A voir également:
- [virus] Explorer démarre pas, PC bloqué. Aide
- Windows ne démarre pas - Guide
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Explorer patcher - Télécharger - Personnalisation
6 réponses
Je vais peut être mettre certains rapports, ca peut donner des infos en plus.
J'ai redemarré mon ordi pour passer en safemode. En refermant l'ordi, je vois que toutes les tâches que j'essayais de lancer et qui étaient bloquées, se débloquer ... dc il y a sûrement un trojan ou spyware qui bloque le tout.
En se refermant, il y a des messages d'erreurs qui apparaissent sur java.exe, CcApp.exe, dwwin.exe ... certains ont du mal à se fermer, il faut faire "End Now" ou des dll failed to initialize. Ca passe très vite, j'ai pas le temps de lire.
En safe mode, voila le rapport de Smitfraudfix
SmitFraudFix v2.120
Scan done at 0:58:30,24, 14/11/2006
Run from C:\Documents and Settings\khechine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\khechine
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\khechine\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\khechine\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Par la suite j'ai essayé de lancer Kaspersky internet Security, ca m'a sorti un message d'erreur :
The I/O operation has been aborted because of either a thread exit or an application request.
J'ai redemarré en mode normal, il a un message qui apparait , j'ai capté :
"Disk is RAW.
AUTOCHK not available for RAW Disk"
Voici le rapport de Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 01:53:23, on 14/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\looknstop\looknstop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\khechine\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NC NUMERICABLE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
O1 - Hosts: 84.16.81.52 www.taraji.net
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_18_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/fr/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://follakdaddou.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Si vous avez des pistes, merci de m'éclairer !
J'ai redemarré mon ordi pour passer en safemode. En refermant l'ordi, je vois que toutes les tâches que j'essayais de lancer et qui étaient bloquées, se débloquer ... dc il y a sûrement un trojan ou spyware qui bloque le tout.
En se refermant, il y a des messages d'erreurs qui apparaissent sur java.exe, CcApp.exe, dwwin.exe ... certains ont du mal à se fermer, il faut faire "End Now" ou des dll failed to initialize. Ca passe très vite, j'ai pas le temps de lire.
En safe mode, voila le rapport de Smitfraudfix
SmitFraudFix v2.120
Scan done at 0:58:30,24, 14/11/2006
Run from C:\Documents and Settings\khechine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\khechine
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\khechine\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\khechine\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Par la suite j'ai essayé de lancer Kaspersky internet Security, ca m'a sorti un message d'erreur :
The I/O operation has been aborted because of either a thread exit or an application request.
J'ai redemarré en mode normal, il a un message qui apparait , j'ai capté :
"Disk is RAW.
AUTOCHK not available for RAW Disk"
Voici le rapport de Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 01:53:23, on 14/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\looknstop\looknstop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\khechine\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NC NUMERICABLE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
O1 - Hosts: 84.16.81.52 www.taraji.net
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_18_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/fr/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://follakdaddou.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Si vous avez des pistes, merci de m'éclairer !
Utilisateur anonyme
14 nov. 2006 à 04:45
14 nov. 2006 à 04:45
Salut,
Désinstalle FlashGet il contient un spyware
en remplcement regarde ici:
http://kerio.probb.fr/ftopic59.Logiciels-pour-gerer-vos-telechargements.htm
Tu peux faire un scanne en ligne avec FireFox ici:
https://www.trendmicro.com/fr_fr/business.html
Désinstalle FlashGet il contient un spyware
en remplcement regarde ici:
http://kerio.probb.fr/ftopic59.Logiciels-pour-gerer-vos-telechargements.htm
Tu peux faire un scanne en ligne avec FireFox ici:
https://www.trendmicro.com/fr_fr/business.html
Salut boulepate62,
Mrci pour le coup de main. J'ai supprimé FlashGet. Par contre quand je launch HuoseCall, Firefox se ferme. Ca ne veut pas marcher.
