Cheval de troie win bancos awv
mimitsu
Messages postés
3
Statut
Membre
-
mimitsu Messages postés 3 Statut Membre -
mimitsu Messages postés 3 Statut Membre -
Bonjour,
Chers membres de ce forum je sollicite votre aide et votre bienveillance pour le problème suivant
j'ai attrapé un cheval de troie, win bancos awv.
Impossible de m'en défaire. J'ai pourtant essayé pas mal de choses, mais je suis très loin d'être un crack dans ce domaine là.
En quelque mots l'historique:
Découverte de ce trojan par Ad-Aware SE Personal, confirmé par avast...mais aucun des deux n'a pu le supprimer.
Recherche d'une solution sur différents forum. Alors j'ai désinstallé avast, pas assez performant parait il, et installé avira antivir personal. J'ai ensuite démarré mon ordinateur en mode sans échec, lancé un scan complet, puis supprimé tous les fichiers à problème. en revenant en mode normal j'ai lancé high jack this (dont je poste en copier coller le rapport), puis fait tourner le scan antivir afin de voir s'il ne restait rien. Antivir ne trouve rien, en revanche ad ware trouve toujours ce trojan...
J'ai l'impression que ce virus se manifeste en ralentissant considérablement l'ordinateur...qui rame...qui rame...enfin...
Voilà, je suis perdu, et ne sais plus comment faire.
Les forums que j'ai consultés dataient de quelques années, ce n'est peut être plus la bonne marche a suivre...
Je vous suis très, très très reconnaissant d'avance de l'attention et de l'aide que vous m'apporterez...
Logfile of HijackThis v1.99.1
Scan saved at 18:16:05, on 18/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\Logiciels\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portail%20orange/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
Chers membres de ce forum je sollicite votre aide et votre bienveillance pour le problème suivant
j'ai attrapé un cheval de troie, win bancos awv.
Impossible de m'en défaire. J'ai pourtant essayé pas mal de choses, mais je suis très loin d'être un crack dans ce domaine là.
En quelque mots l'historique:
Découverte de ce trojan par Ad-Aware SE Personal, confirmé par avast...mais aucun des deux n'a pu le supprimer.
Recherche d'une solution sur différents forum. Alors j'ai désinstallé avast, pas assez performant parait il, et installé avira antivir personal. J'ai ensuite démarré mon ordinateur en mode sans échec, lancé un scan complet, puis supprimé tous les fichiers à problème. en revenant en mode normal j'ai lancé high jack this (dont je poste en copier coller le rapport), puis fait tourner le scan antivir afin de voir s'il ne restait rien. Antivir ne trouve rien, en revanche ad ware trouve toujours ce trojan...
J'ai l'impression que ce virus se manifeste en ralentissant considérablement l'ordinateur...qui rame...qui rame...enfin...
Voilà, je suis perdu, et ne sais plus comment faire.
Les forums que j'ai consultés dataient de quelques années, ce n'est peut être plus la bonne marche a suivre...
Je vous suis très, très très reconnaissant d'avance de l'attention et de l'aide que vous m'apporterez...
Logfile of HijackThis v1.99.1
Scan saved at 18:16:05, on 18/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\Logiciels\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portail%20orange/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
A voir également:
- Cheval de troie win bancos awv
- Win rar - Télécharger - Compression & Décompression
- Win dir stat - Télécharger - Gestion de fichiers
- Win zip - Télécharger - Compression & Décompression
- Cle win 8.1 - Guide
- Win movie maker - Télécharger - Montage & Édition
1 réponse
bonsoir mimitsu
pour antivir tu peut le garder c'est un tres bon antivirus pour ton canasson (cheval) tu va aller faire un scan en ligne avec f.secure il fait les trojan ainsi que les malawa et bien d'autre cochonerie ensuite normalement ad adware te donne un chemin a suivre sur l'emplacement de ton cheval il te faut le mettre en quarantaine cela va le bloquer et empecher de nuire mais fait le scan en ligne en premier lieux est tu fait scan perso la tu y met tout tes disc loco ainsi que tout tes fichier tu lance le scan ensuite tu desinfecte out et tu enregistre le rapport et tu relance la meme procedure afin d'etre sur qu'il n'y est plus rienune fois fini par mesure de securiter tu peut relancer ad adware pour te tranquilliser.
Une fois que tu aura fait sa tu refais un scan avec antivir je t'envoie une adresse pour bien le cofigurer http://speedweb1.free.fr/frames2.php?page=tuto5
voila apres tout sa tu renvoie un nouveau rapport hijackthis et tu le post sur le forum bon courage a+
pour antivir tu peut le garder c'est un tres bon antivirus pour ton canasson (cheval) tu va aller faire un scan en ligne avec f.secure il fait les trojan ainsi que les malawa et bien d'autre cochonerie ensuite normalement ad adware te donne un chemin a suivre sur l'emplacement de ton cheval il te faut le mettre en quarantaine cela va le bloquer et empecher de nuire mais fait le scan en ligne en premier lieux est tu fait scan perso la tu y met tout tes disc loco ainsi que tout tes fichier tu lance le scan ensuite tu desinfecte out et tu enregistre le rapport et tu relance la meme procedure afin d'etre sur qu'il n'y est plus rienune fois fini par mesure de securiter tu peut relancer ad adware pour te tranquilliser.
Une fois que tu aura fait sa tu refais un scan avec antivir je t'envoie une adresse pour bien le cofigurer http://speedweb1.free.fr/frames2.php?page=tuto5
voila apres tout sa tu renvoie un nouveau rapport hijackthis et tu le post sur le forum bon courage a+
merci pour ton message. Désolé je ne l'ai pas vu hier soir, et du coup je n'ai commencé qu'en fin de matinée a faire tout ce que tu m'as dit de faire.
Alors j'ai fait un scan en ligne avec Fsecure, qui curieusement ne trouve rien, aucun cheval de troie, mais qui d'un autre côté n'a pas scanné 25 fichiers...je ne sais pour quelles raisons. Quoi qu'il en soit je t'envoie le rapport de Fsesucre, ainsi que le nouveau rapport de Hijqck this que je viens de refaire.
En revanche adware trouve toujours ce cheval de troie, antivir aussi...merci pour la configuration...
Donc les 2 me le trouve, mais impossible de m'en débarasser...
Que dois-je faire?
Merci d'avance...
Voici le rapport de Fsecure
Scanning Report
Saturday, April 19, 2008 10:46:39 - 11:58:33
Computer name: MARIE-PAULE
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\ G:\
Result: 0 malware found
Statistics
Scanned:
* Files: 67511
* System: 3425
* Not scanned: 25
Actions:
* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0
Files not scanned:
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\3D6RW40P\);
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\N
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\S
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\�
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\O
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\S
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\N
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\S
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\S
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\I
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\&
* F:\DOCUMENTS AND SETTINGS\MARIE-PAULE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\JNP3VH62\
Options
Scanning engines:
* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-04-18
* F-Secure AVP: 7.0.171, 2008-04-18
* F-Secure Pegasus: 1.20.0, 2008-02-28
* F-Secure Blacklight: 1.0.64
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics
et voici le rapport de highjackthis:
Logfile of HijackThis v1.99.1
Scan saved at 15:17:57, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Program Files\hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portail%20orange/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
merciiiiiiiiiiiii
bon pour f.secure c'est bon les fichiers non scaner sont des fichier temporaie il te faut tout vider ensuite je te donne une adress pour refaire un nouveau netoyage :http://forum.zebulon.fr/pre-nettoyage-d-un-pc-infecte-t83986.htlm
bon on vas voir en passant par la c'est une procedur de netoyage plus complete tu y suis la procedure .
apres tu va refaire un scan avec antivir si il trouve toujours quelqu chose c'est que le fichier contenant le trojans n'est pas effacer ce qui explique qu'il reviend tout le temps et la il te faut regarder ou il se trouve voila si tu peut me poster le rapport d'antivir avant merci
Alors miracle ou pas, sans avoir rien fait de plus, ce cheval de troie a apparement disparu... C'est incompréhensible. Alors soit il se cache bien, soit ben l'informatique a décidément des voies impénétrables au commun des mortels. Je t'envoie ci-joint les rapports de antivir, et de adware...si tu veux je peux te réenvoyer un rapport de highjack this.
Bon adware trouve encore 9 fichiers suspects ou infectés, mais ce n'est pas la cause du "canasson"...on dirait...
Dis moi ce que tu en penses
Sinon le lien que tu me donnes pour nettoyer le PC ne marche pas, on me 404 not found... Si dès fois tu as un autre lien qui marcherait et que tu voudrais bien me l'envoyer, ce serait génial...
Merciiii beaucoup de ton aide et de ton temps
voici le rapport de antivir :
Avira AntiVir Personal
Report file date: samedi 19 avril 2008 15:12
Scanning for 1218459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Administrateur
Computer name: MARIE-PAULE
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 11:33:46
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 11:35:14
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 19/04/2008 11:40:53
AESCN.DLL : 8.1.0.14 119156 Bytes 19/04/2008 11:40:35
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 19/04/2008 11:40:19
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 11:39:35
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 19/04/2008 11:39:06
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 11:36:39
AEGEN.DLL : 8.1.0.17 299380 Bytes 19/04/2008 11:36:23
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 19/04/2008 11:35:40
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi 19 avril 2008 15:12
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'fssm32.exe' - '1' Module(s) have been scanned
Scan process 'fsgk32.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'uTorrent.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'pando.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING]
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\78lvidqf.default\Mail\pop.wanadoo.fr\Inbox
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[Message-ID: <45B16C1F.8030102@gleeds.sk>][From: marvelous <hqjbcn@gleeds.sk>][Subject: Chinese missile shot down Russian satellite]332.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> Full Story.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
--> Mailbox_[Message-ID: <45B17893.5010906@mediawhiz.com>][From: Estes Y.Frida <gjauo@mediawhiz.com>][Subject: Chinese missile shot down Russian satellite]340.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> Full Clip.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
--> Mailbox_[Message-ID: <45B28D3A.2050601@ravarino.it>][From: Gladys <dtknq@ravarino.it>][Subject: Chinese missile shot down USA satellite]380.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> Full News.exe
[DETECTION] Is the Trojan horse TR/Small.DBY.G
--> Mailbox_[Message-ID: <45B38D62.4050601@buell.rsc03.com>][From: Blanch Eaton <lluobs@buell.rsc03.com>][Subject: I'll Be Your Man]402.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> postcard.exe
[DETECTION] Is the Trojan horse TR/Small.DBY.I
--> Mailbox_[Message-ID: <45C3B862.9000800@ananey.com>][From: Olive X.Romero <mbpfza@ananey.com>][Subject: Puppy Love]1150.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> Greeting Postcard.exe
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
--> Mailbox_[Message-ID: <45C8B1C7.3010709@clubehotelap-algarve.com>][From: Agnes Q.Hendrix <nig@clubehotelap-algarve.com>][Subject: A Sweet Love]1386.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> greeting postcard.exe
[DETECTION] Is the Trojan horse TR/Small.DBY.AA.2
--> Mailbox_[From: "PayPal" <support@paypal.com>][Message-ID: <938180601.20070222155453@paypal.com>][Subject: Update Your Account]2290.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Paypalfraud.2
--> Mailbox_[From: "PayPal" <support@paypal.com>][Message-ID: <938180601.20070222155453@paypal.com>][Subject: Update Your Account]2290.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Paypalfraud.2
--> Mailbox_[From: "Fifth Third Bank" <customers130940520138ver@se][Subject: Confirm Your Information! [Mon, 26 Feb 2007 00:][Message-ID: <20070226053547.439634C00083@mwinf1406.orange.f]2490.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.4
--> Mailbox_[From: "Fifth Third Bank" <customers130940520138ver@se][Subject: Confirm Your Information! [Mon, 26 Feb 2007 00:][Message-ID: <20070226053547.439634C00083@mwinf1406.orange.f]2490.mim
[1] Archive type: MIME
--> file0.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.4
--> file0.mim
[2] Archive type: MIME
--> file0.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.4
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpn7dyp.default\Cache\_CACHE_003_
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[WARNING] The file could not be deleted!
Begin scan in 'F:\' <MARIE-PAULE>
F:\Documents and Settings\Marie-Paule\Application Data\Mozilla\Profiles\default\kwa4rd2e.slt\Mail\pop.wanadoo-2.fr\Inbox
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[From: "Mpaule.burtscher" <mpaule.burtscher@wanadoo.fr][Subject: ][Message-ID: <qlwjgqffpuvbuqgrypl@wanadoo.fr>]214.mim
[1] Archive type: MIME
--> Health_and_knowledge.zip
[2] Archive type: ZIP
--> 1.exe
[DETECTION] Is the Trojan horse TR/Bagle.DS
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
F:\Documents and Settings\Marie-Paule\Application Data\Mozilla\Profiles\default\kwa4rd2e.slt\Mail\pop.wanadoo-2.fr\Trash
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[From: "Mpaule.burtscher" <mpaule.burtscher@wanadoo.fr][Subject: ][Message-ID: <qlwjgqffpuvbuqgrypl@wanadoo.fr>]168.mim
[1] Archive type: MIME
--> Health_and_knowledge.zip
[2] Archive type: ZIP
--> 1.exe
[DETECTION] Is the Trojan horse TR/Bagle.DS
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
F:\Documents and Settings\Marie-Paule\Application Data\Mozilla\Profiles\default\kwa4rd2e.slt\Mail\pop.wanadoo-4.fr\Inbox
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[From: "FIFTH THIRD bank" <custsupport_4807.cust@53.co][Subject: OfficiaI Information For Fifth Third Bank CIien][Message-ID: <20060801122609.54BD5C000083@mwinf1312.orange.f]310.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.O
--> Mailbox_[From: "FIFTH THIRD bank" <custsupport_4807.cust@53.co][Subject: OfficiaI Information For Fifth Third Bank CIien][Message-ID: <20060801122609.54BD5C000083@mwinf1312.orange.f]310.mim
[1] Archive type: MIME
--> file0.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.O
--> file0.mim
[2] Archive type: MIME
--> file0.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.O
--> file0.mim
[3] Archive type: MIME
--> file1.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.G
--> Mailbox_[From: "ISRAELI BROKERAGE services" <Stern758@168city.][Subject: Work With Us. Earn More.][Message-ID: <20061006164052.BCBF35C000AF@mwinf1914.orange.f]1874.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.3
--> Mailbox_[From: "ISRAELI BROKERAGE services" <Stern758@168city.][Subject: Work With Us. Earn More.][Message-ID: <20061006164052.BCBF35C000AF@mwinf1914.orange.f]1874.mim
[1] Archive type: MIME
--> file0.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.3
--> file0.mim
[2] Archive type: MIME
--> file0.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.3
--> Mailbox_[From: "Israeli Brokerage services Ltd" <Grant.Randall][Subject: good offer for those who are looking for a part][Message-ID: <20061022081709.6B2EB3C04BAC@mwinf2024.orange.f]2428.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.3
--> Mailbox_[From: "Israeli Brokerage services Ltd" <Grant.Randall][Subject: good offer for those who are looking for a part][Message-ID: <20061022081709.6B2EB3C04BAC@mwinf2024.orange.f]2428.mim
[1] Archive type: MIME
--> file0.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.3
--> file0.mim
[2] Archive type: MIME
--> file0.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.3
--> Mailbox_[From: "Athens Financial Group" <aucizhxplfwpz@norika-][Subject: join us, earn extra money with us and be prospe][Message-ID: <20061121055242.9307F2400086@mwinf1201.orange.f]3912.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/AfglmFraud.3
--> Mailbox_[From: "Athens Financial Group" <aucizhxplfwpz@norika-][Subject: join us, earn extra money with us and be prospe][Message-ID: <20061121055242.9307F2400086@mwinf1201.orange.f]3912.mim
[1] Archive type: MIME
--> file0.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/AfglmFraud.3
--> file0.mim
[2] Archive type: MIME
--> file0.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/AfglmFraud.3
--> Mailbox_[From: "Athens Financial Group" <bvkbomxemtuo@punkass.][Subject: Best Job Offer Don't Miss Your Chance! :Tue, ][Message-ID: <20061121144829.B44522400051@mwinf1807.orange.f]3934.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/AfglmFraud.1
--> Mailbox_[From: "Athens Financial Group" <bvkbomxemtuo@punkass.][Subject: Best Job Offer Don't Miss Your Chance! :Tue, ][Message-ID: <20061121144829.B44522400051@mwinf1807.orange.f]3934.mim
[1] Archive type: MIME
--> file0.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/AfglmFraud.1
--> file0.mim
[2] Archive type: MIME
--> file0.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/AfglmFraud.1
--> Mailbox_[From: Fifth Third Bank <custservice_ref_78123@53.com>][Message-ID: <77227400.20061210171128@53.com>][Subject: 0fficial information.]5770.mim
[DETECTION] Contains suspicious code HEUR/HTML.Malware
--> Mailbox_[From: Fifth Third Bank <custservice_ref_78123@53.com>][Message-ID: <77227400.20061210171128@53.com>][Subject: 0fficial information.]5770.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains suspicious code HEUR/HTML.Malware
--> Mailbox_[Message-ID: <459488C2.1090703@via-sol.com.ar>][From: Doris O.Duke <esrlzz@via-sol.com.ar>][Subject: Happy New Year!]7346.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> postcard.exe
