winantispyware2006 aussi
Dernière réponse : dans Sécurité
Bonjour à tous,
J'ai également ce problème avec winantispyware 2006, impossible de surfer sur le net sans popups et crasses en tout genre. Dois je poster un log hijakthis? Faire un scan et sauvegarder le log?
Merci pour votre aide.
Stéphane.
Autres pages sur : winantispyware2006
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Blacklight (d'F-Secure), clique sur " I ACCEPT " en bas de la page :
https://europe.f-secure.com/blacklight/try.shtml
Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras peut être une liste de fichiers détectés apparaître.
Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
NE TOUCHE A RIEN !
Nous devons analyser le rapport, ferme donc le programme.
Poste le rapport sur le forum.
Aide sur BlackLight de Malekal_Morte
Télécharge Blacklight (d'F-Secure), clique sur " I ACCEPT " en bas de la page :
https://europe.f-secure.com/blacklight/try.shtml
Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras peut être une liste de fichiers détectés apparaître.
Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
NE TOUCHE A RIEN !
Nous devons analyser le rapport, ferme donc le programme.
Poste le rapport sur le forum.
Aide sur BlackLight de Malekal_Morte
Bonjour à tous,
Impossible de scanner avec Blacklight, impossible de l'installer, il m'affiche ceci.
F-secure blacklight could not acquire necessary privileges (sedebugprivilege).
Your computer settings may prevent acquiring these privilege.
A malicious program might have disabled these privileges.
Je vous dis pas le chemin de croix pour poster ici... Popups etc...
Impossible de scanner avec Blacklight, impossible de l'installer, il m'affiche ceci.
F-secure blacklight could not acquire necessary privileges (sedebugprivilege).
Your computer settings may prevent acquiring these privilege.
A malicious program might have disabled these privileges.
Je vous dis pas le chemin de croix pour poster ici... Popups etc...
J'ai réussi à installer ewido et voici le rapport du scan
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:36:02 27/08/2006
+ Scan result:
C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VKJ8JOF\AppWrap[1].exe -> Adware.AdURL : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\09U3C5ER\ac3[1].txt -> Adware.IEHelper : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr70B6 -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039463.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039517.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039689.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039760.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039914.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040007.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040366.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040370.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041369.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041579.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041583.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041845.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041892.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042099.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042103.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042366.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042370.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0043369.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\SFP32.DLL -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dOtaclen.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\e2jmlc111f.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\fseploy.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\gp44l3hq1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ikfxhk.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\irj8l51u1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\kjdic.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\l2l60c3sef.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\l2p2lc7o1f.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\m6rmlg9116.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mvrql9951.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\n08olal31dq.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\nptui0.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\q668lgju16o8.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\rIsmontr.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\s4pu0e79eh.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\sLfrcdlg.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\saardssp.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wkpui.dll -> Adware.Look2Me : No action taken.
[2884] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : No action taken.
[3536] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : No action taken.
C:\Documents and Settings\LocalService\Application Data\аѕsembly\wοwexec.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr202D -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\mgltb.dll -> Adware.PurityScan : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\49YZQTA3\ff3[1] -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039513.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039696.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039919.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040148.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040376.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041384.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041585.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041849.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042108.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042377.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0043397.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\awtsq.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\pmnonnn.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0045797.exe -> Adware.Zestyfind : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\MZ0ZMHED\WinAntiVirusPro2006FreeInstall_fr[1].exe -> Downloader.Agent.alr : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81UNGTIR\al3[1].txt -> Downloader.Small : No action taken.
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : No action taken.
[744] C:\WINDOWS\System32\w003abb2.dll -> Downloader.Small : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\49YZQTA3\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : No action taken.
C:\RECYCLER\S-1-5-21-1644491937-1580436667-839522115-1003\Dc10.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0046841.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\Documents and Settings\geniesse\Bureau\WinAntiVirusPro2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\ICD2.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\MZ0ZMHED\WinAntiVirusPro2006FreeInstall_fr[2].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\QZ6N2HEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0044699.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\system32\fyonfwoo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\qtoevfet.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\thwegqyp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\viamungs.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.
::Report end
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:36:02 27/08/2006
+ Scan result:
C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VKJ8JOF\AppWrap[1].exe -> Adware.AdURL : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\09U3C5ER\ac3[1].txt -> Adware.IEHelper : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr70B6 -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039463.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039517.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039689.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039760.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039914.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040007.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040366.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040370.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041369.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041579.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041583.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041845.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041892.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042099.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042103.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042366.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042370.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0043369.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\SFP32.DLL -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dOtaclen.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\e2jmlc111f.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\fseploy.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\gp44l3hq1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ikfxhk.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\irj8l51u1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\kjdic.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\l2l60c3sef.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\l2p2lc7o1f.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\m6rmlg9116.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mvrql9951.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\n08olal31dq.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\nptui0.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\q668lgju16o8.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\rIsmontr.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\s4pu0e79eh.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\sLfrcdlg.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\saardssp.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wkpui.dll -> Adware.Look2Me : No action taken.
[2884] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : No action taken.
[3536] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : No action taken.
C:\Documents and Settings\LocalService\Application Data\аѕsembly\wοwexec.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr202D -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\mgltb.dll -> Adware.PurityScan : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\49YZQTA3\ff3[1] -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039513.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039696.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0039919.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040148.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0040376.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041384.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041585.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0041849.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042108.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0042377.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0043397.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\awtsq.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\pmnonnn.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0045797.exe -> Adware.Zestyfind : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\MZ0ZMHED\WinAntiVirusPro2006FreeInstall_fr[1].exe -> Downloader.Agent.alr : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81UNGTIR\al3[1].txt -> Downloader.Small : No action taken.
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : No action taken.
[744] C:\WINDOWS\System32\w003abb2.dll -> Downloader.Small : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\49YZQTA3\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : No action taken.
C:\RECYCLER\S-1-5-21-1644491937-1580436667-839522115-1003\Dc10.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0046841.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\Documents and Settings\geniesse\Bureau\WinAntiVirusPro2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\ICD2.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\MZ0ZMHED\WinAntiVirusPro2006FreeInstall_fr[2].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temporary Internet Files\Content.IE5\QZ6N2HEZ\WinAntiVirusPro2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP101\A0044699.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\system32\fyonfwoo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\qtoevfet.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\thwegqyp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\viamungs.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.
::Report end
y a apparement pas que de jolies choses, je post ici le log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10:04:07, on 27/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MFP\Type 103\RNSMST.exe
D:\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\geniesse\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [defender] c:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmad_5.exe
O4 - HKLM\..\Run: [iewc604b] RUNDLL32.EXE w003abb2.dll,n 001c604a0000000a003abb2
O4 - HKLM\..\Run: [FiresWallservices] lnothxutqhyvzy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RNSMST] "C:\Program Files\MFP\Type 103\RNSMST.exe" /HIDEUI
O4 - HKLM\..\Run: [!ewido] "D:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [FiresWallservices] lnothxutqhyvzy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 10:04:07, on 27/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MFP\Type 103\RNSMST.exe
D:\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\geniesse\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [defender] c:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmad_5.exe
O4 - HKLM\..\Run: [iewc604b] RUNDLL32.EXE w003abb2.dll,n 001c604a0000000a003abb2
O4 - HKLM\..\Run: [FiresWallservices] lnothxutqhyvzy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RNSMST] "C:\Program Files\MFP\Type 103\RNSMST.exe" /HIDEUI
O4 - HKLM\..\Run: [!ewido] "D:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [FiresWallservices] lnothxutqhyvzy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
bonjour
beaucoup d'infections
Télécharger sur le Bureau.
L2me-Destroyer.exe
= Fermer tous les programmes
=Double-clic Look2Me-Destroyer.exe
=Cocher Run this program as a task
= Message "Look2Me-Destroyer will close and re-open in approximately 1 minute".==>Clic [b OK] [/b]
= Le programme se relance==> Clic Scan for L2M
Disparition des icônes bureau=Normal
= A la fin clic Remove L2M
=Message Done Scanning ==>clic OK
=Message Done removing infected files! Look2Me-Destroyer will now shutdown your computer ==> clic OK
=Le PC s'éteind.
=Redémarrer
=un rapport Look2Me-Destroyer.txt dans C :
Note1 :Si Look2Me-Destroyer ne se relance pas automatiquement après la minute==>redémarrer et essayer à nouveau.
Note2 :Si un message runtime error '339' s'affiche : télécharger et enregistrer dans
C:\Windows\System32
MSWINSCK.OCX
---------
Télécharger sur le Bureau.
VundoFix
= Double-clic VundoFix.exe.
=Cocher la case Run VundoFix as a task.
= Clic OK
=Attendre le redemarrage de Vundofix ( 1 à plusieurs minutes)
=Clic Scan for Vundo
=Puis clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic OK
=Redémarrage auto
=copier le rapport qui est dans C:\vundofix.txt
-----
refaire ewido et à la fin du scan , Tu as oublié de faire : Apply all actions , bien le faire cette fois
-----
refaire ensuite un hijack
et mettre dans la réponse les rapport
look2meDestroyer+ vundo+Ewido+hijack ( tu peux le faire sur plusieurs réponses , si tout ne rentre pas en une
beaucoup d'infections
Télécharger sur le Bureau.
L2me-Destroyer.exe
= Fermer tous les programmes
=Double-clic Look2Me-Destroyer.exe
=Cocher Run this program as a task
= Message "Look2Me-Destroyer will close and re-open in approximately 1 minute".==>Clic [b OK] [/b]
= Le programme se relance==> Clic Scan for L2M
Disparition des icônes bureau=Normal
= A la fin clic Remove L2M
=Message Done Scanning ==>clic OK
=Message Done removing infected files! Look2Me-Destroyer will now shutdown your computer ==> clic OK
=Le PC s'éteind.
=Redémarrer
=un rapport Look2Me-Destroyer.txt dans C :
Note1 :Si Look2Me-Destroyer ne se relance pas automatiquement après la minute==>redémarrer et essayer à nouveau.
Note2 :Si un message runtime error '339' s'affiche : télécharger et enregistrer dans
C:\Windows\System32
MSWINSCK.OCX
---------
Télécharger sur le Bureau.
VundoFix
= Double-clic VundoFix.exe.
=Cocher la case Run VundoFix as a task.
= Clic OK
=Attendre le redemarrage de Vundofix ( 1 à plusieurs minutes)
=Clic Scan for Vundo
=Puis clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic OK
=Redémarrage auto
=copier le rapport qui est dans C:\vundofix.txt
-----
refaire ewido et à la fin du scan , Tu as oublié de faire : Apply all actions , bien le faire cette fois
-----
refaire ensuite un hijack
et mettre dans la réponse les rapport
look2meDestroyer+ vundo+Ewido+hijack ( tu peux le faire sur plusieurs réponses , si tout ne rentre pas en une
VundoFix V6.1.5
Checking Java version...
Sun Java not detected
Scan started at 2:15:09 18/01/2002
Listing files found while scanning....
C:\WINDOWS\system32\pmnonnn.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\pmnonnn.dll
C:\WINDOWS\system32\pmnonnn.dll Has been deleted!
Performing Repairs to the registry.
Done!
Checking Java version...
Sun Java not detected
Scan started at 2:15:09 18/01/2002
Listing files found while scanning....
C:\WINDOWS\system32\pmnonnn.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\pmnonnn.dll
C:\WINDOWS\system32\pmnonnn.dll Has been deleted!
Performing Repairs to the registry.
Done!