Entre temps j'ai voulu essayer d'autres outils.
J'ai lancé ATF Cleaner. Quand je fais un selectAll, il bloque. Et quadn je choisis quoi cocher, je remarque que ça ne coince pour Cookies et Temporary Internet Files dans l'onglet Main. Dans l'onglet Firefox, il passe bien.
Après j'ai réessayé CCleaner, en choisissant ce que je coche (parce que précédemment je vous disais qu'il se plantait tj quand je lancais le nettoyage).
Et là j'ai remarqué, en analysant seulement le cache de Firefox, qu'il y avait des fichiers avec des caractères bizarres. On dirait qu'ils sont corrompus, et CCleaner n'arrive pas à les effacer.
Et dans les cases à cocher de Internet Explorer, CCleaner bugge quand je coche Temporary Internet Files, ou History (les fichiers index.dat)
Un autre outil Notracks.exe, ne s'execute pas bien, un message d'erreur sort :
Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat is corrupted
C'est dans le cache de firefox, et Temporary Internet Files et History de IE , que ça coince apparemment.
Et je vois toujours pas comment me débarrasser de la saleté que j'ai.
Encore merci à toute personne qui y voit une piste.
Mrci pour le coup de main. J'ai supprimé FlashGet. Par contre quand je launch HuoseCall, Firefox se ferme. Ca ne veut pas marcher.
Entre temps j'ai voulu essayer d'autres outils.
J'ai lancé ATF Cleaner. Quand je fais un selectAll, il bloque. Et quadn je choisis quoi cocher, je remarque que ça ne coince pour Cookies et Temporary Internet Files dans l'onglet Main. Dans l'onglet Firefox, il passe bien.
Après j'ai réessayé CCleaner, en choisissant ce que je coche (parce que précédemment je vous disais qu'il se plantait tj quand je lancais le nettoyage).
Et là j'ai remarqué, en analysant seulement le cache de Firefox, qu'il y avait des fichiers avec des caractères bizarres. On dirait qu'ils sont corrompus, et CCleaner n'arrive pas à les effacer.
Et dans les cases à cocher de Internet Explorer, CCleaner bugge quand je coche Temporary Internet Files, ou History (les fichiers index.dat)
Un autre outil Notracks.exe, ne s'execute pas bien, un message d'erreur sort :
Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat is corrupted
C'est dans le cache de firefox, et Temporary Internet Files et History de IE , que ça coince apparemment.
Et je vois toujours pas comment me débarrasser de la saleté que j'ai.
Encore merci à toute personne qui y voit une piste.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bon apparemment ça va un peu mieux.
Je ne sais pas trop comment ... mais Internet Explorer n'est plus bloqué.
J'ai désinstallé Firefox et redemarré l'ordi.
J'ai tenté de lancer ATF Cleaner, et il a bien marché. Puis CCleaner, et il marche aussi.
Par la suite j'ai tenté Ad-aware SE, il ne s'arrête plus il a finit et j'ai pu voir le log des fichiers qu'il a répéré comme malicieux. Puis je les ai mis en quarantainet effacé.
