer) -> No action taken.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP40\A0013004.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP40\A0013012.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP41\A0014010.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014282.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014288.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014296.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014306.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014311.exe (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0015311.exe (Rogue.Agent) -> No action taken.
C:\WINDOWS\eepo.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\program.id (Rogue.MalWarrior) -> No action taken.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> No action taken.
C:\Program Files\PCPrivacyCleaner\pcpc.exe (Rogue.PCPrivacyCleaner) -> No action taken.
C:\Program Files\rhc35cj0endj\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc35cj0endj\rhc35cj0endj.exe.local (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\program.ini (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.dat (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.tmp (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080501174100265.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080501180617453.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080503041254625.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080503195502375.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080504125218109.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506082958093.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506183731812.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506222404437.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506231846968.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080508024511625.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080510163358718.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080510164014734.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080511110519343.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512031947640.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512032356625.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512040340437.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512173322984.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512180305281.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512180734703.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512181743437.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512182342531.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512182647640.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080513014057703.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080513014719937.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080517214651445.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518094533828.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518133510140.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080519190932953.log (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\blphc75cj0endj.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phc75cj0endj.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\damien\Local Settings\Temp\bindsrv2.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\damien\Application Data\TmpRecentIcons\PCPrivacyCleaner.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\damien\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
dit moi tu fait la collection lol
bon va dans quarantaine et supprime tout ensuite reposte un log hijackthis
bon va dans quarantaine et supprime tout ensuite reposte un log hijackthis
Rapport de malwarebytes:
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
27/10/2008 16:50:59
mbam-log-2008-10-27 (16-50-59).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 112699
Temps écoulé: 1 hour(s), 18 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 80
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc35cj0endj (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc35cj0endj (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antispyware 2008 (Rogue.Antispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bwdf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc35cj0endj (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0011903-00117) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\damien\Local Settings\Temp\dssc32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP40\A0013004.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP40\A0013012.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP41\A0014010.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014282.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014288.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014296.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014306.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014311.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0015311.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\eepo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\program.id (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner\pcpc.exe (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\rhc35cj0endj.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\program.ini (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.tmp (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080501174100265.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080501180617453.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080503041254625.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080503195502375.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080504125218109.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506082958093.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506183731812.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506222404437.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506231846968.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080508024511625.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080510163358718.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080510164014734.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080511110519343.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512031947640.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512032356625.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512040340437.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512173322984.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512180305281.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512180734703.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512181743437.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512182342531.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512182647640.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080513014057703.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080513014719937.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080517214651445.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518094533828.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518133510140.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080519190932953.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc75cj0endj.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc75cj0endj.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\bindsrv2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\TmpRecentIcons\PCPrivacyCleaner.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
27/10/2008 16:50:59
mbam-log-2008-10-27 (16-50-59).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 112699
Temps écoulé: 1 hour(s), 18 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 80
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc35cj0endj (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc35cj0endj (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antispyware 2008 (Rogue.Antispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bwdf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc35cj0endj (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0011903-00117) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\rhc35cj0endj\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\damien\Local Settings\Temp\dssc32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP40\A0013004.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP40\A0013012.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP41\A0014010.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014282.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014288.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014296.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014306.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0014311.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A3E7401-C21B-43C3-8867-A809B16346A6}\RP42\A0015311.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\eepo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\program.id (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner\pcpc.exe (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc35cj0endj\rhc35cj0endj.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\program.ini (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.tmp (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080501174100265.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080501180617453.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080503041254625.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080503195502375.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080504125218109.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506082958093.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506183731812.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506222404437.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080506231846968.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080508024511625.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080510163358718.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080510164014734.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080511110519343.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512031947640.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512032356625.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512040340437.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512173322984.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512180305281.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512180734703.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512181743437.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512182342531.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080512182647640.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080513014057703.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080513014719937.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080517214651445.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518094533828.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518133510140.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080519190932953.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc75cj0endj.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc75cj0endj.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Local Settings\Temp\bindsrv2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Application Data\TmpRecentIcons\PCPrivacyCleaner.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\damien\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:29, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79A77690-93EB-9CB6-375D-02CC50A4C093} - C:\DOCUME~1\damien\APPLIC~1\AMOKWE~1\setup rule.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {9BAB10CC-0EE5-4B15-9017-B7AF2326724D} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.com/initech/plugin/axINIplugin40.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:29, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79A77690-93EB-9CB6-375D-02CC50A4C093} - C:\DOCUME~1\damien\APPLIC~1\AMOKWE~1\setup rule.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {9BAB10CC-0EE5-4B15-9017-B7AF2326724D} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.com/initech/plugin/axINIplugin40.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Le problème es reglé merci beaucoup de ce coup de main ultrapêrformant on galèrais vraiment a virer le virus .
C'est super sympa de nous aider.
C'est super sympa de nous aider.
Ok ça marche, pour le moment je suis en train d'installer xp, je vient de terminer le formatage. Je ne pourrais pas terminer ce soir, j'installerais sp3 demain et je t'envoi le rapport d'hijackthis. Encore une fois merci!
bonjour
Clique sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Clique sur navilog1.exe pour télécharger navilog1
Choisis Enregistrer
et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le bloc note.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
poste les rapports obtenus
Clique sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Clique sur navilog1.exe pour télécharger navilog1
Choisis Enregistrer
et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le bloc note.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
poste les rapports obtenus