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 18/01/2002 02:07:16
Infected! C:\WINDOWS\system32\hr2205foe.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052579.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052638.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052644.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052702.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052707.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052709.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052713.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052719.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052723.dll
Infected! C:\WINDOWS\system32\dnr6019se.dll
Infected! C:\WINDOWS\system32\dOtaclen.dll
Infected! C:\WINDOWS\system32\e0200afmed2a0.dll
Infected! C:\WINDOWS\system32\e2jmlc111f.dll
Infected! C:\WINDOWS\system32\fseploy.dll
Infected! C:\WINDOWS\system32\gp44l3hq1.dll
Infected! C:\WINDOWS\system32\hr2205foe.dll
Infected! C:\WINDOWS\system32\iiwdial.dll
Infected! C:\WINDOWS\system32\ikfxhk.dll
Infected! C:\WINDOWS\system32\irj8l51u1.dll
Infected! C:\WINDOWS\system32\j80s0id7e80.dll
Infected! C:\WINDOWS\system32\kjdic.dll
Infected! C:\WINDOWS\system32\l2l60c3sef.dll
Infected! C:\WINDOWS\system32\l2p2lc7o1f.dll
Infected! C:\WINDOWS\system32\lkrmonui.dll
Infected! C:\WINDOWS\system32\lvnu0959e.dll
Infected! C:\WINDOWS\system32\m6rmlg9116.dll
Infected! C:\WINDOWS\system32\mvrql9951.dll
Infected! C:\WINDOWS\system32\n08olal31dq.dll
Infected! C:\WINDOWS\system32\nhlanui.dll
Infected! C:\WINDOWS\system32\nptui0.dll
Infected! C:\WINDOWS\system32\q668lgju16o8.dll
Infected! C:\WINDOWS\system32\r68s0gl7e6q.dll
Infected! C:\WINDOWS\system32\rIsmontr.dll
Infected! C:\WINDOWS\system32\s4pu0e79eh.dll
Infected! C:\WINDOWS\system32\saardssp.dll
Infected! C:\WINDOWS\system32\sLfrcdlg.dll
Infected! C:\WINDOWS\system32\snredir.dll
Infected! C:\WINDOWS\system32\t68u0gl9e6q.dll
Infected! C:\WINDOWS\system32\wkpui.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\hr2205foe.dll
C:\WINDOWS\system32\hr2205foe.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052579.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052579.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052638.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052638.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052644.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052644.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052702.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052702.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052707.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052707.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052709.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052709.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052713.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052713.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052719.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052719.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052723.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052723.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dnr6019se.dll
C:\WINDOWS\system32\dnr6019se.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dOtaclen.dll
C:\WINDOWS\system32\dOtaclen.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\e0200afmed2a0.dll
C:\WINDOWS\system32\e0200afmed2a0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\e2jmlc111f.dll
C:\WINDOWS\system32\e2jmlc111f.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fseploy.dll
C:\WINDOWS\system32\fseploy.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gp44l3hq1.dll
C:\WINDOWS\system32\gp44l3hq1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hr2205foe.dll
C:\WINDOWS\system32\hr2205foe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\iiwdial.dll
C:\WINDOWS\system32\iiwdial.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ikfxhk.dll
C:\WINDOWS\system32\ikfxhk.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\irj8l51u1.dll
C:\WINDOWS\system32\irj8l51u1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j80s0id7e80.dll
C:\WINDOWS\system32\j80s0id7e80.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kjdic.dll
C:\WINDOWS\system32\kjdic.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\l2l60c3sef.dll
C:\WINDOWS\system32\l2l60c3sef.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\l2p2lc7o1f.dll
C:\WINDOWS\system32\l2p2lc7o1f.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lkrmonui.dll
C:\WINDOWS\system32\lkrmonui.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lvnu0959e.dll
C:\WINDOWS\system32\lvnu0959e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\m6rmlg9116.dll
C:\WINDOWS\system32\m6rmlg9116.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mvrql9951.dll
C:\WINDOWS\system32\mvrql9951.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n08olal31dq.dll
C:\WINDOWS\system32\n08olal31dq.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\nhlanui.dll
C:\WINDOWS\system32\nhlanui.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\nptui0.dll
C:\WINDOWS\system32\nptui0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\q668lgju16o8.dll
C:\WINDOWS\system32\q668lgju16o8.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\r68s0gl7e6q.dll
C:\WINDOWS\system32\r68s0gl7e6q.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\rIsmontr.dll
C:\WINDOWS\system32\rIsmontr.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\s4pu0e79eh.dll
C:\WINDOWS\system32\s4pu0e79eh.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\saardssp.dll
C:\WINDOWS\system32\saardssp.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\sLfrcdlg.dll
C:\WINDOWS\system32\sLfrcdlg.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\snredir.dll
C:\WINDOWS\system32\snredir.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\t68u0gl9e6q.dll
C:\WINDOWS\system32\t68u0gl9e6q.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wkpui.dll
C:\WINDOWS\system32\wkpui.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{30C80708-6A46-498D-8F90-F4AF051564B8}"
HKCR\Clsid\{30C80708-6A46-498D-8F90-F4AF051564B8}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{755DD7C3-C07B-41A2-A39B-CF85E216B8C7}"
HKCR\Clsid\{755DD7C3-C07B-41A2-A39B-CF85E216B8C7}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{540AAE0E-D5F7-40DD-ACC0-9B9ADECB7FEF}"
HKCR\Clsid\{540AAE0E-D5F7-40DD-ACC0-9B9ADECB7FEF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F4087E39-CDCE-428D-90E3-881D29C6EF46}"
HKCR\Clsid\{F4087E39-CDCE-428D-90E3-881D29C6EF46}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{298CE983-24E8-433A-8A17-208A5AAE9A4E}"
HKCR\Clsid\{298CE983-24E8-433A-8A17-208A5AAE9A4E}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2A3187E9-4712-414A-BAEE-CDC03F84CD39}"
HKCR\Clsid\{2A3187E9-4712-414A-BAEE-CDC03F84CD39}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Scanning for infected files.....
Scan started at 18/01/2002 02:07:16
Infected! C:\WINDOWS\system32\hr2205foe.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052579.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052638.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052644.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052702.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052707.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052709.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052713.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052719.dll
Infected! C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052723.dll
Infected! C:\WINDOWS\system32\dnr6019se.dll
Infected! C:\WINDOWS\system32\dOtaclen.dll
Infected! C:\WINDOWS\system32\e0200afmed2a0.dll
Infected! C:\WINDOWS\system32\e2jmlc111f.dll
Infected! C:\WINDOWS\system32\fseploy.dll
Infected! C:\WINDOWS\system32\gp44l3hq1.dll
Infected! C:\WINDOWS\system32\hr2205foe.dll
Infected! C:\WINDOWS\system32\iiwdial.dll
Infected! C:\WINDOWS\system32\ikfxhk.dll
Infected! C:\WINDOWS\system32\irj8l51u1.dll
Infected! C:\WINDOWS\system32\j80s0id7e80.dll
Infected! C:\WINDOWS\system32\kjdic.dll
Infected! C:\WINDOWS\system32\l2l60c3sef.dll
Infected! C:\WINDOWS\system32\l2p2lc7o1f.dll
Infected! C:\WINDOWS\system32\lkrmonui.dll
Infected! C:\WINDOWS\system32\lvnu0959e.dll
Infected! C:\WINDOWS\system32\m6rmlg9116.dll
Infected! C:\WINDOWS\system32\mvrql9951.dll
Infected! C:\WINDOWS\system32\n08olal31dq.dll
Infected! C:\WINDOWS\system32\nhlanui.dll
Infected! C:\WINDOWS\system32\nptui0.dll
Infected! C:\WINDOWS\system32\q668lgju16o8.dll
Infected! C:\WINDOWS\system32\r68s0gl7e6q.dll
Infected! C:\WINDOWS\system32\rIsmontr.dll
Infected! C:\WINDOWS\system32\s4pu0e79eh.dll
Infected! C:\WINDOWS\system32\saardssp.dll
Infected! C:\WINDOWS\system32\sLfrcdlg.dll
Infected! C:\WINDOWS\system32\snredir.dll
Infected! C:\WINDOWS\system32\t68u0gl9e6q.dll
Infected! C:\WINDOWS\system32\wkpui.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\hr2205foe.dll
C:\WINDOWS\system32\hr2205foe.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052579.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052579.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052638.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052638.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052644.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052644.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052702.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052702.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052707.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052707.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052709.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052709.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052713.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052713.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052719.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052719.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052723.dll
C:\System Volume Information\_restore{B2BBC97C-0CB5-483B-8510-0EAD82B18427}\RP102\A0052723.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dnr6019se.dll
C:\WINDOWS\system32\dnr6019se.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dOtaclen.dll
C:\WINDOWS\system32\dOtaclen.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\e0200afmed2a0.dll
C:\WINDOWS\system32\e0200afmed2a0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\e2jmlc111f.dll
C:\WINDOWS\system32\e2jmlc111f.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fseploy.dll
C:\WINDOWS\system32\fseploy.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gp44l3hq1.dll
C:\WINDOWS\system32\gp44l3hq1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hr2205foe.dll
C:\WINDOWS\system32\hr2205foe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\iiwdial.dll
C:\WINDOWS\system32\iiwdial.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ikfxhk.dll
C:\WINDOWS\system32\ikfxhk.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\irj8l51u1.dll
C:\WINDOWS\system32\irj8l51u1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j80s0id7e80.dll
C:\WINDOWS\system32\j80s0id7e80.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kjdic.dll
C:\WINDOWS\system32\kjdic.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\l2l60c3sef.dll
C:\WINDOWS\system32\l2l60c3sef.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\l2p2lc7o1f.dll
C:\WINDOWS\system32\l2p2lc7o1f.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lkrmonui.dll
C:\WINDOWS\system32\lkrmonui.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lvnu0959e.dll
C:\WINDOWS\system32\lvnu0959e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\m6rmlg9116.dll
C:\WINDOWS\system32\m6rmlg9116.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mvrql9951.dll
C:\WINDOWS\system32\mvrql9951.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n08olal31dq.dll
C:\WINDOWS\system32\n08olal31dq.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\nhlanui.dll
C:\WINDOWS\system32\nhlanui.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\nptui0.dll
C:\WINDOWS\system32\nptui0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\q668lgju16o8.dll
C:\WINDOWS\system32\q668lgju16o8.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\r68s0gl7e6q.dll
C:\WINDOWS\system32\r68s0gl7e6q.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\rIsmontr.dll
C:\WINDOWS\system32\rIsmontr.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\s4pu0e79eh.dll
C:\WINDOWS\system32\s4pu0e79eh.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\saardssp.dll
C:\WINDOWS\system32\saardssp.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\sLfrcdlg.dll
C:\WINDOWS\system32\sLfrcdlg.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\snredir.dll
C:\WINDOWS\system32\snredir.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\t68u0gl9e6q.dll
C:\WINDOWS\system32\t68u0gl9e6q.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wkpui.dll
C:\WINDOWS\system32\wkpui.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{30C80708-6A46-498D-8F90-F4AF051564B8}"
HKCR\Clsid\{30C80708-6A46-498D-8F90-F4AF051564B8}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{755DD7C3-C07B-41A2-A39B-CF85E216B8C7}"
HKCR\Clsid\{755DD7C3-C07B-41A2-A39B-CF85E216B8C7}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{540AAE0E-D5F7-40DD-ACC0-9B9ADECB7FEF}"
HKCR\Clsid\{540AAE0E-D5F7-40DD-ACC0-9B9ADECB7FEF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F4087E39-CDCE-428D-90E3-881D29C6EF46}"
HKCR\Clsid\{F4087E39-CDCE-428D-90E3-881D29C6EF46}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{298CE983-24E8-433A-8A17-208A5AAE9A4E}"
HKCR\Clsid\{298CE983-24E8-433A-8A17-208A5AAE9A4E}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2A3187E9-4712-414A-BAEE-CDC03F84CD39}"
HKCR\Clsid\{2A3187E9-4712-414A-BAEE-CDC03F84CD39}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
pour hijack,je vois pas apply all actions, je poste donc comme ça en espérant que...