Voici le log en question de Ad-aware
Ad-Aware SE Build 1.06r1
Logfile Created on:mardi 14 novembre 2006 17:02:38
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R131 09-11-2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking(TAC index:3):13 total references
Alexa(TAC index:5):3 total references
AltnetBDE(TAC index:4):5 total references
BrilliantDigital(TAC index:6):5 total references
BullaBHO(TAC index:10):1 total references
CommonName(TAC index:7):5 total references
ExactSearchBar(TAC index:5):1 total references
MRU List(TAC index:0):36 total references
Tracking Cookie(TAC index:3):2 total references
UCmore(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan registry
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
14-11-2006 17:02:38 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 676
ThreadCreationTime : 14-11-2006 15:56:16
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 14-11-2006 15:56:18
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 768
ThreadCreationTime : 14-11-2006 15:56:20
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 14-11-2006 15:56:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 14-11-2006 15:56:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 14-11-2006 15:56:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1112
ThreadCreationTime : 14-11-2006 15:56:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1184
ThreadCreationTime : 14-11-2006 15:56:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1552
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1580
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:11 [avp.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\
ProcessID : 1596
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Kaspersky Anti-Virus
CompanyName : Kaspersky Lab
FileDescription : Kaspersky Anti-Virus
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE
#:12 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1624
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe
#:13 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1680
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 576
ThreadCreationTime : 14-11-2006 15:57:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1136
ThreadCreationTime : 14-11-2006 15:57:21
BasePriority : Normal
FileVersion : 0.1.0.3427
ProductVersion : 0.1.0.3427
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:16 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1268
ThreadCreationTime : 14-11-2006 15:57:21
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:17 [looknstop.exe]
FilePath : C:\Program Files\looknstop\
ProcessID : 1224
ThreadCreationTime : 14-11-2006 15:57:22
BasePriority : Normal
FileVersion : 2, 0, 0, 5
ProductVersion : 2, 0, 0, 5
ProductName : Look 'n' Stop Firewall Personnel
CompanyName : Soft4Ever
FileDescription : Look 'n' Stop Firewall Personnel
InternalName : LooknStop
LegalCopyright : Copyright © 2004
OriginalFilename : LooknStop.EXE
Comments : LooknStop
#:18 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1412
ThreadCreationTime : 14-11-2006 15:57:23
BasePriority : Normal
#:19 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1504
ThreadCreationTime : 14-11-2006 15:57:24
BasePriority : Normal
#:20 [avp.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\
ProcessID : 1712
ThreadCreationTime : 14-11-2006 15:57:24
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Kaspersky Anti-Virus
CompanyName : Kaspersky Lab
FileDescription : Kaspersky Anti-Virus
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE
#:21 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1676
ThreadCreationTime : 14-11-2006 15:57:24
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:22 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2540
ThreadCreationTime : 14-11-2006 16:01:54
BasePriority : Normal
#:23 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3576
ThreadCreationTime : 14-11-2006 16:02:16
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{16097036-894c-4c00-a61f-93ca0d49a70e}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1b540d44-3f61-4394-ae30-25fdc3649405}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2ed5af98-9258-45ba-b79b-06625c92f662}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ce9b37ec-d243-47a2-83db-3a8350175193}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}
AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3646c2bd-3554-49ca-8125-44deefb881de}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3eec42b5-fb94-40d3-a588-bb54b383a7cb}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ac04dc43-28e9-4746-9164-c200a04b8921}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a6475e6b-3c2e-4b1f-82fd-8f1c0b1d8ad0}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4f9ca775-2c5f-4e2a-b157-cb440564f7f4}
UCmore Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{53cbee82-d747-11d3-9ed0-005004189684}
AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}
BullaBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\kfh
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 28
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khechine@weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:khechine@weborama.fr/
Expires : 13-11-2008 17:00:40
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khechine@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:khechine@atdmt.com/
Expires : 13-11-2011 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 30
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
ExactSearchBar Object Recognized!
Type : File
Data : chktrust.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE
Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Disk Scan Result for C:\DOCUME~1\khechine\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
MRU List Object Recognized!
Location: : C:\Documents and Settings\khechine\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\khechine\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent open locations in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jcde_stack
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jcde_stack.1
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\p2p networking
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\p2p networking
AltnetBDE Object Recognized!
Type : Folder
TAC Rating : 4
Category : Data Miner
Comment : AltnetBDE
Object : C:\Documents and Settings\khechine\Start Menu\Programs\Altnet
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 72
17:04:42 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:04.479
Objects scanned:87285
Objects identified:36
Objects ignored:0
New critical objects:36
Par la suite je tente de lancer Cleanup et lui aussi marche, voici le log qu'il me donne
CleanUp! started on 11/14/06 11:12:57.
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\6453VZOG\override[1].css - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\6453VZOG\ie[1].css - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
https://www.msn.com/fr-fr/ - deleted
https://www.msn.com/fr-fr/ - deleted
C:\Documents and Settings\khechine\Local Settings\History\desktop (1).ini - deleted
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\MSHist012006111420061115\index.dat - deleted
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\MSHist012006111420061115\ - deleted
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: khechine@https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f - deleted
Visited: khechine@https://www.msn.com/fr-fr/ - deleted
Visited: khechine@mk:@MSITStore:C:\Program%20Files\Lavasoft\Ad-Aware%20SE%20Personal\manual.chm::/whatisad_awarese.htm - deleted
Visited: khechine@http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome - deleted
C:\Documents and Settings\khechine\Cookies\khechine@msn[2].txt - deleted
C:\Documents and Settings\khechine\Cookies\khechine@www.msn[2].txt - deleted
C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
Cookie:khechine@msn.com/ - deleted
Cookie:khechine@www.msn.com/ - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldprefs.js - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldlocalstore.rdf - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\cookies.txt.old - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldprefs.js - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldlocalstore.rdf - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\cookies.txt.old - deleted
C:\Documents and Settings\khechine\Recent\Photo arbi 155.lnk - deleted
C:\Documents and Settings\khechine\Recent\Photo arbi 155.lnk - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\khechine\LOCALS~1\Temp\jusched.log - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\data2.cab - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\Script_0011dcfc.html - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF274.tmp - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF4138.tmp - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\AAWTMP\ - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\khechine\LOCALS~1\Temp\data2.cab - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\Script_0011dcfc.html - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF274.tmp - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF4138.tmp - deleted
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SET7.tmp - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\locals~1\tempor~1\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temp\data2.cab - deleted
C:\Documents and Settings\khechine\Local Settings\Temp\Script_0011dcfc.html - deleted
C:\Documents and Settings\khechine\Local Settings\Temp\~DF274.tmp - deleted
C:\Documents and Settings\khechine\Local Settings\Temp\~DF4138.tmp - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 1.1 MB of disk space from 44 files.
CleanUp! finished on 11/14/06 11:12:59.
Enfin, j'ai pu cette fois ci installer Kaspersky Internet Security, et j'ai fait un scan sur tout le poste, il a supprimé pas mal de Adware et Trojan.
Bref, Interner Explorer, MSN, Emule, Firefox ... remarchent.
Je pense donc que je m'en suis sorti cette fois ci... j'ai du mal à le croire, tellement j'étais désespéré hier, je pensais qu'il ne restait que le formatage devant moi.
Si vous avez d'autres remarques sur des précautions que je dois encore prendre, je suis preneur.
Merci encore !
Je ne sais pas trop comment ... mais Internet Explorer n'est plus bloqué.
J'ai désinstallé Firefox et redemarré l'ordi.
J'ai tenté de lancer ATF Cleaner, et il a bien marché. Puis CCleaner, et il marche aussi.
Par la suite j'ai tenté Ad-aware SE, il ne s'arrête plus il a finit et j'ai pu voir le log des fichiers qu'il a répéré comme malicieux. Puis je les ai mis en quarantainet effacé.
