Sujet Précédent Sujet Suivant

[MSN] virus?

July -  
 July -
Bonjour,
J'ai par inadvertance sur MSN hier soir, fait propager un pseudo-patch contenant un virus (??). J'ai ainsi reçu ce message suivant:
*** URGENT *** Download the latest patch from http://msnupdate.qn.com/ to prevent getting infected by W32.Bropia.C.
L'ayant dl et activer, le message a été envoyé automatiquement à tous mes contatcs

A la suite de cet "incident", les pages internet ne répondaient plus, et des sites X se greffaient sur mes favoris.Etant donné que c'est la 1ere fois qu'il m'arrive cela, je vous demanderai de bien vouloir m'aider à résoudre ce problème

Merci d'avance
A voir également:

7 réponses

Réponse 1 / 7
erwan01
 
Bonjour july

tu devrais pouoir désinfecter ton pc avec ce lien
tu clique dessus et quand la fenêtre s'ouvre, tu cliques sur Bropia
http://www.secuser.com/telechargement/desinfection.htm

as-tu des outils de protection ? voir ce lien
http://www.commentcamarche.net/faq/484

sur ton pc, il te faut un firewall ( pare-feu ), les deux antispywares " ad-aware et spybot ", et un antivirus, au minimum
http://www.commentcamarche.net/faq/484

tu fais ton choix et tu recherches les mises à jour une fois qu'ils sont installés

voici un outils de nettoyage très pratique
http://www.ccleaner.com/ccdownload2.php

pour les antispywares, tu lances les scanners après avoir fait tout ça

affiches après tes résultats pour voir si ton pc fonctionne correctement
0
July
 
Merci de bien vouloir m'aider Erwan;
J'ai donc fait tout ce que tu m'as demandé, et mes résultats sont les suivants:

Spybot:
HangUpTeam.TechnicRat: Global settings (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger

AproposMedia: Global settings (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\AutoLoader\AproposClient

CoolWWWSearch: IE Search URL (Modification du registre, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

CoolWWWSearch: IE Search bar (Modification du registre, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch: IE Search page (Modification du registre, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=http://www.google.com

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1085031214-1637723038-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DyFuCA.InternetOptimizer: Uninstall settings (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer

DyFuCA.InternetOptimizer: Global settings (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Avenue Media

DyFuCA.InternetOptimizer: Uninstall settings (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA

DyFuCA.InternetOptimizer: User settings (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1085031214-1637723038-682003330-1004\Software\Avenue Media

ISTbar.Slotch: Program directory (Répertoire, nothing done)
C:\Program Files\ISTbar\

ISTbar.Slotch: Class ID (Clé du registre, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}

ISTbar.Slotch: Uninstall settings (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar

ISTbar.Slotch: User settings (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1085031214-1637723038-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5F1ABCDB-A875-46C1-8345-B72A4567E486}

ISTbar.Slotch: User settings (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1085031214-1637723038-682003330-1004\Software\ISTbar

PeopleOnPage: Uninstall settings (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate

PeopleOnPage: Global settings (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Envolo

PowerScan: Executable (Fichier, nothing done)
C:\Program Files\Power Scan\powerscan.exe

PowerScan: User settings (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1085031214-1637723038-682003330-1004\Software\PowerScan


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi
0
Réponse 2 / 7
July
 
Ad-Aware:
Ad-Aware SE Build 1.05
Logfile Created on:dimanche 27 février 2005 12:41:42
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar(TAC index:5):6 total references
AltnetBDE(TAC index:4):3 total references
DyFuCA(TAC index:3):32 total references
Ebates MoneyMaker(TAC index:4):1 total references
istbar.dotcomToolbar(TAC index:5):2 total references
istbar(TAC index:6):9 total references
MRU List(TAC index:0):32 total references
PeopleOnPage(TAC index:9):8 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Powerscan(TAC index:5):3 total references
SideFind(TAC index:5):7 total references
TopMoxie(TAC index:3):2 total references
Tracking Cookie(TAC index:3):16 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

27-02-2005 12:41:42 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 796
ThreadCreationTime : 27-02-2005 11:29:11
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 27-02-2005 11:29:13
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 936
ThreadCreationTime : 27-02-2005 11:29:14
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 980
ThreadCreationTime : 27-02-2005 11:29:16
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 992
ThreadCreationTime : 27-02-2005 11:29:16
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1164
ThreadCreationTime : 27-02-2005 11:29:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1336
ThreadCreationTime : 27-02-2005 11:29:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1572
ThreadCreationTime : 27-02-2005 11:29:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1632
ThreadCreationTime : 27-02-2005 11:29:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1720
ThreadCreationTime : 27-02-2005 11:29:19
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1816
ThreadCreationTime : 27-02-2005 11:29:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [pphidpad.exe]
FilePath : C:\WINPENJR\win32\
ProcessID : 1972
ThreadCreationTime : 27-02-2005 11:29:23
BasePriority : Normal

