[adaware à mon ami ]
Résolu
Utilisateur anonyme
-
jean38 Messages postés 2534 Date d'inscription Statut Contributeur Dernière intervention -
jean38 Messages postés 2534 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour
Je ne sais pas ce qu'il faut enlever ou mettre en quarantaine...
Merci de bien vouloir nous aider...
Ceci est le log adaware
-----------------------------------------------------------------------------
Ad-Aware SE Build 1.06r1
Logfile Created on:jeudi 7 juillet 2005 8:46:37
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):8 total references
DyFuCA(TAC index:3):1 total references
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):22 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
7-07-2005 8:46:37 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 1-07-2005 15:00:45
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 180
ThreadCreationTime : 1-07-2005 15:00:52
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 200
ThreadCreationTime : 1-07-2005 15:00:53
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 228
ThreadCreationTime : 1-07-2005 15:00:57
BasePriority : Normal
FileVersion : 5.00.2195.2780
ProductVersion : 5.00.2195.2780
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 240
ThreadCreationTime : 1-07-2005 15:00:57
BasePriority : Normal
FileVersion : 5.00.2195.2964
ProductVersion : 5.00.2195.2964
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Exécutable LSA et DLL serveur (version d'exportation)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 408
ThreadCreationTime : 1-07-2005 15:01:01
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 428
ThreadCreationTime : 1-07-2005 15:01:02
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:8 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 456
ThreadCreationTime : 1-07-2005 15:01:02
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:9 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 488
ThreadCreationTime : 1-07-2005 15:01:03
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:10 [cisvc.exe]
FilePath : C:\WINNT\System32\
ProcessID : 524
ThreadCreationTime : 1-07-2005 15:01:07
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : cisvc.exe
#:11 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 544
ThreadCreationTime : 1-07-2005 15:01:07
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:12 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 584
ThreadCreationTime : 1-07-2005 15:01:08
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:13 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 608
ThreadCreationTime : 1-07-2005 15:01:08
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Moniteur de périphériques d'images fixes
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE
#:14 [vsmon.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ProcessID : 644
ThreadCreationTime : 1-07-2005 15:01:09
BasePriority : Normal
FileVersion : 5.1.039.004
ProductVersion : 5.1.039.004
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:15 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 704
ThreadCreationTime : 1-07-2005 15:01:19
BasePriority : Normal
FileVersion : 1.50.1085.0029
ProductVersion : 1.50.1085.0029
ProductName : Infrastructure de gestion Windows
CompanyName : Microsoft Corporation
FileDescription : Infrastructure de gestion Windows
InternalName : WINMGMT
LegalCopyright : Copyright (C) Microsoft Corp. 1995-1999
#:16 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1056
ThreadCreationTime : 1-07-2005 15:02:04
BasePriority : Normal
FileVersion : 5.1.039.004
ProductVersion : 5.1.039.004
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:17 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 1068
ThreadCreationTime : 1-07-2005 15:02:05
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch
#:18 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1080
ThreadCreationTime : 1-07-2005 15:02:06
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:19 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1088
ThreadCreationTime : 1-07-2005 15:02:07
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:20 [sointgr.exe]
FilePath : C:\WINNT\
ProcessID : 1104
ThreadCreationTime : 1-07-2005 15:02:08
BasePriority : Normal
#:21 [internat.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1124
ThreadCreationTime : 1-07-2005 15:02:10
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Application d'indication de langue du clavier
InternalName : INTERNAT
LegalCopyright : Copyright (C) Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE
#:22 [scnpanel.exe]
FilePath : C:\ScanPanel\
ProcessID : 1188
ThreadCreationTime : 1-07-2005 15:02:19
BasePriority : Normal
FileVersion : 1, 8, 1, 5
ProductVersion : 1, 8, 1, 5
ProductName : ScanPanel
FileDescription : ScnPanel MFC Application
InternalName : ScnPanel
LegalCopyright : Copyright (C) 2001
OriginalFilename : ScnPanel.EXE
#:23 [tray_cd.exe]
FilePath : C:\
ProcessID : 940
ThreadCreationTime : 1-07-2005 15:02:27
BasePriority : Normal
FileVersion : 1.0.4.0
ProductVersion : 1.0.4.0
ProductName : Tray Icon Opener
CompanyName : RJL Software - www.rjlsoftware.com
FileDescription : Tray icon cd opener/closer
InternalName : tray_cd
LegalCopyright : Copyright 2003
LegalTrademarks : None.
OriginalFilename : tray_cd.exe
Comments : Email any support issues to support@rjlsoftware.com
#:24 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1408
ThreadCreationTime : 4-07-2005 20:02:00
BasePriority : Normal
FileVersion : 5.00.3315.2846
ProductVersion : 5.00.3315.2846
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:25 [cidaemon.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1732
ThreadCreationTime : 5-07-2005 2:06:09
BasePriority : Idle
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : cidaemon.exe
#:26 [icq.exe]
FilePath : C:\Program Files\ICQ\
ProcessID : 1620
ThreadCreationTime : 6-07-2005 21:32:43
BasePriority : Normal
FileVersion : 2002a Beta
ProductVersion : 2002a Beta
ProductName : ICQ
CompanyName : ICQ Inc.
FileDescription : ICQ
InternalName : ICQ
LegalCopyright : Copyright © 1996 - 2002 ICQ Inc. All Rights Reserved.
OriginalFilename : ICQ.exe
Comments : ICQ V2002a Beta
#:27 [winmx.exe]
FilePath : C:\Program Files\WinMX\
ProcessID : 1776
ThreadCreationTime : 6-07-2005 23:56:14
BasePriority : Normal
FileVersion : 3.31
ProductVersion : 3.31
ProductName : WinMX
CompanyName : Frontcode Technologies
FileDescription : WinMX Application
InternalName : WinMX
LegalCopyright : Copyright (C) 2002 Frontcode Technologies, ALL RIGHTS RESERVED.
LegalTrademarks : WinMX tm Frontcode Technologies, ALL RIGHTS RESERVED
OriginalFilename : winmx.exe
Comments : Copyright (C) 2002 Frontcode Technologies, ALL RIGHTS RESERVED.
#:28 [opera.exe]
FilePath : C:\Program Files\Opera75\
ProcessID : 1216
ThreadCreationTime : 7-07-2005 4:03:27
BasePriority : Normal
FileVersion : 3778
ProductVersion : 7.50
ProductName : Opera Internet Browser
CompanyName : Opera Software
FileDescription : Opera Internet Browser
InternalName : Opera
LegalCopyright : Copyright © Opera Software 1995-2004
OriginalFilename : Opera.exe
#:29 [winamp.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1208
ThreadCreationTime : 7-07-2005 6:06:24
BasePriority : Normal
FileVersion : 2.91
ProductVersion : 2.91
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2003, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.
#:30 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 1712
ThreadCreationTime : 7-07-2005 6:25:15
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-813497703-1957994488-500\software\ist
Alexa Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Windows Object Recognized!
Type : RegData
Data : "regedit.exe" "%1"
TAC Rating : 3
Category : Vulnerability
Comment : Possible virus infection, REG file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : "regedit.exe" "%1"
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 10
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@www.cibleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@www.cibleclick.com/
Expires : 27-09-2037 2:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:510
Value : Cookie:administrateur@fastclick.net/
Expires : 24-06-2007 3:07:54
LastSync : Hits:510
UseCount : 0
Hits : 510
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@estat.com/
Expires : 3-05-2015 8:46:24
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@bs.serving-sys.com/
Expires : 1-01-2038 7:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrateur@serving-sys.com/
Expires : 1-01-2038 7:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:administrateur@www.smartadserver.com/
Expires : 12-05-2025 3:36:06
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@metriweb[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:administrateur@metriweb.be/
Expires : 9-05-2006 19:57:42
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:administrateur@servedby.advertising.com/
Expires : 9-06-2005 19:33:26
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@hypercount[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrateur@hypercount.com/
Expires : 17-05-2006 4:38:16
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:70
Value : Cookie:administrateur@real.com/
Expires : 4-07-2005 8:47:32
LastSync : Hits:70
UseCount : 0
Hits : 70
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@atdmt.com/
Expires : 9-05-2010 2:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:administrateur@doubleclick.net/
Expires : 8-05-2008 19:57:58
LastSync : Hits:13
UseCount : 0
Hits : 13
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:administrateur@adtech.de/
Expires : 8-05-2015 18:49:18
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:302
Value : Cookie:administrateur@cs.sexcounter.com/
Expires : 12-05-2024 20:07:28
LastSync : Hits:302
UseCount : 0
Hits : 302
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:43
Value : Cookie:administrateur@as1.falkag.de/
Expires : 9-06-2005 19:33:58
LastSync : Hits:43
UseCount : 0
Hits : 43
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@advertising.com/
Expires : 9-05-2010 18:49:18
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@fl01.ct2.comclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:54
Value : Cookie:administrateur@fl01.ct2.comclick.com/
Expires : 10-01-2029 2:00:00
LastSync : Hits:54
UseCount : 0
Hits : 54
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@tribalfusion.com/
Expires : 1-01-2038 2:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrateur@bluestreak.com/
Expires : 8-05-2015 15:31:14
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrateur@tradedoubler.com/
Expires : 19-07-2005 15:25:14
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrateur@mediaplex.com/
Expires : 22-06-2009 2:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@0[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:150
Value : Cookie:administrateur@jmbi43.cjt1.net/HTM/425/0
Expires : 24-06-2006 2:58:40
LastSync : Hits:150
UseCount : 0
Hits : 150
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 32
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Disk Scan Result for C:\WINNT\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Disk Scan Result for C:\DOCUME~1\ADMINI~1.ZEN\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 32
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrateur.ZENNE\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53
8:49:55 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:18.495
Objects scanned:36653
Objects identified:32
Objects ignored:0
New critical objects:32
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
ici le log hitjack this
Logfile of HijackThis v1.99.1
Scan saved at 9:03:46, on 7/07/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\SOINTGR.EXE
C:\WINNT\System32\internat.exe
C:\ScanPanel\ScnPanel.exe
C:\TRAY_CD.EXE
C:\WINNT\explorer.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Opera75\opera.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\Documents and Settings\Administrateur.ZENNE\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] **C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINNT\SOINTGR.EXE
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\12dicos\LanceMediaDICO12.exe Lancement
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Raccourci vers TRAY_CD.EXE.lnk = C:\TRAY_CD.EXE
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71B71A84-6518-4E84-90DC-40AFAF6A6A4E}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ABD41F2-0195-4CDA-B911-A76889C2CE8E}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Merci encore beaucoup
Bxflash
Je ne sais pas ce qu'il faut enlever ou mettre en quarantaine...
Merci de bien vouloir nous aider...
Ceci est le log adaware
-----------------------------------------------------------------------------
Ad-Aware SE Build 1.06r1
Logfile Created on:jeudi 7 juillet 2005 8:46:37
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):8 total references
DyFuCA(TAC index:3):1 total references
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):22 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
7-07-2005 8:46:37 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 1-07-2005 15:00:45
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 180
ThreadCreationTime : 1-07-2005 15:00:52
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 200
ThreadCreationTime : 1-07-2005 15:00:53
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 228
ThreadCreationTime : 1-07-2005 15:00:57
BasePriority : Normal
FileVersion : 5.00.2195.2780
ProductVersion : 5.00.2195.2780
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 240
ThreadCreationTime : 1-07-2005 15:00:57
BasePriority : Normal
FileVersion : 5.00.2195.2964
ProductVersion : 5.00.2195.2964
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Exécutable LSA et DLL serveur (version d'exportation)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 408
ThreadCreationTime : 1-07-2005 15:01:01
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 428
ThreadCreationTime : 1-07-2005 15:01:02
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:8 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 456
ThreadCreationTime : 1-07-2005 15:01:02
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:9 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 488
ThreadCreationTime : 1-07-2005 15:01:03
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:10 [cisvc.exe]
FilePath : C:\WINNT\System32\
ProcessID : 524
ThreadCreationTime : 1-07-2005 15:01:07
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : cisvc.exe
#:11 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 544
ThreadCreationTime : 1-07-2005 15:01:07
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:12 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 584
ThreadCreationTime : 1-07-2005 15:01:08
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:13 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 608
ThreadCreationTime : 1-07-2005 15:01:08
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Moniteur de périphériques d'images fixes
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE
#:14 [vsmon.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ProcessID : 644
ThreadCreationTime : 1-07-2005 15:01:09
BasePriority : Normal
FileVersion : 5.1.039.004
ProductVersion : 5.1.039.004
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:15 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 704
ThreadCreationTime : 1-07-2005 15:01:19
BasePriority : Normal
FileVersion : 1.50.1085.0029
ProductVersion : 1.50.1085.0029
ProductName : Infrastructure de gestion Windows
CompanyName : Microsoft Corporation
FileDescription : Infrastructure de gestion Windows
InternalName : WINMGMT
LegalCopyright : Copyright (C) Microsoft Corp. 1995-1999
#:16 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1056
ThreadCreationTime : 1-07-2005 15:02:04
BasePriority : Normal
FileVersion : 5.1.039.004
ProductVersion : 5.1.039.004
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:17 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 1068
ThreadCreationTime : 1-07-2005 15:02:05
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch
#:18 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1080
ThreadCreationTime : 1-07-2005 15:02:06
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:19 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1088
ThreadCreationTime : 1-07-2005 15:02:07
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:20 [sointgr.exe]
FilePath : C:\WINNT\
ProcessID : 1104
ThreadCreationTime : 1-07-2005 15:02:08
BasePriority : Normal
#:21 [internat.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1124
ThreadCreationTime : 1-07-2005 15:02:10
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Application d'indication de langue du clavier
InternalName : INTERNAT
LegalCopyright : Copyright (C) Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE
#:22 [scnpanel.exe]
FilePath : C:\ScanPanel\
ProcessID : 1188
ThreadCreationTime : 1-07-2005 15:02:19
BasePriority : Normal
FileVersion : 1, 8, 1, 5
ProductVersion : 1, 8, 1, 5
ProductName : ScanPanel
FileDescription : ScnPanel MFC Application
InternalName : ScnPanel
LegalCopyright : Copyright (C) 2001
OriginalFilename : ScnPanel.EXE
#:23 [tray_cd.exe]
FilePath : C:\
ProcessID : 940
ThreadCreationTime : 1-07-2005 15:02:27
BasePriority : Normal
FileVersion : 1.0.4.0
ProductVersion : 1.0.4.0
ProductName : Tray Icon Opener
CompanyName : RJL Software - www.rjlsoftware.com
FileDescription : Tray icon cd opener/closer
InternalName : tray_cd
LegalCopyright : Copyright 2003
LegalTrademarks : None.
OriginalFilename : tray_cd.exe
Comments : Email any support issues to support@rjlsoftware.com
#:24 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1408
ThreadCreationTime : 4-07-2005 20:02:00
BasePriority : Normal
FileVersion : 5.00.3315.2846
ProductVersion : 5.00.3315.2846
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:25 [cidaemon.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1732
ThreadCreationTime : 5-07-2005 2:06:09
BasePriority : Idle
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : cidaemon.exe
#:26 [icq.exe]
FilePath : C:\Program Files\ICQ\
ProcessID : 1620
ThreadCreationTime : 6-07-2005 21:32:43
BasePriority : Normal
FileVersion : 2002a Beta
ProductVersion : 2002a Beta
ProductName : ICQ
CompanyName : ICQ Inc.
FileDescription : ICQ
InternalName : ICQ
LegalCopyright : Copyright © 1996 - 2002 ICQ Inc. All Rights Reserved.
OriginalFilename : ICQ.exe
Comments : ICQ V2002a Beta
#:27 [winmx.exe]
FilePath : C:\Program Files\WinMX\
ProcessID : 1776
ThreadCreationTime : 6-07-2005 23:56:14
BasePriority : Normal
FileVersion : 3.31
ProductVersion : 3.31
ProductName : WinMX
CompanyName : Frontcode Technologies
FileDescription : WinMX Application
InternalName : WinMX
LegalCopyright : Copyright (C) 2002 Frontcode Technologies, ALL RIGHTS RESERVED.
LegalTrademarks : WinMX tm Frontcode Technologies, ALL RIGHTS RESERVED
OriginalFilename : winmx.exe
Comments : Copyright (C) 2002 Frontcode Technologies, ALL RIGHTS RESERVED.
#:28 [opera.exe]
FilePath : C:\Program Files\Opera75\
ProcessID : 1216
ThreadCreationTime : 7-07-2005 4:03:27
BasePriority : Normal
FileVersion : 3778
ProductVersion : 7.50
ProductName : Opera Internet Browser
CompanyName : Opera Software
FileDescription : Opera Internet Browser
InternalName : Opera
LegalCopyright : Copyright © Opera Software 1995-2004
OriginalFilename : Opera.exe
#:29 [winamp.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1208
ThreadCreationTime : 7-07-2005 6:06:24
BasePriority : Normal
FileVersion : 2.91
ProductVersion : 2.91
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2003, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.
#:30 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 1712
ThreadCreationTime : 7-07-2005 6:25:15
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-813497703-1957994488-500\software\ist
Alexa Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Windows Object Recognized!
Type : RegData
Data : "regedit.exe" "%1"
TAC Rating : 3
Category : Vulnerability
Comment : Possible virus infection, REG file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : "regedit.exe" "%1"
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 10
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@www.cibleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@www.cibleclick.com/
Expires : 27-09-2037 2:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:510
Value : Cookie:administrateur@fastclick.net/
Expires : 24-06-2007 3:07:54
LastSync : Hits:510
UseCount : 0
Hits : 510
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@estat.com/
Expires : 3-05-2015 8:46:24
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@bs.serving-sys.com/
Expires : 1-01-2038 7:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrateur@serving-sys.com/
Expires : 1-01-2038 7:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:administrateur@www.smartadserver.com/
Expires : 12-05-2025 3:36:06
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@metriweb[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:administrateur@metriweb.be/
Expires : 9-05-2006 19:57:42
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:administrateur@servedby.advertising.com/
Expires : 9-06-2005 19:33:26
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@hypercount[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrateur@hypercount.com/
Expires : 17-05-2006 4:38:16
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:70
Value : Cookie:administrateur@real.com/
Expires : 4-07-2005 8:47:32
LastSync : Hits:70
UseCount : 0
Hits : 70
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@atdmt.com/
Expires : 9-05-2010 2:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:administrateur@doubleclick.net/
Expires : 8-05-2008 19:57:58
LastSync : Hits:13
UseCount : 0
Hits : 13
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:administrateur@adtech.de/
Expires : 8-05-2015 18:49:18
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:302
Value : Cookie:administrateur@cs.sexcounter.com/
Expires : 12-05-2024 20:07:28
LastSync : Hits:302
UseCount : 0
Hits : 302
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:43
Value : Cookie:administrateur@as1.falkag.de/
Expires : 9-06-2005 19:33:58
LastSync : Hits:43
UseCount : 0
Hits : 43
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@advertising.com/
Expires : 9-05-2010 18:49:18
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@fl01.ct2.comclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:54
Value : Cookie:administrateur@fl01.ct2.comclick.com/
Expires : 10-01-2029 2:00:00
LastSync : Hits:54
UseCount : 0
Hits : 54
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@tribalfusion.com/
Expires : 1-01-2038 2:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrateur@bluestreak.com/
Expires : 8-05-2015 15:31:14
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrateur@tradedoubler.com/
Expires : 19-07-2005 15:25:14
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrateur@mediaplex.com/
Expires : 22-06-2009 2:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@0[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:150
Value : Cookie:administrateur@jmbi43.cjt1.net/HTM/425/0
Expires : 24-06-2006 2:58:40
LastSync : Hits:150
UseCount : 0
Hits : 150
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 32
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Disk Scan Result for C:\WINNT\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Disk Scan Result for C:\DOCUME~1\ADMINI~1.ZEN\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 32
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrateur.ZENNE\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-117609710-813497703-1957994488-500\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53
8:49:55 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:18.495
Objects scanned:36653
Objects identified:32
Objects ignored:0
New critical objects:32
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
ici le log hitjack this
Logfile of HijackThis v1.99.1
Scan saved at 9:03:46, on 7/07/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\SOINTGR.EXE
C:\WINNT\System32\internat.exe
C:\ScanPanel\ScnPanel.exe
C:\TRAY_CD.EXE
C:\WINNT\explorer.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Opera75\opera.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\Documents and Settings\Administrateur.ZENNE\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] **C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINNT\SOINTGR.EXE
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\12dicos\LanceMediaDICO12.exe Lancement
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Raccourci vers TRAY_CD.EXE.lnk = C:\TRAY_CD.EXE
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71B71A84-6518-4E84-90DC-40AFAF6A6A4E}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ABD41F2-0195-4CDA-B911-A76889C2CE8E}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Merci encore beaucoup
Bxflash
A voir également:
- [adaware à mon ami ]
- Adaware - Télécharger - Sécurité
2 réponses
salut,
A/ si tu ne les as pas, telecharge:
Clean Up 40 :
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
utilise le.
puis
telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijackthis
Démo : (merci a balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
fais un copier coller du log entier ici.
a+
A/ si tu ne les as pas, telecharge:
Clean Up 40 :
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
utilise le.
puis
telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijackthis
Démo : (merci a balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
fais un copier coller du log entier ici.
a+
si tu veux, voici la "batterie" assez classique à posseder:
si tu ne les as pas, telecharge:
Spybot S&D 1.4 et Ad-Aware SE 1.06 (2 anti spyware complementaires)
http://www.lavasoftusa.com/software/adaware/
http://www.safer-networking.org/fr/index.html
puis Clean Up 40 :
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
ne les utilise pas tout de suite
idem si tu ne l’as pas A2 free ( anti trojan)
ttp://www.emsisoft.net/fr/software/download/
met à jour spybot, ad aware et a2 free sur internet (tu trouves l’option dans les menus)
tout d'abord cleanup,
puis lance les scan, tu vires tout ce qu'ils trouvent.
bon travail.
si tu ne les as pas, telecharge:
Spybot S&D 1.4 et Ad-Aware SE 1.06 (2 anti spyware complementaires)
http://www.lavasoftusa.com/software/adaware/
http://www.safer-networking.org/fr/index.html
puis Clean Up 40 :
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
ne les utilise pas tout de suite
idem si tu ne l’as pas A2 free ( anti trojan)
ttp://www.emsisoft.net/fr/software/download/
met à jour spybot, ad aware et a2 free sur internet (tu trouves l’option dans les menus)
tout d'abord cleanup,
puis lance les scan, tu vires tout ce qu'ils trouvent.
bon travail.
je te remercie beaucoup pour l'attention que tu as apporté à mon message...
J'ai dis à mon ami de s'unscrire sur le site CCM, de télécharger CleanUp40
et d'envoyer son 2ème log hitjack this...
Merci encore pour vos conseils plus qu'enrichissants
Bxflash