Voici le log en question de Ad-aware
Ad-Aware SE Build 1.06r1
Logfile Created on:mardi 14 novembre 2006 17:02:38
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R131 09-11-2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking(TAC index:3):13 total references
Alexa(TAC index:5):3 total references
AltnetBDE(TAC index:4):5 total references
BrilliantDigital(TAC index:6):5 total references
BullaBHO(TAC index:10):1 total references
CommonName(TAC index:7):5 total references
ExactSearchBar(TAC index:5):1 total references
MRU List(TAC index:0):36 total references
Tracking Cookie(TAC index:3):2 total references
UCmore(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan registry
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
14-11-2006 17:02:38 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 676
ThreadCreationTime : 14-11-2006 15:56:16
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 14-11-2006 15:56:18
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 768
ThreadCreationTime : 14-11-2006 15:56:20
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 14-11-2006 15:56:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 14-11-2006 15:56:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 14-11-2006 15:56:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1112
ThreadCreationTime : 14-11-2006 15:56:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1184
ThreadCreationTime : 14-11-2006 15:56:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1552
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1580
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:11 [avp.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\
ProcessID : 1596
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Kaspersky Anti-Virus
CompanyName : Kaspersky Lab
FileDescription : Kaspersky Anti-Virus
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE
#:12 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1624
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe
#:13 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1680
ThreadCreationTime : 14-11-2006 15:56:46
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 576
ThreadCreationTime : 14-11-2006 15:57:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1136
ThreadCreationTime : 14-11-2006 15:57:21
BasePriority : Normal
FileVersion : 0.1.0.3427
ProductVersion : 0.1.0.3427
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:16 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1268
ThreadCreationTime : 14-11-2006 15:57:21
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:17 [looknstop.exe]
FilePath : C:\Program Files\looknstop\
ProcessID : 1224
ThreadCreationTime : 14-11-2006 15:57:22
BasePriority : Normal
FileVersion : 2, 0, 0, 5
ProductVersion : 2, 0, 0, 5
ProductName : Look 'n' Stop Firewall Personnel
CompanyName : Soft4Ever
FileDescription : Look 'n' Stop Firewall Personnel
InternalName : LooknStop
LegalCopyright : Copyright © 2004
OriginalFilename : LooknStop.EXE
Comments : LooknStop
#:18 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1412
ThreadCreationTime : 14-11-2006 15:57:23
BasePriority : Normal
#:19 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1504
ThreadCreationTime : 14-11-2006 15:57:24
BasePriority : Normal
#:20 [avp.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\
ProcessID : 1712
ThreadCreationTime : 14-11-2006 15:57:24
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Kaspersky Anti-Virus
CompanyName : Kaspersky Lab
FileDescription : Kaspersky Anti-Virus
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE
#:21 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1676
ThreadCreationTime : 14-11-2006 15:57:24
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:22 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2540
ThreadCreationTime : 14-11-2006 16:01:54
BasePriority : Normal
#:23 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3576
ThreadCreationTime : 14-11-2006 16:02:16
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{16097036-894c-4c00-a61f-93ca0d49a70e}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1b540d44-3f61-4394-ae30-25fdc3649405}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2ed5af98-9258-45ba-b79b-06625c92f662}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ce9b37ec-d243-47a2-83db-3a8350175193}
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}
AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3646c2bd-3554-49ca-8125-44deefb881de}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3eec42b5-fb94-40d3-a588-bb54b383a7cb}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ac04dc43-28e9-4746-9164-c200a04b8921}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a6475e6b-3c2e-4b1f-82fd-8f1c0b1d8ad0}
CommonName Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4f9ca775-2c5f-4e2a-b157-cb440564f7f4}
UCmore Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{53cbee82-d747-11d3-9ed0-005004189684}
AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}
BrilliantDigital Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}
BullaBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\kfh
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 28
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khechine@weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:khechine@weborama.fr/
Expires : 13-11-2008 17:00:40
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khechine@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:khechine@atdmt.com/
Expires : 13-11-2011 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 30
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
ExactSearchBar Object Recognized!
Type : File
Data : chktrust.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE
Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Disk Scan Result for C:\DOCUME~1\khechine\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
MRU List Object Recognized!
Location: : C:\Documents and Settings\khechine\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\khechine\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent open locations in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-790525478-1708537768-854245398-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jcde_stack
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jcde_stack.1
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\p2p networking
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\p2p networking
AltnetBDE Object Recognized!
Type : Folder
TAC Rating : 4
Category : Data Miner
Comment : AltnetBDE
Object : C:\Documents and Settings\khechine\Start Menu\Programs\Altnet
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 72
17:04:42 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:04.479
Objects scanned:87285
Objects identified:36
Objects ignored:0
New critical objects:36
Par la suite je tente de lancer Cleanup et lui aussi marche, voici le log qu'il me donne
CleanUp! started on 11/14/06 11:12:57.
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\6453VZOG\override[1].css - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\6453VZOG\ie[1].css - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
https://www.msn.com/fr-fr/ - deleted
https://www.msn.com/fr-fr/ - deleted
C:\Documents and Settings\khechine\Local Settings\History\desktop (1).ini - deleted
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\MSHist012006111420061115\index.dat - deleted
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\MSHist012006111420061115\ - deleted
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: khechine@https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f - deleted
Visited: khechine@https://www.msn.com/fr-fr/ - deleted
Visited: khechine@mk:@MSITStore:C:\Program%20Files\Lavasoft\Ad-Aware%20SE%20Personal\manual.chm::/whatisad_awarese.htm - deleted
Visited: khechine@http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome - deleted
C:\Documents and Settings\khechine\Cookies\khechine@msn[2].txt - deleted
C:\Documents and Settings\khechine\Cookies\khechine@www.msn[2].txt - deleted
C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
Cookie:khechine@msn.com/ - deleted
Cookie:khechine@www.msn.com/ - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldprefs.js - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldlocalstore.rdf - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\cookies.txt.old - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldprefs.js - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\oldlocalstore.rdf - deleted
C:\Documents and Settings\khechine\Application Data\Mozilla\Profiles\default\f9k9q8w1.slt\cookies.txt.old - deleted
C:\Documents and Settings\khechine\Recent\Photo arbi 155.lnk - deleted
C:\Documents and Settings\khechine\Recent\Photo arbi 155.lnk - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\khechine\LOCALS~1\Temp\jusched.log - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\data2.cab - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\Script_0011dcfc.html - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF274.tmp - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF4138.tmp - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\AAWTMP\ - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\khechine\LOCALS~1\Temp\data2.cab - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\Script_0011dcfc.html - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF274.tmp - deleted
C:\DOCUME~1\khechine\LOCALS~1\Temp\~DF4138.tmp - deleted
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SET7.tmp - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\locals~1\tempor~1\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\khechine\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temp\~DF8A05.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temp\~DF8A0E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temp\data2.cab - deleted
C:\Documents and Settings\khechine\Local Settings\Temp\Script_0011dcfc.html - deleted
C:\Documents and Settings\khechine\Local Settings\Temp\~DF274.tmp - deleted
C:\Documents and Settings\khechine\Local Settings\Temp\~DF4138.tmp - deleted
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\khechine\Local Settings\Temporary Internet Files\Content.IE5\1AAMP20F\2D03AB9FF766DB730D237293D3D[1].jpg - deleted
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 1.1 MB of disk space from 44 files.
CleanUp! finished on 11/14/06 11:12:59.
Enfin, j'ai pu cette fois ci installer Kaspersky Internet Security, et j'ai fait un scan sur tout le poste, il a supprimé pas mal de Adware et Trojan.
Bref, Interner Explorer, MSN, Emule, Firefox ... remarchent.
Je pense donc que je m'en suis sorti cette fois ci... j'ai du mal à le croire, tellement j'étais désespéré hier, je pensais qu'il ne restait que le formatage devant moi.
Si vous avez d'autres remarques sur des précautions que je dois encore prendre, je suis preneur.
Merci encore !
Utilisateur anonyme
15 nov. 2006 à 05:43
15 nov. 2006 à 05:43
Salut Amink
Fait un clique droit sur hijackthis, choisis "renommer" marque: abcde.exe puis clique sur "ok" puis remet un rapport hijackthis
Puis essaye de faire ça si internet explorer refonctionne
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Fait un clique droit sur hijackthis, choisis "renommer" marque: abcde.exe puis clique sur "ok" puis remet un rapport hijackthis
Puis essaye de faire ça si internet explorer refonctionne
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/