Dialer italien idd129.tmp.exe
Fermé
ChadSmith
Messages postés
3
Date d'inscription
lundi 11 décembre 2006
Statut
Membre
Dernière intervention
11 décembre 2006
-
11 déc. 2006 à 07:43
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 12 déc. 2006 à 07:08
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 12 déc. 2006 à 07:08
bonjour a tous j'ai chopper un virus qui est idd129.tmp.exe
je ne sais comment l'enlever et il m'enerve je suis nul en informatique....
meci d'avance
je ne sais comment l'enlever et il m'enerve je suis nul en informatique....
meci d'avance
A voir également:
- Dialer italien idd129.tmp.exe
- Numero italien qui appelle - Forum Mobile
- Chanteur italien année 2000 ✓ - Forum Musique / Radio / Clip
- Chanteur italien Années 2004/2005 - Forum Musique / Radio / Clip
- Google traduction italien français photo - Guide
- Chanteur italien années 90 ✓ - Forum Musique / Radio / Clip
5 réponses
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
11 déc. 2006 à 08:37
11 déc. 2006 à 08:37
Salut
Fais un nettoyage de ton PC
Suis bien les tutos
Il est important d’effectuer la manip dans sa totalité et dans l’ordre :
Télécharge (sauf si tu les as) et colle les 3 rapports dans l’ordre
A - ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
B - spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
C - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
Télécharge ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
et
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
D – Ewido – AVG
AVG Anti-Spyware :
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente!
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Copie/colle le rapport
E - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
http://www.bitdefender.fr/scan8/ie.html
Copie/COLLE le rapport entier
F - Hijackthis - Outil de diagnostic et réparation
lire démo
http://pageperso.aol.fr/balltrap34/Hijenr.gif
http://pageperso.aol.fr/balltrap34/demohijack.htm
Télécharge version française ici
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
Copie/colle le rapport
Bon courage
A++
Fais un nettoyage de ton PC
Suis bien les tutos
Il est important d’effectuer la manip dans sa totalité et dans l’ordre :
Télécharge (sauf si tu les as) et colle les 3 rapports dans l’ordre
A - ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
B - spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
C - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
Télécharge ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
et
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
D – Ewido – AVG
AVG Anti-Spyware :
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente!
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Copie/colle le rapport
E - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
http://www.bitdefender.fr/scan8/ie.html
Copie/COLLE le rapport entier
F - Hijackthis - Outil de diagnostic et réparation
lire démo
http://pageperso.aol.fr/balltrap34/Hijenr.gif
http://pageperso.aol.fr/balltrap34/demohijack.htm
Télécharge version française ici
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
Copie/colle le rapport
Bon courage
A++
ChadSmith
Messages postés
3
Date d'inscription
lundi 11 décembre 2006
Statut
Membre
Dernière intervention
11 décembre 2006
11 déc. 2006 à 20:49
11 déc. 2006 à 20:49
avec spybot il n'affiche pas le rapport comment faire?
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
11 déc. 2006 à 20:51
11 déc. 2006 à 20:51
Slt
Je ne te demande pas le rapport spybot !!!!
Lis bien...... lol
AVG
Bitdefender
Hitjakrhis
A++
Je ne te demande pas le rapport spybot !!!!
Lis bien...... lol
AVG
Bitdefender
Hitjakrhis
A++
ChadSmith
Messages postés
3
Date d'inscription
lundi 11 décembre 2006
Statut
Membre
Dernière intervention
11 décembre 2006
11 déc. 2006 à 21:03
11 déc. 2006 à 21:03
Ad-Aware SE Build 1.06r1
Logfile Created on:lundi 11 décembre 2006 20:00:48
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R138 11.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic)(TAC index:3):30 total references
Adware.MyToolbar(TAC index:3):2 total references
Adware.Searchcolours(TAC index:4):4 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):20 total references
Win32.Hacktool.ToolEvId(TAC index:3):1 total references
Win32.Trojan.Downloader(TAC index:10):3 total references
Win32.TrojanDownloader.Delf(TAC index:10):2 total references
Win32.Trojandownloader.Zlob(TAC index:10):17 total references
Virtumonde(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-12-2006 20:00:48 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 544
ThreadCreationTime : 11-12-2006 18:31:06
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 11-12-2006 18:31:12
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 11-12-2006 18:31:12
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 11-12-2006 18:31:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 11-12-2006 18:31:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 11-12-2006 18:31:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 11-12-2006 18:31:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1044
ThreadCreationTime : 11-12-2006 18:31:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1096
ThreadCreationTime : 11-12-2006 18:31:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1212
ThreadCreationTime : 11-12-2006 18:31:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1452
ThreadCreationTime : 11-12-2006 18:31:16
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1732
ThreadCreationTime : 11-12-2006 18:31:22
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
Adware.BHO(generic) Object Recognized!
Type : Process
Data : VSAdd-in.dll
TAC Rating : 3
Category : Adware
Comment :
Object : C:\Program Files\VSAdd-in\
#:13 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1824
ThreadCreationTime : 11-12-2006 18:31:25
BasePriority : Normal
FileVersion : 6.14.10.7184
ProductVersion : 6.14.10.7184
ProductName : NVIDIA Driver Helper Service, Version 71.84
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.84
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:14 [pavfires.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\
ProcessID : 1840
ThreadCreationTime : 11-12-2006 18:31:25
BasePriority : Normal
FileVersion : 1, 3, 0, 0
ProductVersion : 7, 5, 0, 0
ProductName : Platinum 7 Pavfires
CompanyName : Panda Software
FileDescription : Personal Firewall Service
InternalName : Pavfires
LegalCopyright : Panda Software Copyright © 2003
OriginalFilename : Pavfires.exe
#:15 [pavsrv51.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ProcessID : 1884
ThreadCreationTime : 11-12-2006 18:31:26
BasePriority : High
FileVersion : 6, 3, 0, 530
ProductVersion : 6.3
ProductName : Panda Antivirus
CompanyName : Panda Software
FileDescription : Panda Antivirus Service for Windows NT/2000
InternalName : pavsrv
LegalCopyright : Copyright © Panda Software 2003
OriginalFilename : pavsrv.exe
#:16 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1988
ThreadCreationTime : 11-12-2006 18:31:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:17 [avengine.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ProcessID : 164
ThreadCreationTime : 11-12-2006 18:31:30
BasePriority : Normal
FileVersion : 6, 3, 0, 492
ProductVersion : 6.3
ProductName : Panda Antivirus Windows NT/2000
CompanyName : Panda Software
FileDescription : Proceso análisis independiente
InternalName : avengine
LegalCopyright : Copyright © Panda Software 1990-2002
OriginalFilename : avengine.exe
#:18 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 288
ThreadCreationTime : 11-12-2006 18:31:31
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:19 [mmtask.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 1508
ThreadCreationTime : 11-12-2006 18:31:38
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: (c) <Company name>. All rights reserved.
