Vrus ie security center
lionel
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonsoir à tous, j'ai un soucis avec un sécurity center qui s'ouvre à chaque fois qu'on lance IE ; voici ce que ad aware me répond après analyse, j'avoue ne pas savoir qu'en faire merci pour votre aide
Ad-Aware SE Build 1.06r1
Logfile Created on:jeudi 30 novembre 2006 19:23:52
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R135 27.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):22 total references
SpyHeal(TAC index:4):18 total references
Tracking Cookie(TAC index:3):17 total references
Win32.Trojandownloader.Zlob(TAC index:10):6 total references
WinAntiVirusPro(TAC index:10):3 total references
VirusBurst(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
30-11-2006 19:23:52 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrateur\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 436
ThreadCreationTime : 30-11-2006 17:23:48
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 30-11-2006 17:23:49
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 30-11-2006 17:23:50
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 30-11-2006 17:23:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 30-11-2006 17:23:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 30-11-2006 17:23:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 30-11-2006 17:23:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 840
ThreadCreationTime : 30-11-2006 17:23:52
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 884
ThreadCreationTime : 30-11-2006 17:23:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 30-11-2006 17:23:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1004
ThreadCreationTime : 30-11-2006 17:23:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 30-11-2006 17:23:54
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1340
ThreadCreationTime : 30-11-2006 17:24:02
BasePriority : Normal
#:14 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1352
ThreadCreationTime : 30-11-2006 17:24:02
BasePriority : High
FileVersion : 4, 7, 889, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe
#:15 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1440
ThreadCreationTime : 30-11-2006 17:24:03
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe
#:16 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1480
ThreadCreationTime : 30-11-2006 17:24:03
BasePriority : High
#:17 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1516
ThreadCreationTime : 30-11-2006 17:24:06
BasePriority : Normal
#:18 [naprdmgr.exe]
FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\
ProcessID : 1552
ThreadCreationTime : 30-11-2006 17:24:07
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe
#:19 [mdm.exe]
FilePath : C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\
ProcessID : 1564
ThreadCreationTime : 30-11-2006 17:24:07
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1680
ThreadCreationTime : 30-11-2006 17:24:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:21 [calmain.exe]
FilePath : C:\Program Files\Canon\CAL\
ProcessID : 176
ThreadCreationTime : 30-11-2006 17:24:21
BasePriority : Normal
FileVersion : 8, 1, 0, 14
ProductVersion : 8, 1, 0, 14
CompanyName : Canon Inc.
FileDescription : Canon Camera Access Library 8
LegalCopyright : Copyright (C) Canon Inc.
OriginalFilename : CALMAIN.exe
#:22 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 228
ThreadCreationTime : 30-11-2006 17:24:21
BasePriority : Normal
#:23 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 276
ThreadCreationTime : 30-11-2006 17:24:22
BasePriority : Normal
#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 528
ThreadCreationTime : 30-11-2006 17:24:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2852
ThreadCreationTime : 30-11-2006 17:31:24
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
Win32.Trojandownloader.Zlob Object Recognized!
Type : Process
Data : dcvwaah.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
#:26 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 2928
ThreadCreationTime : 30-11-2006 17:31:28
BasePriority : Normal
#:27 [updaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 2936
ThreadCreationTime : 30-11-2006 17:31:28
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe
#:28 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 2952
ThreadCreationTime : 30-11-2006 17:31:28
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswDisp.exe
#:29 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2976
ThreadCreationTime : 30-11-2006 17:31:29
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2984
ThreadCreationTime : 30-11-2006 17:31:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:31 [emule.exe]
FilePath : C:\Program Files\eMule\
ProcessID : 3016
ThreadCreationTime : 30-11-2006 17:31:32
BasePriority : Normal
FileVersion : 0.47.2 Unicode
ProductVersion : 0.47.2 Unicode
ProductName : eMule
CompanyName : https://www.emule-project.net/home/perl/general.cgi?l=1
FileDescription : eMule
InternalName : emule.exe
LegalCopyright : Copyright © 2002-2006 Merkur - read license.txt for more infos
OriginalFilename : emule.exe
#:32 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 3104
ThreadCreationTime : 30-11-2006 17:31:38
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:33 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3116
ThreadCreationTime : 30-11-2006 17:31:38
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Mises à jour automatiques
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : wuauclt.exe
#:34 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3476
ThreadCreationTime : 30-11-2006 17:31:58
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3876
ThreadCreationTime : 30-11-2006 17:51:25
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE
#:36 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1636
ThreadCreationTime : 30-11-2006 18:22:10
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d584a1f2-6441-7dbf-f659-22a8ca9de1a8}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0e365e19-98a1-4291-a880-5c40de007342}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{26981c6d-6df6-4867-8784-27e02157b30b}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{5cf9daf8-35aa-44fe-b548-c1acc7de2430}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{5ef67439-a232-49ff-9caa-7314be3b4adf}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7ae3a21b-21c8-4841-b165-68b6621f1c8b}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8baa1a22-cd51-422f-86ba-8d2ac9cf5d10}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{94a8f959-d497-415d-a02b-d7843a7c5be8}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{97e04f3d-81f7-4305-974b-41689065833b}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a7d94862-647a-4760-914a-3e6d7866aac6}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b9aa641a-7a6e-42f4-862d-222abea5b07b}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb797a32-f488-4022-a4f2-a690ec6cddd4}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{beda5701-e71f-43a7-8588-c7313e405ca2}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cf419fbd-8579-41e9-af42-f27b79f29b09}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e36724ad-4698-4574-ab32-e67ab01e683a}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e6b07ddd-1ca1-4e75-b160-31ccfeeb7a5e}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f82a9a6f-071b-4448-b0dd-d0e1742d75ff}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
VirusBurst Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6a66cc28-f0a2-fcbc-d3d5-1ea3001ed26a}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 43
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment : C:\WINDOWS\system32\dcvwaah.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : dcvwaah.dll
TAC Rating : 10
Category : Malware
Comment :
Object : c:\windows\system32\
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 45
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@kelkoo[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrateur@kelkoo.fr/
Expires : 28-11-2008 09:23:14
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:administrateur@estat.com/
Expires : 20-11-2016 19:57:54
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@bs.serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:50
Value : Cookie:administrateur@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:50
UseCount : 0
Hits : 50
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:94
Value : Cookie:administrateur@www.smartadserver.com/
Expires : 25-11-2026 18:40:20
LastSync : Hits:94
UseCount : 0
Hits : 94
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrateur@overture.com/
Expires : 23-11-2016 12:44:54
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@ads.addynamix.com/
Expires : 24-11-2006 21:21:50
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrateur@revenue.net/
Expires : 10-06-2022 06:05:42
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrateur@247realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@adtech.de/
Expires : 23-11-2016 12:43:16
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:administrateur@as1.falkag.de/
Expires : 27-01-2007 19:00:16
LastSync : Hits:11
UseCount : 0
Hits : 11
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:administrateur@ads.pointroll.com/
Expires : 01-01-2010 01:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@questionmarket.com/
Expires : 06-01-2007 06:51:16
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@tribalfusion.com/
Expires : 01-01-2038 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrateur@2o7.net/
Expires : 28-11-2011 09:23:40
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:administrateur@weborama.fr/
Expires : 22-11-2011 21:27:20
LastSync : Hits:34
UseCount : 0
Hits : 34
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@kelkoo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrateur@kelkoo.com/
Expires : 23-11-2008 20:04:18
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 62
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinAntiVirusPro Object Recognized!
Type : File
Data : Dc268.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\RECYCLER\S-1-5-21-1822439336-2188283067-2291903390-500\
FileVersion : 1, 0, 10, 0
ProductVersion : 1, 0, 10, 0
ProductName : Install Application
CompanyName : WinSoftware, Ltd.
FileDescription : Install Application
LegalCopyright : (c) 2005 WinSoftware. All rights reserved.
OriginalFilename : Install.exe
SpyHeal Object Recognized!
Type : File
Data : Dc321.exe
TAC Rating : 4
Category : Malware
Comment :
Object : C:\RECYCLER\S-1-5-21-1822439336-2188283067-2291903390-500\
FileVersion : 2.0.0.0
ProductVersion : 2.0.0.0
ProductName : SpyHeal
CompanyName : SpyHeal
FileDescription : Anti- spyware and adware
InternalName : spyheal.exe
LegalCopyright : (c) SpyHeal. All rights reserved.
OriginalFilename : spyheal.exe
WinAntiVirusPro Object Recognized!
Type : File
Data : A0006604.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4A978096-13C2-4893-8A2F-432D8CBD732C}\RP94\
FileVersion : 2, 0, 20, 1
ProductVersion : 2, 0, 143, 0
ProductName : WinAntiVirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : avkernel.dll
InternalName : avkernel
LegalCopyright : (c) 2005 WinSoftware. All rights reserved.
OriginalFilename : avkernel.dll
WinAntiVirusPro Object Recognized!
Type : File
Data : A0006631.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4A978096-13C2-4893-8A2F-432D8CBD732C}\RP94\
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
ProductName : Internet Explorer Dynamic Link Library
CompanyName : WinSoftware
FileDescription : WinAntiVirus 2006 Pro Internet Explorer DLL
InternalName : IEFWBHO
LegalCopyright : Copyright (C) 2006 WinSoftware, Ltd. All rights reserved.
OriginalFilename : IEFWBHO.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 66
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Folder
TAC Rating : 10
Category : Data Miner
Comment : Win32.Trojandownloader.Zlob
Object : C:\Program Files\Perfect Codec
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 67
19:37:40 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:47.813
Objects scanned:125067
Objects identified:44
Objects ignored:0
New critical objects:44
Ad-Aware SE Build 1.06r1
Logfile Created on:jeudi 30 novembre 2006 19:23:52
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R135 27.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):22 total references
SpyHeal(TAC index:4):18 total references
Tracking Cookie(TAC index:3):17 total references
Win32.Trojandownloader.Zlob(TAC index:10):6 total references
WinAntiVirusPro(TAC index:10):3 total references
VirusBurst(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
30-11-2006 19:23:52 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrateur\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1822439336-2188283067-2291903390-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 436
ThreadCreationTime : 30-11-2006 17:23:48
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 30-11-2006 17:23:49
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 30-11-2006 17:23:50
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 30-11-2006 17:23:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 30-11-2006 17:23:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 30-11-2006 17:23:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 30-11-2006 17:23:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 840
ThreadCreationTime : 30-11-2006 17:23:52
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 884
ThreadCreationTime : 30-11-2006 17:23:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 30-11-2006 17:23:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1004
ThreadCreationTime : 30-11-2006 17:23:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 30-11-2006 17:23:54
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1340
ThreadCreationTime : 30-11-2006 17:24:02
BasePriority : Normal
#:14 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1352
ThreadCreationTime : 30-11-2006 17:24:02
BasePriority : High
FileVersion : 4, 7, 889, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe
#:15 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1440
ThreadCreationTime : 30-11-2006 17:24:03
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe
#:16 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1480
ThreadCreationTime : 30-11-2006 17:24:03
BasePriority : High
#:17 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1516
ThreadCreationTime : 30-11-2006 17:24:06
BasePriority : Normal
#:18 [naprdmgr.exe]
FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\
ProcessID : 1552
ThreadCreationTime : 30-11-2006 17:24:07
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe
#:19 [mdm.exe]
FilePath : C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\
ProcessID : 1564
ThreadCreationTime : 30-11-2006 17:24:07
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1680
ThreadCreationTime : 30-11-2006 17:24:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:21 [calmain.exe]
FilePath : C:\Program Files\Canon\CAL\
ProcessID : 176
ThreadCreationTime : 30-11-2006 17:24:21
BasePriority : Normal
FileVersion : 8, 1, 0, 14
ProductVersion : 8, 1, 0, 14
CompanyName : Canon Inc.
FileDescription : Canon Camera Access Library 8
LegalCopyright : Copyright (C) Canon Inc.
OriginalFilename : CALMAIN.exe
#:22 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 228
ThreadCreationTime : 30-11-2006 17:24:21
BasePriority : Normal
#:23 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 276
ThreadCreationTime : 30-11-2006 17:24:22
BasePriority : Normal
#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 528
ThreadCreationTime : 30-11-2006 17:24:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2852
ThreadCreationTime : 30-11-2006 17:31:24
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
Win32.Trojandownloader.Zlob Object Recognized!
Type : Process
Data : dcvwaah.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
#:26 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 2928
ThreadCreationTime : 30-11-2006 17:31:28
BasePriority : Normal
#:27 [updaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 2936
ThreadCreationTime : 30-11-2006 17:31:28
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe
#:28 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 2952
ThreadCreationTime : 30-11-2006 17:31:28
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswDisp.exe
#:29 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2976
ThreadCreationTime : 30-11-2006 17:31:29
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2984
ThreadCreationTime : 30-11-2006 17:31:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:31 [emule.exe]
FilePath : C:\Program Files\eMule\
ProcessID : 3016
ThreadCreationTime : 30-11-2006 17:31:32
BasePriority : Normal
FileVersion : 0.47.2 Unicode
ProductVersion : 0.47.2 Unicode
ProductName : eMule
CompanyName : https://www.emule-project.net/home/perl/general.cgi?l=1
FileDescription : eMule
InternalName : emule.exe
LegalCopyright : Copyright © 2002-2006 Merkur - read license.txt for more infos
OriginalFilename : emule.exe
#:32 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 3104
ThreadCreationTime : 30-11-2006 17:31:38
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:33 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3116
ThreadCreationTime : 30-11-2006 17:31:38
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Mises à jour automatiques
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : wuauclt.exe
#:34 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3476
ThreadCreationTime : 30-11-2006 17:31:58
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3876
ThreadCreationTime : 30-11-2006 17:51:25
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE
#:36 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1636
ThreadCreationTime : 30-11-2006 18:22:10
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d584a1f2-6441-7dbf-f659-22a8ca9de1a8}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0e365e19-98a1-4291-a880-5c40de007342}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{26981c6d-6df6-4867-8784-27e02157b30b}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{5cf9daf8-35aa-44fe-b548-c1acc7de2430}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{5ef67439-a232-49ff-9caa-7314be3b4adf}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7ae3a21b-21c8-4841-b165-68b6621f1c8b}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8baa1a22-cd51-422f-86ba-8d2ac9cf5d10}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{94a8f959-d497-415d-a02b-d7843a7c5be8}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{97e04f3d-81f7-4305-974b-41689065833b}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a7d94862-647a-4760-914a-3e6d7866aac6}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b9aa641a-7a6e-42f4-862d-222abea5b07b}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb797a32-f488-4022-a4f2-a690ec6cddd4}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{beda5701-e71f-43a7-8588-c7313e405ca2}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cf419fbd-8579-41e9-af42-f27b79f29b09}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e36724ad-4698-4574-ab32-e67ab01e683a}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e6b07ddd-1ca1-4e75-b160-31ccfeeb7a5e}
SpyHeal Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f82a9a6f-071b-4448-b0dd-d0e1742d75ff}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
VirusBurst Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6a66cc28-f0a2-fcbc-d3d5-1ea3001ed26a}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 43
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment : C:\WINDOWS\system32\dcvwaah.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : dcvwaah.dll
TAC Rating : 10
Category : Malware
Comment :
Object : c:\windows\system32\
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 45
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@kelkoo[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:administrateur@kelkoo.fr/
Expires : 28-11-2008 09:23:14
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:administrateur@estat.com/
Expires : 20-11-2016 19:57:54
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@bs.serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:50
Value : Cookie:administrateur@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:50
UseCount : 0
Hits : 50
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:94
Value : Cookie:administrateur@www.smartadserver.com/
Expires : 25-11-2026 18:40:20
LastSync : Hits:94
UseCount : 0
Hits : 94
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrateur@overture.com/
Expires : 23-11-2016 12:44:54
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@ads.addynamix.com/
Expires : 24-11-2006 21:21:50
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrateur@revenue.net/
Expires : 10-06-2022 06:05:42
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrateur@247realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@adtech.de/
Expires : 23-11-2016 12:43:16
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:administrateur@as1.falkag.de/
Expires : 27-01-2007 19:00:16
LastSync : Hits:11
UseCount : 0
Hits : 11
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:administrateur@ads.pointroll.com/
Expires : 01-01-2010 01:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@questionmarket.com/
Expires : 06-01-2007 06:51:16
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrateur@tribalfusion.com/
Expires : 01-01-2038 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrateur@2o7.net/
Expires : 28-11-2011 09:23:40
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:administrateur@weborama.fr/
Expires : 22-11-2011 21:27:20
LastSync : Hits:34
UseCount : 0
Hits : 34
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@kelkoo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrateur@kelkoo.com/
Expires : 23-11-2008 20:04:18
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 62
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinAntiVirusPro Object Recognized!
Type : File
Data : Dc268.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\RECYCLER\S-1-5-21-1822439336-2188283067-2291903390-500\
FileVersion : 1, 0, 10, 0
ProductVersion : 1, 0, 10, 0
ProductName : Install Application
CompanyName : WinSoftware, Ltd.
FileDescription : Install Application
LegalCopyright : (c) 2005 WinSoftware. All rights reserved.
OriginalFilename : Install.exe
SpyHeal Object Recognized!
Type : File
Data : Dc321.exe
TAC Rating : 4
Category : Malware
Comment :
Object : C:\RECYCLER\S-1-5-21-1822439336-2188283067-2291903390-500\
FileVersion : 2.0.0.0
ProductVersion : 2.0.0.0
ProductName : SpyHeal
CompanyName : SpyHeal
FileDescription : Anti- spyware and adware
InternalName : spyheal.exe
LegalCopyright : (c) SpyHeal. All rights reserved.
OriginalFilename : spyheal.exe
WinAntiVirusPro Object Recognized!
Type : File
Data : A0006604.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4A978096-13C2-4893-8A2F-432D8CBD732C}\RP94\
FileVersion : 2, 0, 20, 1
ProductVersion : 2, 0, 143, 0
ProductName : WinAntiVirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : avkernel.dll
InternalName : avkernel
LegalCopyright : (c) 2005 WinSoftware. All rights reserved.
OriginalFilename : avkernel.dll
WinAntiVirusPro Object Recognized!
Type : File
Data : A0006631.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4A978096-13C2-4893-8A2F-432D8CBD732C}\RP94\
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
ProductName : Internet Explorer Dynamic Link Library
CompanyName : WinSoftware
FileDescription : WinAntiVirus 2006 Pro Internet Explorer DLL
InternalName : IEFWBHO
LegalCopyright : Copyright (C) 2006 WinSoftware, Ltd. All rights reserved.
OriginalFilename : IEFWBHO.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 66
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Folder
TAC Rating : 10
Category : Data Miner
Comment : Win32.Trojandownloader.Zlob
Object : C:\Program Files\Perfect Codec
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 67
19:37:40 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:47.813
Objects scanned:125067
Objects identified:44
Objects ignored:0
New critical objects:44
A voir également:
- Vrus ie security center
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Control center 4 - Télécharger - Divers Utilitaires
- Copytrans control center - Télécharger - Divers Utilitaires
- Msi center ne se lance pas - Forum Logiciels
- Catalyst control center - Télécharger - Pilotes & Matériel
3 réponses
Salut,
Fait ceci:
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisis l option 1 copie le rapport ici stp
Fait ceci:
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisis l option 1 copie le rapport ici stp
ok, donc:
Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Enregistre le rapport puis Copie/colle le rapport sur le forum stp.
Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Enregistre le rapport puis Copie/colle le rapport sur le forum stp.
Désolé boulepate, j'ai un vieux nec qui, quand on l'éteint, a une sécurité et ne peux plus redémarrer qu'après un certain temps...je me suis endormi...le lendemain, mise à jour automatique et chargement d'IE 7 et plantage...par contre, impossible de redémarrer en mode sans échec...je retente le bin's
Rapport fait à 21:42:14,67, 30/11/2006
Executé à partir de C:\Temp\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dcvwaah.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Perfect Codec\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{40dcff6e-af8d-4183-8ebe-a82270ac449e}"="gimmicks"
[HKEY_CLASSES_ROOT\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}\InProcServer32]
@="C:\WINDOWS\system32\dcvwaah.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}\InProcServer32]
@="C:\WINDOWS\system32\dcvwaah.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin