Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

help me please

JuliJuJU

Par JuliJuJU
dans Analyses et éradication malwares

 Partager

Messages recommandés

Mykerinos Extrem Member

Mykerinos

Posté(e)
Posté(e) (modifié)

Salut ...

 

A-t-il réussi à passer le fix ?

 

Si oui, j'ai besoin du rapport. Si non, qu'il réessaye de le passer ...

 

Dans tous les cas, j'ai besoin d'un rapport Hijackthis ...

Modifié par Mykerinos
Lien vers le commentaire
Partager sur d’autres sites

JuliJuJU Member

JuliJuJU

Posté(e)
  • Auteur
Posté(e)

Salut! mon frère me dis que son ordi prend du temps pour demarrer et il est très lent, mais bon ici le rapport hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 7:44:57 PM, on 1/16/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE

C:\windows\system\hpsysdrv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\1127769491\ee\AOLSoftware.exe

C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

C:\Program Files\Embarq TotalAccess\FastLane2\IPMon32.exe

C:\Program Files\Embarq TotalAccess\FastLane2\IPClient.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Embarq TotalAccess\TaskPanl.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\fxssvc.exe

c:\program files\common files\aol\1127769491\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe

c:\program files\common files\aol\1127769491\ee\aolsoftware.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\MSN Toolbar Suite\SL2.05.0001.1119\es-us\msn_sl.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\Embarq TotalAccess\ElnIE.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\Embarq TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\Embarq TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\Embarq TotalAccess\Toolbar\ElnkPuB.dll

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Embarq TotalAccess\Accelerator\prpl_IePopupBlocker.dll

O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\Embarq TotalAccess\Toolbar\ProtctIE.dll

O2 - BHO: Barra de herramientas de MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\es-us\msntb.dll

O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\Embarq TotalAccess\Toolbar\uninsttb.dll

O3 - Toolbar: Barra de herramientas de MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\es-us\msntb.dll

O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\Embarq TotalAccess\Toolbar\Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe

O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [kowxohwkzor] C:\WINDOWS\System32\bcqkgs.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127769491\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Embarq TotalAccess\FastLane2\IPMon32.exe"

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Embarq TotalAccess\FastLane2\IPClient.exe" -l

O4 - HKLM\..\Run: [sYA] C:\WINDOWS\SYSTEM32\SYA.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [EarthLink Installer] " /C

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\Embarq TotalAccess\TaskPanl.exe" -winstart

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\es-us\bin\WindowsSearch.exe

O4 - Global Startup: Digimax Viewer 2.1.lnk = ?

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\es-us\msntb.dll/search.htm

O8 - Extra context menu item: Abrir en nueva ficha de fondo - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0000.1105\es-us\msntabres.dll/229?f864a848ad9b4eb4a01cbb822ab2a3ff

O8 - Extra context menu item: Abrir en nueva ficha en primer plano - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0000.1105\es-us\msntabres.dll/230?f864a848ad9b4eb4a01cbb822ab2a3ff

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Embarq TotalAccess\Toolbar\SearchUI.dll/search.html

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - https://learning.wachovia.com//wb_content/a...gin/awswaxf.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...391/mcfscan.cab

O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE

O23 - Service: EarthLink Protection Control Center Service (ELNKService) - Aluria Software, LLC. - C:\Program Files\EarthLink\Protection Control Center\ELNKServ.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

Merci pour ton aide! :P

Lien vers le commentaire
Partager sur d’autres sites
JuliJuJU Member

JuliJuJU

Posté(e)
  • Auteur
Posté(e) (modifié)

Bon soir,

s'il a réussi à passer Fixwareaout ? il a réussi mais il m'a dit que q fois il doit le repasser pour améliorer l'état géneral de l'ordinateur.

Et quels sont les choix?

Modifié par JuliJuJU
Lien vers le commentaire
Partager sur d’autres sites
Mykerinos Extrem Member

Mykerinos

Posté(e)
Posté(e) (modifié)

Re ...

 

Pour l'antivirus, qu'il garde Norton ou Antivir, ou qu'il vire les 2 et en installe un nouveau ...

 

Avertissement

 

Tu n'auras pas accès à Internet pendant une partie de la procédure. Enregistre cette page pour pouvoir la consulter hors-connexion : Fichier > Enregistrer sous ...

Dans "Type", choisis "Page Web, complète" et donne-lui un nom.

 

Télécharge AVG antispyware 7.5 (version d'évaluation)

  • S'il n'est pas en français, clic-droit sur l'icone AVG AS en bas à droite > language > french.
  • Lance AVG et clique sur "Mise à jour" dans la barre d'outils.
  • Sous "Mise à jour manuelle" clique sur "Commencer la mise à jour".
  • Une fois la mise à jour terminée, ferme AVG. Ne le lance pas tout de suite.

Télécharge et installe CCleaner Basic.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

  • Redémarre ton ordinateur.
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "[Entrée]".
  • Choisis ton compte.
  • Une autre manière en images.

Ouvre HijackThis et clique sur "Do a system scan only" et coche les lignes suivantes :

 

O4 - HKLM\..\Run: [kowxohwkzor] C:\WINDOWS\System32\bcqkgs.exe

 

Ferme toutes les fenêtres et quitte toutes les applications en cours puis clique sur "Fix checked"

 

Affiche tous les fichiers

  • Ouvre le Poste de travail > Outils > Options des dossiers > Affichage.
  • Coche la case "Afficher les fichiers et dossiers cachés".
  • Décoche la case "Masquer les extensions des fichiers dont le type est connu".

Supprime les fichiers/dossiers suivants (en gras) par l'Explorateur Windows (si présents) :

 

C:\WINDOWS\System32\bcqkgs.exe <- le fichier

 

Lance CCleaner et fais le nettoyage comme sur le tutoriel ...

 

Relance AVG Antispyware 7.5

  • Clique sur "Analyse" dans la barre d'outils puis sur "Paramètres".
  • Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine".
  • Reclique sur "Analyse" puis sur "Analyse complète du système". Le scan peut durer, sois patient.
  • AVG affichera une liste des fichiers détectés, sur la gauche.
  • Si un fichier infecté est détecté en fin d'analyse, clique sur le bouton "Appliquer toutes les actions".
  • AVG affichera "Toutes les actions ont été appliquées", à droite.
  • Clique sur "Enregistrer le rapport", puis "Enregistrer le rapport sous". Ceci génère un rapport en fichier texte.
  • Sauvegarde ce rapport dans un endroit sûr (sur ton Bureau, par exemple).

Redémarre en mode normal.

 

Poste une réponse dans le même sujet

 

Dans cette réponse, j'aimerais :

  • un nouveau rapport HijackThis.
  • le rapport AVG Antispyware.

Modifié par Mykerinos
Lien vers le commentaire
Partager sur d’autres sites
JuliJuJU Member

JuliJuJU

Posté(e)
  • Auteur
Posté(e)

R/un nouveau rapport HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 7:44:57 PM, on 1/16/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE

C:\windows\system\hpsysdrv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\1127769491\ee\AOLSoftware.exe

C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

C:\Program Files\Embarq TotalAccess\FastLane2\IPMon32.exe

C:\Program Files\Embarq TotalAccess\FastLane2\IPClient.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Embarq TotalAccess\TaskPanl.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\fxssvc.exe

c:\program files\common files\aol\1127769491\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe

c:\program files\common files\aol\1127769491\ee\aolsoftware.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\MSN Toolbar Suite\SL2.05.0001.1119\es-us\msn_sl.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\Embarq TotalAccess\ElnIE.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\Embarq TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\Embarq TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\Embarq TotalAccess\Toolbar\ElnkPuB.dll

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Embarq TotalAccess\Accelerator\prpl_IePopupBlocker.dll

O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\Embarq TotalAccess\Toolbar\ProtctIE.dll

O2 - BHO: Barra de herramientas de MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\es-us\msntb.dll

O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\Embarq TotalAccess\Toolbar\uninsttb.dll

O3 - Toolbar: Barra de herramientas de MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\es-us\msntb.dll

O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\Embarq TotalAccess\Toolbar\Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe

O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [kowxohwkzor] C:\WINDOWS\System32\bcqkgs.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127769491\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Embarq TotalAccess\FastLane2\IPMon32.exe"

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Embarq TotalAccess\FastLane2\IPClient.exe" -l

O4 - HKLM\..\Run: [sYA] C:\WINDOWS\SYSTEM32\SYA.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [EarthLink Installer] " /C

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\Embarq TotalAccess\TaskPanl.exe" -winstart

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\es-us\bin\WindowsSearch.exe

O4 - Global Startup: Digimax Viewer 2.1.lnk = ?

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\es-us\msntb.dll/search.htm

O8 - Extra context menu item: Abrir en nueva ficha de fondo - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0000.1105\es-us\msntabres.dll/229?f864a848ad9b4eb4a01cbb822ab2a3ff

O8 - Extra context menu item: Abrir en nueva ficha en primer plano - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0000.1105\es-us\msntabres.dll/230?f864a848ad9b4eb4a01cbb822ab2a3ff

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Embarq TotalAccess\Toolbar\SearchUI.dll/search.html

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - https://learning.wachovia.com//wb_content/a...gin/awswaxf.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...391/mcfscan.cab

O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE

O23 - Service: EarthLink Protection Control Center Service (ELNKService) - Aluria Software, LLC. - C:\Program Files\EarthLink\Protection Control Center\ELNKServ.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

 

[*]le rapport AVG Antispyware.:

 

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 8:55:11 PM 1/19/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0099851.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0099847.exe -> Adware.SpyMarshal : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0106031.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0106032.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0106033.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0106034.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0106035.exe -> Adware.SpyMarshal : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0098796.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0098797.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winad Client -> Adware.WinAD : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0086914.exe -> Downloader.Small.agq : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0106027.exe -> Downloader.Small.agq : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP150\A0080403.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP150\A0080405.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP152\A0082555.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP152\A0082556.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP152\A0082560.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP152\A0082577.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP152\A0082588.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP152\A0082589.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0084877.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0086897.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0086903.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0086904.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0088005.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091036.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091048.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095135.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0096737.exe -> Trojan.LowZones.dt : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0082877.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0082882.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0083877.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0083884.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0084878.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0084885.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0085877.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0085884.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0085888.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0085893.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0086888.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0086895.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0086905.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0087005.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0088006.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0088013.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0089005.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0089012.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0090005.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0090012.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091005.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091012.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091016.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091021.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091027.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091032.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091039.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091046.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091054.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091061.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091065.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091070.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091076.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091081.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091087.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0091095.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0092087.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0092094.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0093087.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0093094.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0093098.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0093103.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0094098.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0094104.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095098.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095104.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095109.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095114.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095120.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095125.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095131.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095141.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0095146.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096141.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096183.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096187.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096194.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096201.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096217.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096222.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096244.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096655.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096661.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096666.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096672.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096677.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP155\A0096682.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0096722.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0096731.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0097721.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0097726.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0097731.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0098725.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0098776.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0098787.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0098792.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0098871.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0098877.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0099841.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0099849.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0099850.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0099853.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0099862.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0100862.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0100870.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0100880.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0100886.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0100889.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0101889.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0101893.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0101898.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0101910.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0101932.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0101939.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0101944.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0101957.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0102957.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0102967.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0102976.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0102992.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0106028.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP156\A0106029.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).

 

 

::Report end

 

Pour le Antivirus, lequel de deux est plus recomendable? il faut payer dans les deux cas une annualité ...mais quel est le meilleur?

Lien vers le commentaire
Partager sur d’autres sites
Mykerinos Extrem Member

Mykerinos

Posté(e)
Posté(e)

Re ...

 

Pour l'antivirus, tu peux te tourner vers les gratuits comme Avast (on t'explique tout ici).

 

Concernant le rapport, la ligne à fixer apparaît toujours ...

 

Il me faut le rapport Fixwareout pour continuer ...

 

Désactive la restauration système et réactive-la comme expliqué ici ...

Lien vers le commentaire
Partager sur d’autres sites
JuliJuJU Member

JuliJuJU

Posté(e)
  • Auteur
Posté(e)

R/Fixwareout

Last edited 1/1/2006

Post this report in the forums please

...

Prerun check

»»»»» HKLM run and Winlogon System values

»»»»» System restarted

...

Reg Entries that were deleted

...

Random Runs removed from HKLM

...

 

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

 

»»»»» Searching by size/names...

 

»»»»»

Search five digit cs, dm kd and jb files.

This WILL/CAN also list Legit Files, Submit them at Virustotal

 

Other suspects.

 

»»»»» Misc files.

 

J'ai deux question:

Pour quoi c'est mieux de garder les virus en quarentaine?

et Quand mon frère démarre l'ordi, il sorte une fenetre disant:

le serveur se trouve occupé, c'est pas possible de realiser cette action, svp asseyez de changer d'action. Après il ferme cette fenetre et inmediatement s'ouvre le menu démarrer, ????

Je vous remercie infiniment votre aide.

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...