OriginalFilename : mmtask.exe
#:20 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1516
ThreadCreationTime : 11-12-2006 18:31:38
BasePriority : Normal
FileVersion : 8.00.0148
ProductVersion : 8.00.0148
ProductName : MUSICMATCH JUKEBOX
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © MUSICMATCH 1998-2003
LegalTrademarks :
OriginalFilename : mm_tray.exe
#:21 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 11-12-2006 18:31:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
#:22 [lvcomsx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1584
ThreadCreationTime : 11-12-2006 18:31:38
BasePriority : Normal
FileVersion : 8.4.2.1019
ProductVersion : 8.4.2.1019
ProductName : Labtec WebCam
CompanyName : Labtec Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : (c) 1996-2005 Labtec. All rights reserved.
OriginalFilename : LVComS.exe
#:23 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 1644
ThreadCreationTime : 11-12-2006 18:31:39
BasePriority : Normal
FileVersion : 8.4.2.1019
ProductVersion : 8.4.2.1019
ProductName : Labtec WebCam
CompanyName : Labtec Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : (c) 1996-2005 Labtec. All rights reserved.
OriginalFilename : LogiTray.exe
#:24 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_09\bin\
ProcessID : 1720
ThreadCreationTime : 11-12-2006 18:31:41
BasePriority : Normal
#:25 [realsched.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 1832
ThreadCreationTime : 11-12-2006 18:31:43
BasePriority : Normal
FileVersion : 0.1.0.3760
ProductVersion : 0.1.0.3760
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:26 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1968
ThreadCreationTime : 11-12-2006 18:31:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
#:27 [apvxdwin.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ProcessID : 212
ThreadCreationTime : 11-12-2006 18:31:47
BasePriority : Normal
FileVersion : 2, 12, 12, 0
ProductVersion : 7.00
ProductName : Panda Antivirus Platinum
CompanyName : Panda Software International
FileDescription : Platinum permanent protection
InternalName : Apvxdwin.exe
#:28 [lxcgmon.exe]
FilePath : C:\Program Files\Lexmark 2300 Series\
ProcessID : 408
ThreadCreationTime : 11-12-2006 18:31:48
BasePriority : Normal
FileVersion : 2.6.62.11
ProductVersion : 2.6.62.11
ProductName : Lexmark Device Monitor
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark Device Monitor
InternalName : lxcgmon.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxcgmon.exe
#:29 [ezprint.exe]
FilePath : C:\Program Files\Lexmark 2300 Series\
ProcessID : 500
ThreadCreationTime : 11-12-2006 18:31:50
BasePriority : Normal
FileVersion : 1.0.5.0
ProductVersion : 1.0.5.0
ProductName : Lexmark Fast Pics Application
CompanyName : Lexmark International Inc.
FileDescription : Lexmark Fast Pics Application
InternalName : Lexmark Fast Pics
LegalCopyright : Copyright (C) 2004
OriginalFilename : ezprint.exe
#:30 [update.exe]
FilePath : C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\
ProcessID : 1524
ThreadCreationTime : 11-12-2006 18:31:56
BasePriority : Normal
Win32.Trojan.Downloader Object Recognized!
Type : Process
Data : Update.exe
TAC Rating : 10
Category : Malware
Comment : Update.exe.dmp
Object : C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\
Warning! Win32.Trojan.Downloader Object found in memory(C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\Update.exe)
"C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\Update.exe"Process terminated successfully
"C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\Update.exe"Process terminated successfully
#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2100
ThreadCreationTime : 11-12-2006 18:32:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:32 [quickaccess.exe]
FilePath : C:\Program Files\neuf telecom\neuf Box\Wizard\
ProcessID : 2304
ThreadCreationTime : 11-12-2006 18:32:05
BasePriority : Normal
FileVersion : 1.0.0.56
ProductVersion : 1.0.0.0
ProductName : Agent QuickAccess Cegetel Sagem
CompanyName : Terra Virtual
FileDescription : Agent QuickAccess Cegetel Sagem
InternalName : Agent QuickAccess Cegetel Sagem
LegalCopyright : © Terra Virtual
OriginalFilename : Agent QuickAccess Cegetel Sagem
#:33 [fxsvr2.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 2368
ThreadCreationTime : 11-12-2006 18:32:05
BasePriority : Normal
FileVersion : 8.4.2.1019
ProductVersion : 8.4.2.1019
ProductName : Labtec WebCam
CompanyName : Labtec Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : (c) 1996-2005 Labtec. All rights reserved.
OriginalFilename : FxSvr.EXE
#:34 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2384
ThreadCreationTime : 11-12-2006 18:32:06
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:35 [steam.exe]
FilePath : C:\Program Files\Steam\
ProcessID : 2400
ThreadCreationTime : 11-12-2006 18:32:06
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe
#:36 [winspool.exe]
FilePath : C:\WINDOWS\YMANTE~1\
ProcessID : 2488
ThreadCreationTime : 11-12-2006 18:32:08
BasePriority : Normal
#:37 [c?rss.exe]
FilePath : C:\WINDOWS\system32\?ppPatch\
ProcessID : 2512
ThreadCreationTime : 11-12-2006 18:32:09
BasePriority : Normal
#:38 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2544
ThreadCreationTime : 11-12-2006 18:32:10
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:39 [pavproxy.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ProcessID : 2652
ThreadCreationTime : 11-12-2006 18:32:12
BasePriority : Normal
FileVersion : 3, 6, 10, 24
ProductVersion : 3, 6, 10, 24
ProductName : Mail Resident
CompanyName : Panda Software
FileDescription : PavProxy
InternalName : PavProxy
LegalCopyright : Copyright © 2002
OriginalFilename : PavProxy.exe
#:40 [kem.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ProcessID : 2744
ThreadCreationTime : 11-12-2006 18:32:16
BasePriority : Normal
FileVersion : 2.14.107
ProductVersion : 2.14.107
ProductName : SetPoint Files
CompanyName : Logitech Inc.