#:13 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
ProcessID : 1988
ThreadCreationTime : 27-02-2005 11:29:23
BasePriority : Normal

#:14 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2004
ThreadCreationTime : 27-02-2005 11:29:23
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:15 [realsched.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 2012
ThreadCreationTime : 27-02-2005 11:29:23
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:16 [hotkeysvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2020
ThreadCreationTime : 27-02-2005 11:29:23
BasePriority : Normal

#:17 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2036
ThreadCreationTime : 27-02-2005 11:29:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:18 [atiupdxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 184
ThreadCreationTime : 27-02-2005 11:29:23
BasePriority : Normal

#:19 [soffice.exe]
FilePath : C:\program files\OpenOffice.org1.1.2\program\
ProcessID : 228
ThreadCreationTime : 27-02-2005 11:29:24
BasePriority : Normal
FileVersion : 6.00.8779
ProductVersion : 6.00.8779
CompanyName : OpenOffice.org
FileDescription : OpenOffice.org 1.1.2
InternalName : SOFFICE
LegalCopyright : Copyright © 2000 by Sun Microsystems, Inc.
OriginalFilename : SOFFICE.EXE

#:20 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1760
ThreadCreationTime : 27-02-2005 11:30:27
BasePriority : Normal

#:21 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1856
ThreadCreationTime : 27-02-2005 11:30:27
BasePriority : High
FileVersion : 4, 6, 602, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:22 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1904
ThreadCreationTime : 27-02-2005 11:30:29
BasePriority : Normal
FileVersion : 6.13.10.4113
ProductVersion : 6.13.10.4113
ProductName : NVIDIA Driver Helper Service, Version 41.13
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 41.13
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:23 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1964
ThreadCreationTime : 27-02-2005 11:30:29
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 732
ThreadCreationTime : 27-02-2005 11:30:37
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Mises à jour automatiques
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : wuauclt.exe

#:25 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 852
ThreadCreationTime : 27-02-2005 11:30:41
BasePriority : Normal

#:26 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1400
ThreadCreationTime : 27-02-2005 11:30:49
BasePriority : Normal

#:27 [cxtpls.exe]
FilePath : C:\Program Files\CxtPls\
ProcessID : 3888
ThreadCreationTime : 27-02-2005 11:31:52
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe
Warning! PeopleOnPage Object found in memory(C:\Program Files\CxtPls\ace.dll)

PeopleOnPage Object Recognized!
Type : Process
Data : ace.dll
Category : Data Miner
Comment :
Object : C:\Program Files\CxtPls\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL

#:28 [iexplore.exe]
FilePath : C:\program files\Internet Explorer\
ProcessID : 1192
ThreadCreationTime : 27-02-2005 11:32:00
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE

#:29 [msnappau.exe]
FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\
ProcessID : 1328
ThreadCreationTime : 27-02-2005 11:32:02
BasePriority : Normal

#:30 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3380
ThreadCreationTime : 27-02-2005 11:32:22
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Mises à jour automatiques
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : wuauclt.exe

#:31 [ashsimpl.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2900
ThreadCreationTime : 27-02-2005 11:32:53
BasePriority : Normal
FileVersion : 4, 6, 585, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : Virus scanner
InternalName : aswSimpl.exe
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswSimpl.exe

#:32 [ashchest.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 3332
ThreadCreationTime : 27-02-2005 11:33:02
BasePriority : Normal
FileVersion : 4, 6, 585, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : aswChestInterface application
InternalName : aswChestInterface.exe
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswChestInterface.exe

#:33 [ad-aware.exe]
FilePath : C:\program files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 244
ThreadCreationTime : 27-02-2005 11:41:35
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient
Value : UninstallString

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient
Value : DisplayName

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient
Value : DisplayIcon

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dyfuca

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayIcon

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : UninstallString

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : TargetDir

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : CLS

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : RID

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : Version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : TAC

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : ServerVisited

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : UpdateInterval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : ID

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : InstallT

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : remember[LLT]

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : Conn

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : 403

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : 404

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : 410

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : 500

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : PendingRemoval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer
Value : RemovedPrograms

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}

istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\ist

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\ist
Value : InstallDate

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\ist
Value : account_id

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\ist
Value : config

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\istbar

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istbaristbar

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\apropos

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\apropos

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\envolo

PeopleOnPage Object Recognized!
Type : Regkey
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\autoupdate

PeopleOnPage Object Recognized!
Type : RegValue
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\autoupdate
Value : UninstallString

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : webautosearch

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : shoppingautosearch

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{5F1ABCDB-A875-46C1-8345-B72A4567E486}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\internet explorer\toolbar\webbrowser
Value : {5F1ABCDB-A875-46C1-8345-B72A4567E486}

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\software\powerscan
Value : account_id

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LoadNum"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\powerscan
Value : LoadNum

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\\software\powerscan
Value : account_id

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 64
Objects found so far: 65

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-1085031214-1637723038-682003330-1004\Software\Microsoft\Internet Explorer\MainSearch Page.couldnotfind.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.couldnotfind.com/search_page.html?&account_id=158290"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://www.couldnotfind.com/search_page.html?&account_id=158290"
Possible Browser Hijack attempt : S-1-5-21-1085031214-1637723038-682003330-1004\Software\Microsoft\Internet Explorer\MainSearch Bar.couldnotfind.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.couldnotfind.com/search_page.html?&account_id=158290"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://www.couldnotfind.com/search_page.html?&account_id=158290"
Possible Browser Hijack attempt : S-1-5-21-1085031214-1637723038-682003330-1004\Software\Microsoft\Internet Explorer\SearchSearchAssistant.couldnotfind.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.couldnotfind.com/search_page.html?&account_id=158290"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-1637723038-682003330-1004\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.couldnotfind.com/search_page.html?&account_id=158290"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 68

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\kazaa\search
Description : list of recent searches performed with sharman networks kazaa

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1637723038-682003330-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : C:\Documents and Settings\Juliette\recent
Description : list of recently opened documents

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@weborama[2].txt
Category : Data Miner
Comment : Hits:51
Value : Cookie:juliette@weborama.fr/
Expires : 25-02-2007 16:09:50
LastSync : Hits:51
UseCount : 0
Hits : 51

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@bluestreak[1].txt
Category : Data Miner
Comment : Hits:29
Value : Cookie:juliette@bluestreak.com/
Expires : 25-02-2015 07:29:00
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:juliette@tribalfusion.com/
Expires : 01-01-2038 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@cs.sexcounter[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:juliette@cs.sexcounter.com/
Expires : 12-05-2024 19:07:28
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@fl01.ct2.comclick[1].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:juliette@fl01.ct2.comclick.com/
Expires : 10-01-2029 01:00:00
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@www.smartadserver[1].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:juliette@www.smartadserver.com/
Expires : 21-02-2025 11:53:06
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:juliette@casalemedia.com/
Expires : 18-02-2006 07:29:26
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@revenue[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:juliette@revenue.net/
Expires : 10-06-2022 06:05:42
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@adtech[2].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:juliette@adtech.de/
Expires : 23-02-2015 16:00:06
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@0[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:juliette@jinternetoptimizer.cjt1.net/HTM/587/0
Expires : 25-02-2006 20:51:50
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:juliette@bs.serving-sys.com/
Expires : 01-01-2038 06:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:juliette@serving-sys.com/
Expires : 01-01-2038 06:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@trafficmp[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:juliette@trafficmp.com/
Expires : 27-02-2006 12:41:38
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@estat[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:juliette@estat.com/
Expires : 23-02-2015 16:02:14
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@247realmedia[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:juliette@247realmedia.com/
Expires : 01-01-2011 01:00:00
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : juliette@tradedoubler[2].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:juliette@tradedoubler.com/
Expires : 26-02-2005 09:22:00
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 116

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Object "asm.exe" found in this archive.

AltnetBDE Object Recognized!
Type : File
Data : asmfiles.cab
Category : Data Miner
Comment : Object "asm.exe" found in this archive.
Object : C:\Documents and Settings\Juliette\Local Settings\Temp\

Object "asmps.dll" found in this archive.

AltnetBDE Object Recognized!
Type : File
Data : asmfiles.cab
Category : Data Miner
Comment : Object "asmps.dll" found in this archive.
Object : C:\Documents and Settings\Juliette\Local Settings\Temp\

PeopleOnPage Object Recognized!
Type : File
Data : auto_update_install.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Juliette\Local Settings\Temp\AutoUpdate0\

TopMoxie Object Recognized!
Type : File
Data : djtopr1150.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Juliette\Local Settings\Temp\

PeopleOnPage Object Recognized!
Type : File
Data : ace.dll
Category : Data Miner
Comment :
Object : C:\program files\CxtPls\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL

Ebates MoneyMaker Object Recognized!
Type : File
Data : 1150_1.dat
Category : Data Miner
Comment :
Object : C:\program files\Web_Rebates\Sy1150\Sy1150\

TopMoxie Object Recognized!
Type : File
Data : WebRebates0.exe
Category : Data Miner
Comment :
Object : C:\program files\Web_Rebates\

AltnetBDE Object Recognized!
Type : File
Data : A0064343.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{5771DFC3-E7C9-4BD0-8CB0-0045FE1C4ED0}\RP160\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
InternalName : ASMPS
LegalCopyright : Copyright 2003
OriginalFilename : ASMPS.DLL

<STOP>

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 124
12:57:11 Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:29.390
Objects scanned:105022
Objects identified:91
Objects ignored:0
New critical objects:91
0
Réponse 3 / 7
Utilisateur anonyme
 
b'jour,

te prends pas la tête à nous coller les rapports de Spybot et Ad-aware - vaccine et fait des quarantaines, si dans qq jours ta machine tourne bien - tu peux supprimer les quarantaines sans problèmes, ces 2 logiciels sont très sûrs! pratiquement aucun bug de signalé

* le tuto ad-aware :
**http://41822.aceboard.net/41822-232-6216-0-Tutorial-Aware-Personal.htm
* les tutos spybot 1.3 : http://tomcoyote.com/SPYBOT/indexfr.php
**http://assiste.free.fr/p/internet_utilitaires/spybot_search_destroy.php

*Devise : Je m'intéresse à l'avenir parceque
c'est là que je vais passer le reste de ma vie*
0
Réponse 4 / 7
July
 
Merci Dolly,
sinan, mon anti-virus m'a averti de la presence de 'virus' que j'ai donc mis en quarantaine (ne sachant pas quoi faire), et j'me suis aperçu qu'il a ds cette zone des 'systèmes de fichiers'.Pourtant ds la colonne où est marqué habituellement le nom du virus qui l'a infecté, la case est blanche!!
Je voulais donc juste savoir ce que sont ces 'systèmes de fichiers', et pourquoi ils sont ds la zone de quarantaine, malgrés qu'ils ne soient pas 'infectés'.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Utilisateur anonyme
 
ça je sais pas ?

vérifie sur Google les noms des fichiers

ou fait un scan Hijackthis pour voir si tu as des processus douteux dans ta machine

http://www.zebulon.fr/articles/HijackThis.php

(screenshot)
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
http://www.ordi-netfr.org/tutorialhijackthis.html <- en français

- Le mettre dans 1 dossier ex: C:\HijackThis
- Le lancer -> Scan -> Save log
- Récupérer ce log/texte avec le bloc-notes.
- Le copier/coller ici

*Devise : Je m'intéresse à l'avenir parceque
c'est là que je vais passer le reste de ma vie*
0
Réponse 6 / 7
July
 
Voilà pour le log:
Logfile of HijackThis v1.99.1
Scan saved at 14:19:54, on 27/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINPENJR\win32\pphidpad.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\hotkeysvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\atiupdxx.exe
C:\program files\OpenOffice.org1.1.2\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\program files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINPENJR\Win32\CUSTOM.EXE
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [ATIUpdater] atiupdxx.exe
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [ATIUpdater] atiupdxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [ATIUpdater] atiupdxx.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [ATIUpdater] atiupdxx.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\program files\OpenOffice.org1.1.2\program\quickstart.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1048_pack_XP.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70EAED7A-5F8E-408C-98AA-DD13CCC34A3D}: NameServer = 80.118.196.40 80.118.192.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{70EAED7A-5F8E-408C-98AA-DD13CCC34A3D}: NameServer = 80.118.196.40 80.118.192.110
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe" -service (file missing)

et poour les 'systèmes de fichiers', il y a 'Winsock', 'Wsock32' et 'Kernel32'
0
Réponse 7 / 7
July
 
Je remonte un peu le topic, puisque je n'ai pas encore reçu une réponse positive (ou négative?) de mon log

J'ai également suivi les conseils de Dolly, de mettre en quarantaine; mais malgré cela, ces mêmes spyware réapparaissent tout de même dans les scans suivants, 'fin bref merci de bien vouloir m'expliquer pourquoi iles reviennent, alors qu'ils st en quarantaine!!
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses