Pb connexion Internet + virus AdwareWebrebate
Aude
-
Josely -
Josely -
Norton m'a détecté 2 virus Adware.WebRebate, impossible de les supprimer car impossible de trouver le chemin où ils se trouvent (C:\Recycled).
D'autre part, dès l'allumage de l'ordinateur, des fenêtres Internet s'ouvrent de sites suspects. Ma connexion à Internet est très ralentie...et n'arrête pas de s'arrêter.
J'ai téléchargé HijackThis dont voici le log:
Logfile of HijackThis v1.99.1
Scan saved at 01:05:00, on 02/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\dnsrslve.exe
C:\iesetup.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Documents and Settings\Aude Cornélis\figgaz.exe
C:\WINDOWS\logon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aude Cornélis\Local Settings\Temporary Internet Files\Content.IE5\6LBW5G7A\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Dns Resolver] dnsrslve.exe
O4 - HKLM\..\Run: [REGRUN] C:\iesetup.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Windows Service Pack Auto Update] C:\Documents and Settings\Aude Cornélis\figgaz.exe
O4 - HKLM\..\Run: [BdEk] C:\WINDOWS\gmqswvib.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gtcdur] C:\WINDOWS\gtcdur.exe
O4 - HKLM\..\Run: [Microsoft Update] Svhost.exe
O4 - HKLM\..\RunServices: [Dns Resolver] dnsrslve.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Dns Resolver] dnsrslve.exe
O4 - HKCU\..\Run: [Microsoft Update] Svhost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
O16 - DPF: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://static.windupdates.com/cab/GamesUnlimited/ie/bridge-c11.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {386a771c-e96a-421f-8ba7-32f1b706892f} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {5CE7A7AF-8C5E-48CF-AE30-8FC6F01C27E3} (Yahoo! Photos - Outil de publication Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Pourriez-vous m'aider? merci par avance.
D'autre part, dès l'allumage de l'ordinateur, des fenêtres Internet s'ouvrent de sites suspects. Ma connexion à Internet est très ralentie...et n'arrête pas de s'arrêter.
J'ai téléchargé HijackThis dont voici le log:
Logfile of HijackThis v1.99.1
Scan saved at 01:05:00, on 02/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\dnsrslve.exe
C:\iesetup.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Documents and Settings\Aude Cornélis\figgaz.exe
C:\WINDOWS\logon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aude Cornélis\Local Settings\Temporary Internet Files\Content.IE5\6LBW5G7A\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Dns Resolver] dnsrslve.exe
O4 - HKLM\..\Run: [REGRUN] C:\iesetup.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Windows Service Pack Auto Update] C:\Documents and Settings\Aude Cornélis\figgaz.exe
O4 - HKLM\..\Run: [BdEk] C:\WINDOWS\gmqswvib.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gtcdur] C:\WINDOWS\gtcdur.exe
O4 - HKLM\..\Run: [Microsoft Update] Svhost.exe
O4 - HKLM\..\RunServices: [Dns Resolver] dnsrslve.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Dns Resolver] dnsrslve.exe
O4 - HKCU\..\Run: [Microsoft Update] Svhost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
O16 - DPF: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://static.windupdates.com/cab/GamesUnlimited/ie/bridge-c11.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {386a771c-e96a-421f-8ba7-32f1b706892f} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {5CE7A7AF-8C5E-48CF-AE30-8FC6F01C27E3} (Yahoo! Photos - Outil de publication Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Pourriez-vous m'aider? merci par avance.
A voir également:
- Pb connexion Internet + virus AdwareWebrebate
- Gmail connexion - Guide
- D'où peut venir un problème de connexion internet sur un ordinateur ? - Guide
- Arcep ma connexion internet - Accueil - Box & Connexion Internet
- Comment savoir si quelqu'un utilise ma connexion internet - Guide
- Virus mcafee - Accueil - Piratage
5 réponses
Ben demande à adaware de nettoyer tout ce qu'il a trouvé déjà, y'a du monde...
Teebo, qu'en penses-tu? est-ce que ce que me conseille Aurélie je peux le faire ? je veux dire est ce que cela va être vraiment utile pour supprimer mes problèmes et est ce que cela ne va pas être "dangereux" (il n'y a pas de danger que je supprime par mégarde des données par ex.)? (NB: ce n'est pas la compréhension de l'anglais qui me freine, loin de là!) merci
Alors si tu comprends l'anglais, il semble que cette discussion là soit la solution:
http://tinyurl.com/3hu6b
Bon courage...
http://tinyurl.com/3hu6b
Bon courage...
Va télécharger Spybot Search and Destroy à l'adresse :
www.snapfiles.com/get/spybot.html
Installe-le, lance-le avec "Vérifier tout"(pas besoin d'être connecté pour ça ;) ) ; il va surement te trouver des saloperies sur ton disque dur, alors, supprime-les "Corriger les problèmes".
Sinon il existe 1 solution + radicale : télécharge Microsoft Antispyware Beta 1 sur Windows Update. C en anglais mais rudement efficace (attention, cependant, son installation désactive le pare-feu Windows) et il faut être bonne en english, sire ;)
www.snapfiles.com/get/spybot.html
Installe-le, lance-le avec "Vérifier tout"(pas besoin d'être connecté pour ça ;) ) ; il va surement te trouver des saloperies sur ton disque dur, alors, supprime-les "Corriger les problèmes".
Sinon il existe 1 solution + radicale : télécharge Microsoft Antispyware Beta 1 sur Windows Update. C en anglais mais rudement efficace (attention, cependant, son installation désactive le pare-feu Windows) et il faut être bonne en english, sire ;)
a mon avis, ce ke tu as chopé est + k'1 virus : le fait ke des pages Web s'ouvrent sans prévenir est 1 symptome de l'action d'1 spyware... ou de plusieur.. x-((
Télécharge et installe Microsoft Antispyware Beta 1 comme je l'ai déjà indiké.
Lance-le, clik sur "Run scan now" et attends. Généralement, la 1ère vérif' ke fait ce logiciel met facilement 1/2 heure. Après, il va t'indiker ke des méchantes bébêtes se sont infiltrées sur ton PC. Mets-les en quarantaine.
Après si tu décides de conserver ce logiciel, n'oublie pas de le configurer, de télécharger les MàJ...
Franchement, et je le dis parce ke je l'utilise, Antispyware, C pas mal du tout, et en + j'utilise Spybot Search and Destroy (j'rigole pô avec la sécurité...)Par ex, j'avais une bonne quinzaine de saloperies sur mon PC et qqs temps, pfffttt!!, G + rien du tout !!!
:)))
@ plus
en espérant pouvoir régler ton pb !
Télécharge et installe Microsoft Antispyware Beta 1 comme je l'ai déjà indiké.
Lance-le, clik sur "Run scan now" et attends. Généralement, la 1ère vérif' ke fait ce logiciel met facilement 1/2 heure. Après, il va t'indiker ke des méchantes bébêtes se sont infiltrées sur ton PC. Mets-les en quarantaine.
Après si tu décides de conserver ce logiciel, n'oublie pas de le configurer, de télécharger les MàJ...
Franchement, et je le dis parce ke je l'utilise, Antispyware, C pas mal du tout, et en + j'utilise Spybot Search and Destroy (j'rigole pô avec la sécurité...)Par ex, j'avais une bonne quinzaine de saloperies sur mon PC et qqs temps, pfffttt!!, G + rien du tout !!!
:)))
@ plus
en espérant pouvoir régler ton pb !
Bonjour Aurélie et Teeboo,
je réponds pour Aude, qui a de + en + de pbms de connexion (mais sans doute dû à freebox ce soir) !
Donc elle me dit de vous dire qu'elle a donc récupéré Microsoft Antispyware Beta 1 Aurélie, elle l'a lancé et tout.
Mais.... toujours ces fichues fenêtre Internet au démarrage de Windows, une courte durée de connexion Internet et ce Norton qui détecte toujours ces méga-virus!
Y'a donc encore du monde dans la tuyauterie !
On aimerait avoir ton avis là-dessus, encore une fois Teebo :-)
Merci beaucoup d'avance,
Bonne nuit en attendant,
Christelle
je réponds pour Aude, qui a de + en + de pbms de connexion (mais sans doute dû à freebox ce soir) !
Donc elle me dit de vous dire qu'elle a donc récupéré Microsoft Antispyware Beta 1 Aurélie, elle l'a lancé et tout.
Mais.... toujours ces fichues fenêtre Internet au démarrage de Windows, une courte durée de connexion Internet et ce Norton qui détecte toujours ces méga-virus!
Y'a donc encore du monde dans la tuyauterie !
On aimerait avoir ton avis là-dessus, encore une fois Teebo :-)
Merci beaucoup d'avance,
Bonne nuit en attendant,
Christelle
J'ai plus l'habitude de spybot que de adaware maintenant donc je conseillerai bien de donner un coup aussi avec, mais je ne garantie rien (enfin pas de pertes de données, jamais entendu de problèmes en tout cas)...
Sinon je sais pas je vais faire une recherche, mais j'ai pas mal de boulot en ce moment aussi :-S
Sinon je sais pas je vais faire une recherche, mais j'ai pas mal de boulot en ce moment aussi :-S
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour
J'ai une connection haut débit sur internet via un vsat, et possède 8 adresses publiques. je fournie via un serveur nat que j'ai monté sur windows 2005 la connection internet à mes clients lesquelles utilisent une adresse IP privé.
le problème : l'un de mes clients me demande de lui founir provisoirement une adresse publique pour les besoins de télémaintenance. compte tenu du fait que je suis limité en adresse publique, je suis un peu retissent à sa demande.
N'est-il pas possible de faire un lien entre une de mes adresses publiques et une de ses adresses privés afin que l'adresse lors de la télémaintenance sur l'adresse publique puisse diriger le télémaintenancier sur l'adresse privé ?
Merci de me dire comment procéder ?
J'ai une connection haut débit sur internet via un vsat, et possède 8 adresses publiques. je fournie via un serveur nat que j'ai monté sur windows 2005 la connection internet à mes clients lesquelles utilisent une adresse IP privé.
le problème : l'un de mes clients me demande de lui founir provisoirement une adresse publique pour les besoins de télémaintenance. compte tenu du fait que je suis limité en adresse publique, je suis un peu retissent à sa demande.
N'est-il pas possible de faire un lien entre une de mes adresses publiques et une de ses adresses privés afin que l'adresse lors de la télémaintenance sur l'adresse publique puisse diriger le télémaintenancier sur l'adresse privé ?
Merci de me dire comment procéder ?
J'ai déjà passé Adaware et Spybot. Et je viens de repasser Norton antivirus qui me détecte toujours les 2 virus, Adware Webrebate.
Voici le logfile de Adaware:
Ad-Aware SE Build 1.05
Logfile Created on:mercredi 23 février 2005 11:19:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):4 total references
ClickSpring(TAC index:6):2 total references
istbar.dotcomToolbar(TAC index:5):14 total references
istbar(TAC index:6):8 total references
MRU List(TAC index:0):28 total references
Powerscan(TAC index:5):5 total references
TopMoxie(TAC index:3):4 total references
Tracking Cookie(TAC index:3):66 total references
WindUpdates(TAC index:8):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
02-23-2005 11:19:35 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Documents and Settings\Aude Cornélis\recent
Description : list of recently opened documents
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 02-23-2005 09:55:42
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 02-23-2005 09:55:44
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 02-23-2005 09:55:45
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 02-23-2005 09:55:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 02-23-2005 09:55:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 02-23-2005 09:55:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 02-23-2005 09:55:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1048
ThreadCreationTime : 02-23-2005 09:55:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1128
ThreadCreationTime : 02-23-2005 09:55:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1268
ThreadCreationTime : 02-23-2005 09:55:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1628
ThreadCreationTime : 02-23-2005 09:55:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1636
ThreadCreationTime : 02-23-2005 09:55:48
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:13 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 388
ThreadCreationTime : 02-23-2005 09:55:50
BasePriority : Normal
FileVersion : 5.1.02
ProductVersion : 5.1.02
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:14 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 432
ThreadCreationTime : 02-23-2005 09:55:50
BasePriority : Normal
FileVersion : 2.1.28 2.1.28 03/31/2003 13:54:16
ProductVersion : 2.1.28 2.1.28 03/31/2003 13:54:16
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:15 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 440
ThreadCreationTime : 02-23-2005 09:55:50
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe
#:16 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 472
ThreadCreationTime : 02-23-2005 09:55:50
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe
#:17 [qtzpacer.exe]
FilePath : C:\PROGRA~1\LAUNCH~1\
ProcessID : 480
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 10, 0, 2002
ProductName : Dritek System Inc. Launch Manager 01.10.2002 ( VC60 )
CompanyName : Dritek System Inc.
FileDescription : Launch Manager
InternalName : QtZgAcer
LegalCopyright : Copyright (c)2001-2002 Dritek System Inc.
OriginalFilename : QtZgAcer.exe
#:18 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
ProcessID : 488
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:19 [dnsrslve.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:20 [iesetup.exe]
FilePath : C:\
ProcessID : 504
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:21 [gah95on6.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 516
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:22 [figgaz.exe]
FilePath : C:\Documents and Settings\Aude Cornélis\
ProcessID : 524
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:23 [logon.exe]
FilePath : C:\WINDOWS\
ProcessID : 540
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : logon
CompanyName : Leisure Ltd
InternalName : logon
OriginalFilename : logon.exe
#:24 [ccapp.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 552
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:25 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:26 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 608
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:27 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 624
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:28 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 1216
ThreadCreationTime : 02-23-2005 09:55:57
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:29 [ccsetmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1188
ThreadCreationTime : 02-23-2005 09:55:58
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:30 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1340
ThreadCreationTime : 02-23-2005 09:56:00
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:31 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1572
ThreadCreationTime : 02-23-2005 09:56:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:32 [ccevtmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1180
ThreadCreationTime : 02-23-2005 09:56:03
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:33 [symwsc.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\Security Center\
ProcessID : 256
ThreadCreationTime : 02-23-2005 09:56:12
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:34 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2872
ThreadCreationTime : 02-23-2005 09:56:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:35 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 3312
ThreadCreationTime : 02-23-2005 09:56:54
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:36 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1968
ThreadCreationTime : 02-23-2005 10:18:40
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3448
ThreadCreationTime : 02-23-2005 10:19:20
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2
Value :
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer
Value :
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{386a771c-e96a-421f-8ba7-32f1b706892f}
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{386a771c-e96a-421f-8ba7-32f1b706892f}
Value :
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{386a771c-e96a-421f-8ba7-32f1b706892f}
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{386a771c-e96a-421f-8ba7-32f1b706892f}
Value : SystemComponent
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{386a771c-e96a-421f-8ba7-32f1b706892f}
Value : Installer
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f}
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f}
Value :
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-638971174-1266486392-598665437-1005\software\ist
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-638971174-1266486392-598665437-1005\software\ist
Value : Recover
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 45
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {386a771c-e96a-421f-8ba7-32f1b706892f} (http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab)
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bluestreak[4].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:aude cornélis@bluestreak.com/
Expires : 02-20-2015 21:01:04
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@ehg-peoplesoft.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@ehg-peoplesoft.hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@questionmarket[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@questionmarket[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@0[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@0[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@bfast[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@weborama[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@weborama[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.cibleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.cibleclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@euniverseads[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@euniverseads[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@xxxtoolbar[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@xxxtoolbar[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@tickle[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@tickle[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@cgi-bin[5].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@qksrv[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@qksrv[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@kelkoo[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@kelkoo[4].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@cgi-bin[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@tmpad[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@estat[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@estat[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@realmedia[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@realmedia[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@as-eu.falkag[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@as-eu.falkag[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@casalemedia[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@casalemedia[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@247realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@247realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@2o7[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@2o7[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.smartadserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.smartadserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@zedo[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@adtech[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@adtech[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@ad-logics[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@ad-logics[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@iv2.bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@iv2.bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@valueclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@2o7[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@z1.adserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@overture[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@overture[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@kelkoo[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@kelkoo[5].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@server.iad.liveperson[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@server.iad.liveperson[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@c2.zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@c2.zedo[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@advertising[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@advertising[4].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@as1.falkag[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@as1.falkag[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@fl01.ct2.comclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@fl01.ct2.comclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@servedby.advertising[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@servedby.advertising[4].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@weborama[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@weborama[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.shopathomeselect[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.shopathomeselect[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.cibleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.cibleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@tradedoubler[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@tradedoubler[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@casalemedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@overture[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@bluestreak[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.smartadserver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.smartadserver[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@kelkoo[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@kelkoo[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@247realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@247realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@kelkoo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@kelkoo[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bluestreak[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@bluestreak[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@servedby.advertising[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@servedby.advertising[3].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 65
Objects found so far: 110
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@weborama[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Local Settings\Temp\Cookies\aude cornélis@weborama[2].txt
Powerscan Object Recognized!
Type : File
Data : powerscan.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Local Settings\Temp\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright (C) 2004
OriginalFilename : Power-Scan.exe
TopMoxie Object Recognized!
Type : File
Data : jkill.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Local Settings\Temp\
TopMoxie Object Recognized!
Type : File
Data : djtopr1150.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Local Settings\Temp\
ClickSpring Object Recognized!
Type : File
Data : mt-uninstaller.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aude Cornélis\
ClickSpring Object Recognized!
Type : File
Data : A0003536.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP14\
Powerscan Object Recognized!
Type : File
Data : A0003537.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP14\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright (C) 2004
OriginalFilename : Power-Scan.exe
Powerscan Object Recognized!
Type : File
Data : A0003641.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP16\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright (C) 2004
OriginalFilename : Power-Scan.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 118
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 118
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 118
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
Value :
BlazeFind Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
Value : Recover
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
Value : .Owner
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
Value : {386A771C-E96A-421F-8BA7-32F1B706892F}
istbar Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Favoris\Adult Sites
istbar Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Favoris\Free Adult Content
istbar Object Recognized!
Type : File
Data : istactivex.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\
istbar Object Recognized!
Type : File
Data : ISTactivex.dll
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : ISTinstall Module
FileDescription : IST install
J'ai déjà passé Adaware et Spybot. Et je viens de repasser Norton antivirus qui me détecte toujours les 2 virus, Adware Webrebate.
Voici le logfile de Adaware:
Ad-Aware SE Build 1.05
Logfile Created on:mercredi 23 février 2005 11:19:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):4 total references
ClickSpring(TAC index:6):2 total references
istbar.dotcomToolbar(TAC index:5):14 total references
istbar(TAC index:6):8 total references
MRU List(TAC index:0):28 total references
Powerscan(TAC index:5):5 total references
TopMoxie(TAC index:3):4 total references
Tracking Cookie(TAC index:3):66 total references
WindUpdates(TAC index:8):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
02-23-2005 11:19:35 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-638971174-1266486392-598665437-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Documents and Settings\Aude Cornélis\recent
Description : list of recently opened documents
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 02-23-2005 09:55:42
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 02-23-2005 09:55:44
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 02-23-2005 09:55:45
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 02-23-2005 09:55:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 02-23-2005 09:55:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 02-23-2005 09:55:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 02-23-2005 09:55:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1048
ThreadCreationTime : 02-23-2005 09:55:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1128
ThreadCreationTime : 02-23-2005 09:55:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1268
ThreadCreationTime : 02-23-2005 09:55:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1628
ThreadCreationTime : 02-23-2005 09:55:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1636
ThreadCreationTime : 02-23-2005 09:55:48
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:13 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 388
ThreadCreationTime : 02-23-2005 09:55:50
BasePriority : Normal
FileVersion : 5.1.02
ProductVersion : 5.1.02
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:14 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 432
ThreadCreationTime : 02-23-2005 09:55:50
BasePriority : Normal
FileVersion : 2.1.28 2.1.28 03/31/2003 13:54:16
ProductVersion : 2.1.28 2.1.28 03/31/2003 13:54:16
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:15 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 440
ThreadCreationTime : 02-23-2005 09:55:50
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe
#:16 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 472
ThreadCreationTime : 02-23-2005 09:55:50
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe
#:17 [qtzpacer.exe]
FilePath : C:\PROGRA~1\LAUNCH~1\
ProcessID : 480
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 10, 0, 2002
ProductName : Dritek System Inc. Launch Manager 01.10.2002 ( VC60 )
CompanyName : Dritek System Inc.
FileDescription : Launch Manager
InternalName : QtZgAcer
LegalCopyright : Copyright (c)2001-2002 Dritek System Inc.
OriginalFilename : QtZgAcer.exe
#:18 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
ProcessID : 488
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:19 [dnsrslve.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:20 [iesetup.exe]
FilePath : C:\
ProcessID : 504
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:21 [gah95on6.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 516
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:22 [figgaz.exe]
FilePath : C:\Documents and Settings\Aude Cornélis\
ProcessID : 524
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:23 [logon.exe]
FilePath : C:\WINDOWS\
ProcessID : 540
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : logon
CompanyName : Leisure Ltd
InternalName : logon
OriginalFilename : logon.exe
#:24 [ccapp.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 552
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:25 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:26 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 608
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:27 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 624
ThreadCreationTime : 02-23-2005 09:55:51
BasePriority : Normal
#:28 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 1216
ThreadCreationTime : 02-23-2005 09:55:57
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:29 [ccsetmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1188
ThreadCreationTime : 02-23-2005 09:55:58
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:30 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1340
ThreadCreationTime : 02-23-2005 09:56:00
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:31 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1572
ThreadCreationTime : 02-23-2005 09:56:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:32 [ccevtmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1180
ThreadCreationTime : 02-23-2005 09:56:03
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:33 [symwsc.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\Security Center\
ProcessID : 256
ThreadCreationTime : 02-23-2005 09:56:12
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:34 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2872
ThreadCreationTime : 02-23-2005 09:56:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:35 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 3312
ThreadCreationTime : 02-23-2005 09:56:54
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:36 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1968
ThreadCreationTime : 02-23-2005 10:18:40
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3448
ThreadCreationTime : 02-23-2005 10:19:20
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2
Value :
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer
Value :
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{386a771c-e96a-421f-8ba7-32f1b706892f}
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{386a771c-e96a-421f-8ba7-32f1b706892f}
Value :
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{386a771c-e96a-421f-8ba7-32f1b706892f}
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{386a771c-e96a-421f-8ba7-32f1b706892f}
Value : SystemComponent
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{386a771c-e96a-421f-8ba7-32f1b706892f}
Value : Installer
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f}
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f}
Value :
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-638971174-1266486392-598665437-1005\software\ist
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-638971174-1266486392-598665437-1005\software\ist
Value : Recover
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 45
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {386a771c-e96a-421f-8ba7-32f1b706892f} (http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab)
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bluestreak[4].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:aude cornélis@bluestreak.com/
Expires : 02-20-2015 21:01:04
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@ehg-peoplesoft.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@ehg-peoplesoft.hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@questionmarket[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@questionmarket[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@0[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@0[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@bfast[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@weborama[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@weborama[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.cibleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.cibleclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@euniverseads[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@euniverseads[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@xxxtoolbar[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@xxxtoolbar[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@tickle[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@tickle[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@cgi-bin[5].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@qksrv[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@qksrv[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@kelkoo[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@kelkoo[4].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@cgi-bin[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@tmpad[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@estat[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@estat[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@realmedia[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@realmedia[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@as-eu.falkag[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@as-eu.falkag[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@casalemedia[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@casalemedia[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@247realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@247realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@2o7[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@2o7[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.smartadserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.smartadserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@zedo[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@adtech[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@adtech[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@ad-logics[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@ad-logics[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@iv2.bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@iv2.bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@valueclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@2o7[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@z1.adserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@overture[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@overture[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@kelkoo[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@kelkoo[5].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@server.iad.liveperson[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@server.iad.liveperson[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@c2.zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@c2.zedo[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@advertising[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@advertising[4].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@as1.falkag[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@as1.falkag[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@fl01.ct2.comclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@fl01.ct2.comclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@servedby.advertising[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@servedby.advertising[4].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@weborama[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@weborama[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.shopathomeselect[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.shopathomeselect[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.cibleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.cibleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@tradedoubler[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@tradedoubler[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@casalemedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@overture[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@bluestreak[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@www.smartadserver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@www.smartadserver[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@kelkoo[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@kelkoo[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@247realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@247realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@kelkoo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@kelkoo[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@bluestreak[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@bluestreak[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@servedby.advertising[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Cookies\aude cornélis@servedby.advertising[3].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 65
Objects found so far: 110
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : aude cornélis@weborama[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Aude Cornélis\Local Settings\Temp\Cookies\aude cornélis@weborama[2].txt
Powerscan Object Recognized!
Type : File
Data : powerscan.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Local Settings\Temp\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright (C) 2004
OriginalFilename : Power-Scan.exe
TopMoxie Object Recognized!
Type : File
Data : jkill.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Local Settings\Temp\
TopMoxie Object Recognized!
Type : File
Data : djtopr1150.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Local Settings\Temp\
ClickSpring Object Recognized!
Type : File
Data : mt-uninstaller.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aude Cornélis\
ClickSpring Object Recognized!
Type : File
Data : A0003536.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP14\
Powerscan Object Recognized!
Type : File
Data : A0003537.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP14\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright (C) 2004
OriginalFilename : Power-Scan.exe
Powerscan Object Recognized!
Type : File
Data : A0003641.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{55C43280-EB61-47CB-9151-2B2ACEA5AFE1}\RP16\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright (C) 2004
OriginalFilename : Power-Scan.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 118
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 118
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 118
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
Value :
BlazeFind Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
Value : Recover
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
Value : .Owner
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
Value : {386A771C-E96A-421F-8BA7-32F1B706892F}
istbar Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Favoris\Adult Sites
istbar Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Aude Cornélis\Favoris\Free Adult Content
istbar Object Recognized!
Type : File
Data : istactivex.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\
istbar Object Recognized!
Type : File
Data : ISTactivex.dll
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : ISTinstall Module
FileDescription : IST install