FileDescription : Logitech SetPoint
InternalName : SetPoint
LegalCopyright : (C) 2003 Logitech. All rights reserved.
LegalTrademarks : Logitech®, is a registered trademark of Logitech Inc.
OriginalFilename : KEM.exe
Comments : Created by the Productivity Software team
#:41 [khalmnpr.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ProcessID : 2844
ThreadCreationTime : 11-12-2006 18:32:17
BasePriority : Normal
FileVersion : 2.14.103
ProductVersion : 2.14.103
ProductName : Productivity Software Common Files
CompanyName : Logitech Inc.
FileDescription : Logitech Hardware Abstraction Layer
InternalName : SetPoint
LegalCopyright : (C) 2003 Logitech. All rights reserved.
LegalTrademarks : Logitech®, MouseWare® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : KHALMNPR.Exe
Comments : Created by the Productivity Software team
#:42 [lxcgcoms.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3092
ThreadCreationTime : 11-12-2006 18:32:26
BasePriority : High
FileVersion : 1.154.7.0
ProductVersion : 1.154.7.0
ProductName : Printer Communication System
FileDescription : Printer Communication System
InternalName : GN__coms.exe
OriginalFilename : GN__coms.exe
#:43 [win44.tmp.exe]
FilePath : C:\WINDOWS\TEMP\
ProcessID : 2416
ThreadCreationTime : 11-12-2006 18:55:16
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Universa Application
FileDescription : Universa Application
InternalName : Universa
LegalCopyright : Copyright (C) 2006
OriginalFilename : Universa.exe
#:44 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 1260
ThreadCreationTime : 11-12-2006 18:56:22
BasePriority : Normal
#:45 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2720
ThreadCreationTime : 11-12-2006 19:00:35
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{07d6c807-5aa2-420d-beaf-8fac74790512}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5e47627b-d89e-442b-82a6-f2fab368621b}
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5e47627b-d89e-442b-82a6-f2fab368621b}
Value : AppID
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{baa62b4f-5e59-40cc-b2ec-0e19b8776fa2}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e1412445-4ff8-410e-8d24-f2cf86b171a4}
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e1412445-4ff8-410e-8d24-f2cf86b171a4}
Value : AppID
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42665363-98ba-40aa-9b0b-67ee68888942}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{baa62b4f-5e59-40cc-b2ec-0e19b8776fa2}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{43a1c50a-0683-4caf-8066-3184184dfdb9}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{46a4e9d9-b30e-452a-8157-dbbec8573b03}
Adware.MyToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}
Adware.MyToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6f2214e-0b54-45a9-b90d-7dd4ba45ed0b}
Adware.Searchcolours Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{74dd705d-6834-439c-a735-a6dbe2677452}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c25003b-f5c9-4c24-a5f8-5bee543a562c}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3b021ad8-9999-4efe-8203-36a5b09117d7}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3c975d06-9239-4a00-9f1a-c3c337912f22}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{413d2fa5-98cd-4078-98c1-c3ae775ef050}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{46722628-c282-4fdf-814d-5b819c78e067}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{49a6d89f-4422-4474-a287-5fe1d6811a87}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66b01f8a-1d57-40e7-8c8d-d67d06662577}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7588c5e3-9c6e-4cfe-884f-71bf8383621a}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8122d5a8-dc59-4ab8-9c02-cf66e10641c2}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fb11528-3a97-45fe-beaa-1a1fc4ee45f5}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fe88dc0-e1ec-43e3-b70e-d3246f4d1899}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a25f0022-c2fc-4ea0-abba-2bfe4635bd68}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bdc75ad7-a8a5-4f25-be36-a4db971c7541}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c49930c7-abf8-43b4-a7b7-98013dd6abe6}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{eca9fbff-5415-4440-a92b-03e8ca7b9828}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f7996a4a-b172-4c1a-85d0-19ab61c9c512}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e1412445-4ff8-410e-8d24-f2cf86b171a4}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{46a4e9d9-b30e-452a-8157-dbbec8573b03}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}
Value : UninstallString
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 33
Objects found so far: 35
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-1644491937-413027322-725345543-1004\Software\Microsoft\Internet Explorer\MainStart Pagerunonce.msn.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://runonce.msn.com/?v=msgrv75"
TAC Rating : 4
Category : Adware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-413027322-725345543-1004\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://runonce.msn.com/?v=msgrv75"
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 36
Adware.Searchcolours Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {74dd705d-6834-439c-a735-a6dbe2677452}
Adware.Searchcolours Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-413027322-725345543-1004\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {74dd705d-6834-439c-a735-a6dbe2677452}
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:chadsmith@bluestreak.com/
Expires : 08-12-2016 13:11:54
LastSync : Hits:15
UseCount : 0
Hits : 15
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:chadsmith@atdmt.com/
Expires : 07-12-2011 01:00:00
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:36
Value : Cookie:chadsmith@weborama.fr/
Expires : 07-06-2007 01:02:58
LastSync : Hits:36
UseCount : 0
Hits : 36
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:chadsmith@tradedoubler.com/
Expires : 05-12-2026 11:09:16
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@www.smartadserver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:chadsmith@www.smartadserver.com/
Expires : 06-12-2026 18:12:28
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:chadsmith@doubleclick.net/
Expires : 08-12-2009 12:49:18
LastSync : Hits:19
UseCount : 0
Hits : 19
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:chadsmith@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:16
UseCount : 0
Hits : 16
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@rotator.adjuggler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:chadsmith@rotator.adjuggler.com/
Expires : 06-12-2016 19:58:46
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:chadsmith@2o7.net/
Expires : 08-12-2011 12:04:54
LastSync : Hits:15
UseCount : 0
Hits : 15
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:44
Value : Cookie:chadsmith@real.com/
Expires : 09-12-2007 13:09:40
LastSync : Hits:44
UseCount : 0
Hits : 44
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@adserver.aol[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:chadsmith@adserver.aol.fr/
Expires : 06-12-2016 10:27:42
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:chadsmith@estat.com/
Expires : 05-12-2016 22:52:08
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@247realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:chadsmith@247realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:19
UseCount : 0
Hits : 19
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:chadsmith@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:chadsmith@~~local~~/
Expires : 23-12-2006 19:19:46
LastSync : Hits:34
UseCount : 0
Hits : 34
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@fl01.ct2.comclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:97
Value : Cookie:chadsmith@fl01.ct2.comclick.com/
Expires : 10-01-2029 01:00:00
LastSync : Hits:97
UseCount : 0
Hits : 97
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 54
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fhares@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Fhares\Cookies\fhares@2o7[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fhares@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Fhares\Cookies\fhares@atdmt[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fhares@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Fhares\Cookies\fhares@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fhares@weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Fhares\Cookies\fhares@weborama[2].txt
Win32.TrojanDownloader.Delf Object Recognized!
Type : File
Data : Downloader.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\PeDevice\
Win32.TrojanDownloader.Delf Object Recognized!
Type : File
Data : Preparation.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\PeDevice\
Win32.Hacktool.ToolEvId Object Recognized!
Type : File
Data : A0003922.exe
TAC Rating : 3
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{93E3250E-2585-4707-B629-2555141D528E}\RP19\
Virtumonde Object Recognized!
Type : File
Data : nnnljhi.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 62
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 62
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\pedev.dll
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pae_bho.pedev_ielistener
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pae_bho.pedev_ielistener.1
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pedev_bho.pedev
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pedev_bho.pedev.1
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : Account Name
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Server
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP URL
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Search Return
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Timeout
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Authentication
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Simple Search
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Logo
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\search toolbar corp
Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\adwaredisablekey3
Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adwaredisablekey3
Adware.Searchcolours Object Recognized!
Type : Folder
TAC Rating : 4
Category : Adware
Comment : Adware.Searchcolours
Object : C:\Program Files\VSAdd-in
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tcpip\parameters
Value : NameServer
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 81
20:09:26 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:38.0
Objects scanned:115956
Objects identified:80
Objects ignored:0
New critical objects:80
ensuite cleanup
C:\WINDOWS\temp\win41D.tmp - deleted
C:\WINDOWS\temp\win41E.tmp - deleted
C:\WINDOWS\temp\win41F.tmp - deleted
C:\WINDOWS\temp\win42.tmp - deleted
C:\WINDOWS\temp\win420.tmp - deleted
C:\WINDOWS\temp\win421.tmp - deleted
C:\WINDOWS\temp\win422.tmp - deleted
C:\WINDOWS\temp\win423.tmp - deleted
C:\WINDOWS\temp\win424.tmp - deleted
C:\WINDOWS\temp\win425.tmp - deleted
C:\WINDOWS\temp\win426.tmp - deleted
C:\WINDOWS\temp\win427.tmp - deleted
C:\WINDOWS\temp\win428.tmp - deleted
C:\WINDOWS\temp\win429.tmp - deleted
C:\WINDOWS\temp\win42A.tmp - deleted
C:\WINDOWS\temp\win42C.tmp - deleted
C:\WINDOWS\temp\win42D.tmp - deleted
C:\WINDOWS\temp\win42E.tmp - deleted
C:\WINDOWS\temp\win42F.tmp - deleted
C:\WINDOWS\temp\win43.tmp - deleted
C:\WINDOWS\temp\win430.tmp - deleted
C:\WINDOWS\temp\win431.tmp - deleted
C:\WINDOWS\temp\win432.tmp - deleted
C:\WINDOWS\temp\win433.tmp - deleted
C:\WINDOWS\temp\win434.tmp - deleted
C:\WINDOWS\temp\win435.tmp - deleted
C:\WINDOWS\temp\win436.tmp - deleted
C:\WINDOWS\temp\win437.tmp - deleted
C:\WINDOWS\temp\win438.tmp - deleted
C:\WINDOWS\temp\win439.tmp - deleted
C:\WINDOWS\temp\win43A.tmp - deleted
C:\WINDOWS\temp\win43B.tmp - deleted
C:\WINDOWS\temp\win43C.tmp - deleted
C:\WINDOWS\temp\win43D.tmp - deleted
C:\WINDOWS\temp\win43E.tmp - deleted
C:\WINDOWS\temp\win43F.tmp - deleted
C:\WINDOWS\temp\win44.tmp - deleted
C:\WINDOWS\temp\win44.tmp.exe - deleted
C:\WINDOWS\temp\win440.tmp - deleted
C:\WINDOWS\temp\win441.tmp - deleted
C:\WINDOWS\temp\win443.tmp - deleted
C:\WINDOWS\temp\win444.tmp - deleted
C:\WINDOWS\temp\win445.tmp - deleted
C:\WINDOWS\temp\win446.tmp - deleted
C:\WINDOWS\temp\win447.tmp - deleted
C:\WINDOWS\temp\win448.tmp - deleted
C:\WINDOWS\temp\win449.tmp - deleted
C:\WINDOWS\temp\win44A.tmp - deleted
C:\WINDOWS\temp\win44B.tmp - deleted
C:\WINDOWS\temp\win44C.tmp - deleted
C:\WINDOWS\temp\win44D.tmp - deleted
C:\WINDOWS\temp\win44E.tmp - deleted
C:\WINDOWS\temp\win44F.tmp - deleted
C:\WINDOWS\temp\win45.tmp - deleted
C:\WINDOWS\temp\win450.tmp - deleted
C:\WINDOWS\temp\win451.tmp - deleted
C:\WINDOWS\temp\win452.tmp - deleted
C:\WINDOWS\temp\win453.tmp - deleted
C:\WINDOWS\temp\win454.tmp - deleted
C:\WINDOWS\temp\win455.tmp - deleted
C:\WINDOWS\temp\win456.tmp - deleted
C:\WINDOWS\temp\win457.tmp - deleted
C:\WINDOWS\temp\win458.tmp - deleted
C:\WINDOWS\temp\win45A.tmp - deleted
C:\WINDOWS\temp\win45B.tmp - deleted
C:\WINDOWS\temp\win45C.tmp - deleted
C:\WINDOWS\temp\win45D.tmp - deleted
C:\WINDOWS\temp\win45E.tmp - deleted
C:\WINDOWS\temp\win45F.tmp - deleted
C:\WINDOWS\temp\win46.tmp - deleted
C:\WINDOWS\temp\win460.tmp - deleted
C:\WINDOWS\temp\win461.tmp - deleted
C:\WINDOWS\temp\win462.tmp - deleted
C:\WINDOWS\temp\win463.tmp - deleted
C:\WINDOWS\temp\win464.tmp - deleted
C:\WINDOWS\temp\win465.tmp - deleted
C:\WINDOWS\temp\win466.tmp - deleted
C:\WINDOWS\temp\win467.tmp - deleted
C:\WINDOWS\temp\win468.tmp - deleted
C:\WINDOWS\temp\win469.tmp - deleted
C:\WINDOWS\temp\win46A.tmp - deleted
C:\WINDOWS\temp\win46B.tmp - deleted
C:\WINDOWS\temp\win46C.tmp - deleted
C:\WINDOWS\temp\win46D.tmp - deleted
C:\WINDOWS\temp\win46E.tmp - deleted
C:\WINDOWS\temp\win46F.tmp - deleted
C:\WINDOWS\temp\win47.tmp - deleted
C:\WINDOWS\temp\win470.tmp - deleted
C:\WINDOWS\temp\win471.tmp - deleted
C:\WINDOWS\temp\win472.tmp - deleted
C:\WINDOWS\temp\win473.tmp - deleted
C:\WINDOWS\temp\win474.tmp - deleted
C:\WINDOWS\temp\win475.tmp - deleted
C:\WINDOWS\temp\win476.tmp - deleted
C:\WINDOWS\temp\win477.tmp - deleted
C:\WINDOWS\temp\win478.tmp - deleted
C:\WINDOWS\temp\win479.tmp - deleted
C:\WINDOWS\temp\win47A.tmp - deleted
C:\WINDOWS\temp\win47B.tmp - deleted
C:\WINDOWS\temp\win47C.tmp - deleted
C:\WINDOWS\temp\win47D.tmp - deleted
C:\WINDOWS\temp\win47E.tmp - deleted
C:\WINDOWS\temp\win47F.tmp - deleted
Logfile Created on:lundi 11 décembre 2006 20:00:48
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R138 11.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic)(TAC index:3):30 total references
Adware.MyToolbar(TAC index:3):2 total references
Adware.Searchcolours(TAC index:4):4 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):20 total references
Win32.Hacktool.ToolEvId(TAC index:3):1 total references
Win32.Trojan.Downloader(TAC index:10):3 total references
Win32.TrojanDownloader.Delf(TAC index:10):2 total references
Win32.Trojandownloader.Zlob(TAC index:10):17 total references
Virtumonde(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-12-2006 20:00:48 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 544
ThreadCreationTime : 11-12-2006 18:31:06
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 11-12-2006 18:31:12
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 11-12-2006 18:31:12
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 11-12-2006 18:31:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 11-12-2006 18:31:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 11-12-2006 18:31:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 11-12-2006 18:31:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1044
ThreadCreationTime : 11-12-2006 18:31:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1096
ThreadCreationTime : 11-12-2006 18:31:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1212
ThreadCreationTime : 11-12-2006 18:31:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1452
ThreadCreationTime : 11-12-2006 18:31:16
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1732
ThreadCreationTime : 11-12-2006 18:31:22
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
Adware.BHO(generic) Object Recognized!
Type : Process
Data : VSAdd-in.dll
TAC Rating : 3
Category : Adware
Comment :
Object : C:\Program Files\VSAdd-in\
#:13 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1824
ThreadCreationTime : 11-12-2006 18:31:25
BasePriority : Normal
FileVersion : 6.14.10.7184
ProductVersion : 6.14.10.7184
ProductName : NVIDIA Driver Helper Service, Version 71.84
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.84
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:14 [pavfires.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\
ProcessID : 1840
ThreadCreationTime : 11-12-2006 18:31:25
BasePriority : Normal
FileVersion : 1, 3, 0, 0
ProductVersion : 7, 5, 0, 0
ProductName : Platinum 7 Pavfires
CompanyName : Panda Software
FileDescription : Personal Firewall Service
InternalName : Pavfires
LegalCopyright : Panda Software Copyright © 2003
OriginalFilename : Pavfires.exe
#:15 [pavsrv51.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ProcessID : 1884
ThreadCreationTime : 11-12-2006 18:31:26
BasePriority : High
FileVersion : 6, 3, 0, 530
ProductVersion : 6.3
ProductName : Panda Antivirus
CompanyName : Panda Software
FileDescription : Panda Antivirus Service for Windows NT/2000
InternalName : pavsrv
LegalCopyright : Copyright © Panda Software 2003
OriginalFilename : pavsrv.exe
#:16 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1988
ThreadCreationTime : 11-12-2006 18:31:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:17 [avengine.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ProcessID : 164
ThreadCreationTime : 11-12-2006 18:31:30
BasePriority : Normal
FileVersion : 6, 3, 0, 492
ProductVersion : 6.3
ProductName : Panda Antivirus Windows NT/2000
CompanyName : Panda Software
FileDescription : Proceso análisis independiente
InternalName : avengine
LegalCopyright : Copyright © Panda Software 1990-2002
OriginalFilename : avengine.exe
#:18 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 288
ThreadCreationTime : 11-12-2006 18:31:31
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:19 [mmtask.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 1508
ThreadCreationTime : 11-12-2006 18:31:38
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: (c) <Company name>. All rights reserved.
OriginalFilename : mmtask.exe
#:20 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1516
ThreadCreationTime : 11-12-2006 18:31:38
BasePriority : Normal
FileVersion : 8.00.0148
ProductVersion : 8.00.0148
ProductName : MUSICMATCH JUKEBOX
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © MUSICMATCH 1998-2003
LegalTrademarks :
OriginalFilename : mm_tray.exe
#:21 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 11-12-2006 18:31:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
#:22 [lvcomsx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1584
ThreadCreationTime : 11-12-2006 18:31:38
BasePriority : Normal
FileVersion : 8.4.2.1019
ProductVersion : 8.4.2.1019
ProductName : Labtec WebCam
CompanyName : Labtec Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : (c) 1996-2005 Labtec. All rights reserved.
OriginalFilename : LVComS.exe
#:23 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 1644
ThreadCreationTime : 11-12-2006 18:31:39
BasePriority : Normal
FileVersion : 8.4.2.1019
ProductVersion : 8.4.2.1019
ProductName : Labtec WebCam
CompanyName : Labtec Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : (c) 1996-2005 Labtec. All rights reserved.
OriginalFilename : LogiTray.exe
#:24 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_09\bin\
ProcessID : 1720
ThreadCreationTime : 11-12-2006 18:31:41
BasePriority : Normal
#:25 [realsched.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 1832
ThreadCreationTime : 11-12-2006 18:31:43
BasePriority : Normal
FileVersion : 0.1.0.3760
ProductVersion : 0.1.0.3760
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:26 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1968
ThreadCreationTime : 11-12-2006 18:31:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
#:27 [apvxdwin.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ProcessID : 212
ThreadCreationTime : 11-12-2006 18:31:47
BasePriority : Normal
FileVersion : 2, 12, 12, 0
ProductVersion : 7.00
ProductName : Panda Antivirus Platinum
CompanyName : Panda Software International
FileDescription : Platinum permanent protection
InternalName : Apvxdwin.exe
#:28 [lxcgmon.exe]
FilePath : C:\Program Files\Lexmark 2300 Series\
ProcessID : 408
ThreadCreationTime : 11-12-2006 18:31:48
BasePriority : Normal
FileVersion : 2.6.62.11
ProductVersion : 2.6.62.11
ProductName : Lexmark Device Monitor
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark Device Monitor
InternalName : lxcgmon.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxcgmon.exe
#:29 [ezprint.exe]
FilePath : C:\Program Files\Lexmark 2300 Series\
ProcessID : 500
ThreadCreationTime : 11-12-2006 18:31:50
BasePriority : Normal
FileVersion : 1.0.5.0
ProductVersion : 1.0.5.0
ProductName : Lexmark Fast Pics Application
CompanyName : Lexmark International Inc.
FileDescription : Lexmark Fast Pics Application
InternalName : Lexmark Fast Pics
LegalCopyright : Copyright (C) 2004
OriginalFilename : ezprint.exe
#:30 [update.exe]
FilePath : C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\
ProcessID : 1524
ThreadCreationTime : 11-12-2006 18:31:56
BasePriority : Normal
Win32.Trojan.Downloader Object Recognized!
Type : Process
Data : Update.exe
TAC Rating : 10
Category : Malware
Comment : Update.exe.dmp
Object : C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\
Warning! Win32.Trojan.Downloader Object found in memory(C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\Update.exe)
"C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\Update.exe"Process terminated successfully
"C:\Program Files\Fichiers communs\{38BE808D-0876-1036-0902-040202050021}\Update.exe"Process terminated successfully
#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2100
ThreadCreationTime : 11-12-2006 18:32:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:32 [quickaccess.exe]
FilePath : C:\Program Files\neuf telecom\neuf Box\Wizard\
ProcessID : 2304
ThreadCreationTime : 11-12-2006 18:32:05
BasePriority : Normal
FileVersion : 1.0.0.56
ProductVersion : 1.0.0.0
ProductName : Agent QuickAccess Cegetel Sagem
CompanyName : Terra Virtual
FileDescription : Agent QuickAccess Cegetel Sagem
InternalName : Agent QuickAccess Cegetel Sagem
LegalCopyright : © Terra Virtual
OriginalFilename : Agent QuickAccess Cegetel Sagem
#:33 [fxsvr2.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 2368
ThreadCreationTime : 11-12-2006 18:32:05
BasePriority : Normal
FileVersion : 8.4.2.1019
ProductVersion : 8.4.2.1019
ProductName : Labtec WebCam
CompanyName : Labtec Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : (c) 1996-2005 Labtec. All rights reserved.
OriginalFilename : FxSvr.EXE
#:34 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2384
ThreadCreationTime : 11-12-2006 18:32:06
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:35 [steam.exe]
FilePath : C:\Program Files\Steam\
ProcessID : 2400
ThreadCreationTime : 11-12-2006 18:32:06
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe
#:36 [winspool.exe]
FilePath : C:\WINDOWS\YMANTE~1\
ProcessID : 2488
ThreadCreationTime : 11-12-2006 18:32:08
BasePriority : Normal
#:37 [c?rss.exe]
FilePath : C:\WINDOWS\system32\?ppPatch\
ProcessID : 2512
ThreadCreationTime : 11-12-2006 18:32:09
BasePriority : Normal
#:38 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2544
ThreadCreationTime : 11-12-2006 18:32:10
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:39 [pavproxy.exe]
FilePath : C:\Program Files\Panda Software\Panda Antivirus Platinum\
ProcessID : 2652
ThreadCreationTime : 11-12-2006 18:32:12
BasePriority : Normal
FileVersion : 3, 6, 10, 24
ProductVersion : 3, 6, 10, 24
ProductName : Mail Resident
CompanyName : Panda Software
FileDescription : PavProxy
InternalName : PavProxy
LegalCopyright : Copyright © 2002
OriginalFilename : PavProxy.exe
#:40 [kem.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ProcessID : 2744
ThreadCreationTime : 11-12-2006 18:32:16
BasePriority : Normal
FileVersion : 2.14.107
ProductVersion : 2.14.107
ProductName : SetPoint Files
CompanyName : Logitech Inc.
FileDescription : Logitech SetPoint
InternalName : SetPoint
LegalCopyright : (C) 2003 Logitech. All rights reserved.
LegalTrademarks : Logitech®, is a registered trademark of Logitech Inc.
OriginalFilename : KEM.exe
Comments : Created by the Productivity Software team
#:41 [khalmnpr.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ProcessID : 2844
ThreadCreationTime : 11-12-2006 18:32:17
BasePriority : Normal
FileVersion : 2.14.103
ProductVersion : 2.14.103
ProductName : Productivity Software Common Files
CompanyName : Logitech Inc.
FileDescription : Logitech Hardware Abstraction Layer
InternalName : SetPoint
LegalCopyright : (C) 2003 Logitech. All rights reserved.
LegalTrademarks : Logitech®, MouseWare® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : KHALMNPR.Exe
Comments : Created by the Productivity Software team
#:42 [lxcgcoms.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3092
ThreadCreationTime : 11-12-2006 18:32:26
BasePriority : High
FileVersion : 1.154.7.0
ProductVersion : 1.154.7.0
ProductName : Printer Communication System
FileDescription : Printer Communication System
InternalName : GN__coms.exe
OriginalFilename : GN__coms.exe
#:43 [win44.tmp.exe]
FilePath : C:\WINDOWS\TEMP\
ProcessID : 2416
ThreadCreationTime : 11-12-2006 18:55:16
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Universa Application
FileDescription : Universa Application
InternalName : Universa
LegalCopyright : Copyright (C) 2006
OriginalFilename : Universa.exe
#:44 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 1260
ThreadCreationTime : 11-12-2006 18:56:22
BasePriority : Normal
#:45 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2720
ThreadCreationTime : 11-12-2006 19:00:35
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{07d6c807-5aa2-420d-beaf-8fac74790512}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5e47627b-d89e-442b-82a6-f2fab368621b}
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5e47627b-d89e-442b-82a6-f2fab368621b}
Value : AppID
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{baa62b4f-5e59-40cc-b2ec-0e19b8776fa2}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e1412445-4ff8-410e-8d24-f2cf86b171a4}
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e1412445-4ff8-410e-8d24-f2cf86b171a4}
Value : AppID
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42665363-98ba-40aa-9b0b-67ee68888942}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{baa62b4f-5e59-40cc-b2ec-0e19b8776fa2}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{43a1c50a-0683-4caf-8066-3184184dfdb9}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{46a4e9d9-b30e-452a-8157-dbbec8573b03}
Adware.MyToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}
Adware.MyToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6f2214e-0b54-45a9-b90d-7dd4ba45ed0b}
Adware.Searchcolours Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{74dd705d-6834-439c-a735-a6dbe2677452}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c25003b-f5c9-4c24-a5f8-5bee543a562c}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3b021ad8-9999-4efe-8203-36a5b09117d7}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3c975d06-9239-4a00-9f1a-c3c337912f22}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{413d2fa5-98cd-4078-98c1-c3ae775ef050}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{46722628-c282-4fdf-814d-5b819c78e067}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{49a6d89f-4422-4474-a287-5fe1d6811a87}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66b01f8a-1d57-40e7-8c8d-d67d06662577}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7588c5e3-9c6e-4cfe-884f-71bf8383621a}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8122d5a8-dc59-4ab8-9c02-cf66e10641c2}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fb11528-3a97-45fe-beaa-1a1fc4ee45f5}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fe88dc0-e1ec-43e3-b70e-d3246f4d1899}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a25f0022-c2fc-4ea0-abba-2bfe4635bd68}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bdc75ad7-a8a5-4f25-be36-a4db971c7541}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c49930c7-abf8-43b4-a7b7-98013dd6abe6}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{eca9fbff-5415-4440-a92b-03e8ca7b9828}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f7996a4a-b172-4c1a-85d0-19ab61c9c512}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e1412445-4ff8-410e-8d24-f2cf86b171a4}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{46a4e9d9-b30e-452a-8157-dbbec8573b03}
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}
Value : UninstallString
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 33
Objects found so far: 35
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-1644491937-413027322-725345543-1004\Software\Microsoft\Internet Explorer\MainStart Pagerunonce.msn.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://runonce.msn.com/?v=msgrv75"
TAC Rating : 4
Category : Adware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-413027322-725345543-1004\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://runonce.msn.com/?v=msgrv75"
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 36
Adware.Searchcolours Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {74dd705d-6834-439c-a735-a6dbe2677452}
Adware.Searchcolours Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-413027322-725345543-1004\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {74dd705d-6834-439c-a735-a6dbe2677452}
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:chadsmith@bluestreak.com/
Expires : 08-12-2016 13:11:54
LastSync : Hits:15
UseCount : 0
Hits : 15
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:chadsmith@atdmt.com/
Expires : 07-12-2011 01:00:00
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:36
Value : Cookie:chadsmith@weborama.fr/
Expires : 07-06-2007 01:02:58
LastSync : Hits:36
UseCount : 0
Hits : 36
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:chadsmith@tradedoubler.com/
Expires : 05-12-2026 11:09:16
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@www.smartadserver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:chadsmith@www.smartadserver.com/
Expires : 06-12-2026 18:12:28
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:chadsmith@doubleclick.net/
Expires : 08-12-2009 12:49:18
LastSync : Hits:19
UseCount : 0
Hits : 19
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:chadsmith@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:16
UseCount : 0
Hits : 16
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@rotator.adjuggler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:chadsmith@rotator.adjuggler.com/
Expires : 06-12-2016 19:58:46
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:chadsmith@2o7.net/
Expires : 08-12-2011 12:04:54
LastSync : Hits:15
UseCount : 0
Hits : 15
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:44
Value : Cookie:chadsmith@real.com/
Expires : 09-12-2007 13:09:40
LastSync : Hits:44
UseCount : 0
Hits : 44
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@adserver.aol[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:chadsmith@adserver.aol.fr/
Expires : 06-12-2016 10:27:42
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:chadsmith@estat.com/
Expires : 05-12-2016 22:52:08
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@247realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:chadsmith@247realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:19
UseCount : 0
Hits : 19
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:chadsmith@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:chadsmith@~~local~~/
Expires : 23-12-2006 19:19:46
LastSync : Hits:34
UseCount : 0
Hits : 34
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chadsmith@fl01.ct2.comclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:97
Value : Cookie:chadsmith@fl01.ct2.comclick.com/
Expires : 10-01-2029 01:00:00
LastSync : Hits:97
UseCount : 0
Hits : 97
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 54
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fhares@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Fhares\Cookies\fhares@2o7[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fhares@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Fhares\Cookies\fhares@atdmt[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fhares@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Fhares\Cookies\fhares@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fhares@weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Fhares\Cookies\fhares@weborama[2].txt
Win32.TrojanDownloader.Delf Object Recognized!
Type : File
Data : Downloader.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\PeDevice\
Win32.TrojanDownloader.Delf Object Recognized!
Type : File
Data : Preparation.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\PeDevice\
Win32.Hacktool.ToolEvId Object Recognized!
Type : File
Data : A0003922.exe
TAC Rating : 3
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{93E3250E-2585-4707-B629-2555141D528E}\RP19\
Virtumonde Object Recognized!
Type : File
Data : nnnljhi.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 62
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 62
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\pedev.dll
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pae_bho.pedev_ielistener
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pae_bho.pedev_ielistener.1
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pedev_bho.pedev
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pedev_bho.pedev.1
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : Account Name
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Server
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP URL
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Search Return
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Timeout
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Authentication
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Simple Search
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet account manager\accounts\bigfoot
Value : LDAP Logo
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\search toolbar corp
Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\adwaredisablekey3
Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adwaredisablekey3
Adware.Searchcolours Object Recognized!
Type : Folder
TAC Rating : 4
Category : Adware
Comment : Adware.Searchcolours
Object : C:\Program Files\VSAdd-in
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tcpip\parameters
Value : NameServer
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 81
20:09:26 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:38.0
Objects scanned:115956
Objects identified:80
Objects ignored:0
New critical objects:80
ensuite cleanup
C:\WINDOWS\temp\win41D.tmp - deleted
C:\WINDOWS\temp\win41E.tmp - deleted
C:\WINDOWS\temp\win41F.tmp - deleted
C:\WINDOWS\temp\win42.tmp - deleted
C:\WINDOWS\temp\win420.tmp - deleted
C:\WINDOWS\temp\win421.tmp - deleted
C:\WINDOWS\temp\win422.tmp - deleted
C:\WINDOWS\temp\win423.tmp - deleted
C:\WINDOWS\temp\win424.tmp - deleted
C:\WINDOWS\temp\win425.tmp - deleted
C:\WINDOWS\temp\win426.tmp - deleted
C:\WINDOWS\temp\win427.tmp - deleted
C:\WINDOWS\temp\win428.tmp - deleted
C:\WINDOWS\temp\win429.tmp - deleted
C:\WINDOWS\temp\win42A.tmp - deleted
C:\WINDOWS\temp\win42C.tmp - deleted
C:\WINDOWS\temp\win42D.tmp - deleted
C:\WINDOWS\temp\win42E.tmp - deleted
C:\WINDOWS\temp\win42F.tmp - deleted
C:\WINDOWS\temp\win43.tmp - deleted
C:\WINDOWS\temp\win430.tmp - deleted
C:\WINDOWS\temp\win431.tmp - deleted
C:\WINDOWS\temp\win432.tmp - deleted
C:\WINDOWS\temp\win433.tmp - deleted
C:\WINDOWS\temp\win434.tmp - deleted
C:\WINDOWS\temp\win435.tmp - deleted
C:\WINDOWS\temp\win436.tmp - deleted
C:\WINDOWS\temp\win437.tmp - deleted
C:\WINDOWS\temp\win438.tmp - deleted
C:\WINDOWS\temp\win439.tmp - deleted
C:\WINDOWS\temp\win43A.tmp - deleted
C:\WINDOWS\temp\win43B.tmp - deleted
C:\WINDOWS\temp\win43C.tmp - deleted
C:\WINDOWS\temp\win43D.tmp - deleted
C:\WINDOWS\temp\win43E.tmp - deleted
C:\WINDOWS\temp\win43F.tmp - deleted
C:\WINDOWS\temp\win44.tmp - deleted
C:\WINDOWS\temp\win44.tmp.exe - deleted
C:\WINDOWS\temp\win440.tmp - deleted
C:\WINDOWS\temp\win441.tmp - deleted
C:\WINDOWS\temp\win443.tmp - deleted
C:\WINDOWS\temp\win444.tmp - deleted
C:\WINDOWS\temp\win445.tmp - deleted
C:\WINDOWS\temp\win446.tmp - deleted
C:\WINDOWS\temp\win447.tmp - deleted
C:\WINDOWS\temp\win448.tmp - deleted
C:\WINDOWS\temp\win449.tmp - deleted
C:\WINDOWS\temp\win44A.tmp - deleted
C:\WINDOWS\temp\win44B.tmp - deleted
C:\WINDOWS\temp\win44C.tmp - deleted
C:\WINDOWS\temp\win44D.tmp - deleted
C:\WINDOWS\temp\win44E.tmp - deleted
C:\WINDOWS\temp\win44F.tmp - deleted
C:\WINDOWS\temp\win45.tmp - deleted
C:\WINDOWS\temp\win450.tmp - deleted
C:\WINDOWS\temp\win451.tmp - deleted
C:\WINDOWS\temp\win452.tmp - deleted
C:\WINDOWS\temp\win453.tmp - deleted
C:\WINDOWS\temp\win454.tmp - deleted
C:\WINDOWS\temp\win455.tmp - deleted
C:\WINDOWS\temp\win456.tmp - deleted
C:\WINDOWS\temp\win457.tmp - deleted
C:\WINDOWS\temp\win458.tmp - deleted
C:\WINDOWS\temp\win45A.tmp - deleted
C:\WINDOWS\temp\win45B.tmp - deleted
C:\WINDOWS\temp\win45C.tmp - deleted
C:\WINDOWS\temp\win45D.tmp - deleted
C:\WINDOWS\temp\win45E.tmp - deleted
C:\WINDOWS\temp\win45F.tmp - deleted
C:\WINDOWS\temp\win46.tmp - deleted
C:\WINDOWS\temp\win460.tmp - deleted
C:\WINDOWS\temp\win461.tmp - deleted
C:\WINDOWS\temp\win462.tmp - deleted
C:\WINDOWS\temp\win463.tmp - deleted
C:\WINDOWS\temp\win464.tmp - deleted
C:\WINDOWS\temp\win465.tmp - deleted
C:\WINDOWS\temp\win466.tmp - deleted
C:\WINDOWS\temp\win467.tmp - deleted
C:\WINDOWS\temp\win468.tmp - deleted
C:\WINDOWS\temp\win469.tmp - deleted
C:\WINDOWS\temp\win46A.tmp - deleted
C:\WINDOWS\temp\win46B.tmp - deleted
C:\WINDOWS\temp\win46C.tmp - deleted
C:\WINDOWS\temp\win46D.tmp - deleted
C:\WINDOWS\temp\win46E.tmp - deleted
C:\WINDOWS\temp\win46F.tmp - deleted
C:\WINDOWS\temp\win47.tmp - deleted
C:\WINDOWS\temp\win470.tmp - deleted
C:\WINDOWS\temp\win471.tmp - deleted
C:\WINDOWS\temp\win472.tmp - deleted
C:\WINDOWS\temp\win473.tmp - deleted
C:\WINDOWS\temp\win474.tmp - deleted
C:\WINDOWS\temp\win475.tmp - deleted
C:\WINDOWS\temp\win476.tmp - deleted
C:\WINDOWS\temp\win477.tmp - deleted
C:\WINDOWS\temp\win478.tmp - deleted
C:\WINDOWS\temp\win479.tmp - deleted
C:\WINDOWS\temp\win47A.tmp - deleted
C:\WINDOWS\temp\win47B.tmp - deleted
C:\WINDOWS\temp\win47C.tmp - deleted
C:\WINDOWS\temp\win47D.tmp - deleted
C:\WINDOWS\temp\win47E.tmp - deleted
C:\WINDOWS\temp\win47F.tmp - deleted
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
12 déc. 2006 à 07:08
12 déc. 2006 à 07:08
Salut
On continue
D/
E/
F/
Merci
On continue
D/
E/
F/
Merci