Logfile of HijackThis v1.99.1
Scan saved at 2:27:58, on 18/01/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
d:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MFP\Type 103\RNSMST.exe
D:\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\geniesse\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6501A521-4C47-4039-9375-6150A30327CB} - C:\WINDOWS\System32\awtsq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [defender] c:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmad_5.exe
O4 - HKLM\..\Run: [iewc604b] RUNDLL32.EXE w003abb2.dll,n 001c604a0000000a003abb2
O4 - HKLM\..\Run: [FiresWallservices] lnothxutqhyvzy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RNSMST] "C:\Program Files\MFP\Type 103\RNSMST.exe" /HIDEUI
O4 - HKLM\..\Run: [!ewido] "D:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [FiresWallservices] lnothxutqhyvzy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O20 - Winlogon Notify: awtsq - C:\WINDOWS\System32\awtsq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\ewido anti-spyware 4.0\guard.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 2:27:58, on 18/01/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
d:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MFP\Type 103\RNSMST.exe
D:\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\geniesse\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6501A521-4C47-4039-9375-6150A30327CB} - C:\WINDOWS\System32\awtsq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [defender] c:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmad_5.exe
O4 - HKLM\..\Run: [iewc604b] RUNDLL32.EXE w003abb2.dll,n 001c604a0000000a003abb2
O4 - HKLM\..\Run: [FiresWallservices] lnothxutqhyvzy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RNSMST] "C:\Program Files\MFP\Type 103\RNSMST.exe" /HIDEUI
O4 - HKLM\..\Run: [!ewido] "D:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [FiresWallservices] lnothxutqhyvzy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O20 - Winlogon Notify: awtsq - C:\WINDOWS\System32\awtsq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\ewido anti-spyware 4.0\guard.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:31:14 18/01/2002
+ Scan result:
C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VKJ8JOF\AppWrap[1].exe -> Adware.AdURL : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\09U3C5ER\ac3[1].txt -> Adware.IEHelper : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr70B6 -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\SFP32.DLL -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__m_t_l_t_b_._d_l_l_ -> Adware.Look2Me : No action taken.
C:\Documents and Settings\LocalService\Application Data\аѕsembly\wοwexec.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr202D -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\mgltb.dll -> Adware.PurityScan : No action taken.
C:\VundoFix Backups\pmnonnn.dll.bad -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\iewc604b.dll -> Downloader.Agent.awb : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81UNGTIR\al3[1].txt -> Downloader.Small : No action taken.
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : No action taken.
C:\RECYCLER\S-1-5-21-1644491937-1580436667-839522115-1003\Dc10.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\Documents and Settings\geniesse\Bureau\WinAntiVirusPro2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\ICD2.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\system32\fyonfwoo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\qtoevfet.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\thwegqyp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\viamungs.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@clickbank[2].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.
::Report end
---------------------------------------------------------
+ Created at: 2:31:14 18/01/2002
+ Scan result:
C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VKJ8JOF\AppWrap[1].exe -> Adware.AdURL : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\09U3C5ER\ac3[1].txt -> Adware.IEHelper : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr70B6 -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\SFP32.DLL -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__m_t_l_t_b_._d_l_l_ -> Adware.Look2Me : No action taken.
C:\Documents and Settings\LocalService\Application Data\аѕsembly\wοwexec.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr202D -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\mgltb.dll -> Adware.PurityScan : No action taken.
C:\VundoFix Backups\pmnonnn.dll.bad -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\iewc604b.dll -> Downloader.Agent.awb : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81UNGTIR\al3[1].txt -> Downloader.Small : No action taken.
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : No action taken.
C:\RECYCLER\S-1-5-21-1644491937-1580436667-839522115-1003\Dc10.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\Documents and Settings\geniesse\Bureau\WinAntiVirusPro2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\ICD2.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\system32\fyonfwoo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\qtoevfet.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\thwegqyp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\WINDOWS\system32\viamungs.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@clickbank[2].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\geniesse\Cookies\geniesse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\geniesse\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken.
::Report end
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide
- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Redémarre en mode sans échec
Relance Ewido puis choisis l'onglet " Scanner "
Puis sur l'onglet " Settings ", pour " How to Act " sélectionne " Quarantine ".
Reviens dans l'onglet " Scan " puis réalise un " Complete System Scan "
FAIS LE CETTE FOIS
!!! * Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse * !!!
Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide
- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Redémarre en mode sans échec
Relance Ewido puis choisis l'onglet " Scanner "
Puis sur l'onglet " Settings ", pour " How to Act " sélectionne " Quarantine ".
Reviens dans l'onglet " Scan " puis réalise un " Complete System Scan "
FAIS LE CETTE FOIS
!!! * Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse * !!!
Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.
Lut Angel et les autres, voici le 1er post
Logfile of HijackThis v1.99.1
Scan saved at 4:38:52, on 12/02/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MFP\Type 103\RNSMST.exe
D:\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
d:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\geniesse\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {157BD3C4-2466-474B-9DE5-9F7245C98B6B} - C:\WINDOWS\System32\awtsq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [defender] c:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmad_5.exe
O4 - HKLM\..\Run: [iewc604b] RUNDLL32.EXE w003abb2.dll,n 001c604a0000000a003abb2
O4 - HKLM\..\Run: [FiresWallservices] lnothxutqhyvzy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RNSMST] "C:\Program Files\MFP\Type 103\RNSMST.exe" /HIDEUI
O4 - HKLM\..\Run: [!ewido] "D:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [FiresWallservices] lnothxutqhyvzy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O20 - Winlogon Notify: awtsq - C:\WINDOWS\System32\awtsq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\ewido anti-spyware 4.0\guard.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 4:38:52, on 12/02/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MFP\Type 103\RNSMST.exe
D:\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
d:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\geniesse\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {157BD3C4-2466-474B-9DE5-9F7245C98B6B} - C:\WINDOWS\System32\awtsq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [defender] c:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmad_5.exe
O4 - HKLM\..\Run: [iewc604b] RUNDLL32.EXE w003abb2.dll,n 001c604a0000000a003abb2
O4 - HKLM\..\Run: [FiresWallservices] lnothxutqhyvzy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RNSMST] "C:\Program Files\MFP\Type 103\RNSMST.exe" /HIDEUI
O4 - HKLM\..\Run: [!ewido] "D:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [FiresWallservices] lnothxutqhyvzy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O20 - Winlogon Notify: awtsq - C:\WINDOWS\System32\awtsq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\ewido anti-spyware 4.0\guard.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:09:25 12/02/2002
+ Scan result:
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VKJ8JOF\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\09U3C5ER\ac3[1].txt -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr70B6 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SFP32.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__m_t_l_t_b_._d_l_l_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\аѕsembly\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr202D -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mgltb.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnonnn.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iewc604b.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81UNGTIR\al3[1].txt -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\jfsfyotn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\vxgnhajr.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uckohqkg.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1580436667-839522115-1003\Dc10.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Bureau\WinAntiVirusPro2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\ICD2.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fyonfwoo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qtoevfet.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\thwegqyp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\viamungs.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
::Report end
---------------------------------------------------------
+ Created at: 5:09:25 12/02/2002
+ Scan result:
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2VKJ8JOF\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\09U3C5ER\ac3[1].txt -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr70B6 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SFP32.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__m_t_l_t_b_._d_l_l_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\аѕsembly\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\temp.fr202D -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mgltb.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnonnn.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iewc604b.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81UNGTIR\al3[1].txt -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\jfsfyotn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\vxgnhajr.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uckohqkg.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1580436667-839522115-1003\Dc10.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Bureau\WinAntiVirusPro2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\ICD2.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fyonfwoo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qtoevfet.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\thwegqyp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\viamungs.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Cookies\geniesse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\geniesse\Local Settings\Temp\NI.UWA6PV_0001_N91M2107\setup.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
::Report end
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forum[RESOLU] problème avec winantispyware 2006
- Forumwinantispyware2006
- solutionsRésoluMoi aussi j'aimerais bien débloquer le mien SVP SFR 115 IMEI:354030044980182 SVN:78 MERCIIII
- solutionsRésoluje voudrait moi aussi debloquer mon zte messenger edition imei 357930035575254 merci d'avance
- ForumRésoluVous aussi, buvez du Lucoz !
- solutionsRésolu SLTP moi aussi j'ai ZTE-G 281 BY SFR imei 357692033636302 slvp
- ForumRésoluSi vous aussi...
- ForumRésoluEt si vous aussi ?
- ForumRésoluSi toi aussi, tu veux que Luluuu revienne...
- ForumPortable très lent et connection internet très lente aussi
- Voir plus