[DETECTION] Is the Trojan horse TR/Dldr.Tibs.jy
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
F:\Documents and Settings\Marie-Paule\Application Data\Mozilla\Profiles\default\kwa4rd2e.slt\Mail\pop.wanadoo-5.fr\Inbox
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[Message-ID: <45B16C1F.8030102@gleeds.sk>][From: marvelous <hqjbcn@gleeds.sk>][Subject: Chinese missile shot down Russian satellite]332.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> Full Story.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
--> Mailbox_[Message-ID: <45B17893.5010906@mediawhiz.com>][From: Estes Y.Frida <gjauo@mediawhiz.com>][Subject: Chinese missile shot down Russian satellite]340.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> Full Clip.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
--> Mailbox_[Message-ID: <45B28D3A.2050601@ravarino.it>][From: Gladys <dtknq@ravarino.it>][Subject: Chinese missile shot down USA satellite]380.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> Full News.exe
[DETECTION] Is the Trojan horse TR/Small.DBY.G
--> Mailbox_[Message-ID: <45B38D62.4050601@buell.rsc03.com>][From: Blanch Eaton <lluobs@buell.rsc03.com>][Subject: I'll Be Your Man]402.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> postcard.exe
[DETECTION] Is the Trojan horse TR/Small.DBY.I
--> Mailbox_[Message-ID: <45C3B862.9000800@ananey.com>][From: Olive X.Romero <mbpfza@ananey.com>][Subject: Puppy Love]1150.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> Greeting Postcard.exe
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
--> Mailbox_[Message-ID: <45C8B1C7.3010709@clubehotelap-algarve.com>][From: Agnes Q.Hendrix <nig@clubehotelap-algarve.com>][Subject: A Sweet Love]1386.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> greeting postcard.exe
[DETECTION] Is the Trojan horse TR/Small.DBY.AA.2
--> Mailbox_[From: "PayPal" <support@paypal.com>][Message-ID: <938180601.20070222155453@paypal.com>][Subject: Update Your Account]2290.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Paypalfraud.2
--> Mailbox_[From: "PayPal" <support@paypal.com>][Message-ID: <938180601.20070222155453@paypal.com>][Subject: Update Your Account]2290.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Paypalfraud.2
--> Mailbox_[From: "Fifth Third Bank" <customers130940520138ver@se][Subject: Confirm Your Information! [Mon, 26 Feb 2007 00:][Message-ID: <20070226053547.439634C00083@mwinf1406.orange.f]2490.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.4
--> Mailbox_[From: "Fifth Third Bank" <customers130940520138ver@se][Subject: Confirm Your Information! [Mon, 26 Feb 2007 00:][Message-ID: <20070226053547.439634C00083@mwinf1406.orange.f]2490.mim
[1] Archive type: MIME
--> file0.mim
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.4
--> file0.mim
[2] Archive type: MIME
--> file0.html
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/53bkfraud.4
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
Begin scan in 'G:\' <SAUVEGARDE>
End of the scan: samedi 19 avril 2008 16:56
Used time: 1:44:26 min
The scan has been done completely.
10904 Scanning directories
589067 Files were scanned
42 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
589025 Files not concerned
34784 Archives were scanned
8 Warnings
0 Notes
voici maintenant le rapport de adware:
Ad-Aware SE Build 1.06r1
Logfile Created on:samedi 19 avril 2008 17:11:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R238 14.04.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
19-04-2008 17:11:08 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrateur\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-2052111302-343818398-682003330-500\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 640
ThreadCreationTime : 18-04-2008 19:59:03
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 18-04-2008 19:59:29
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 18-04-2008 19:59:31
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 768
ThreadCreationTime : 18-04-2008 19:59:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 18-04-2008 19:59:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 18-04-2008 19:59:32
BasePriority : Normal
FileVersion : 6.14.10.4158
ProductVersion : 6.14.10.4158
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 964
ThreadCreationTime : 18-04-2008 19:59:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 18-04-2008 19:59:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1156
ThreadCreationTime : 18-04-2008 19:59:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1280
ThreadCreationTime : 18-04-2008 19:59:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1356
ThreadCreationTime : 18-04-2008 19:59:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 18-04-2008 19:59:33
BasePriority : Normal
FileVersion : 6.14.10.4158
ProductVersion : 6.14.10.4158
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1560
ThreadCreationTime : 18-04-2008 19:59:34
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [lvprcsrv.exe]
FilePath : C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\
ProcessID : 1612
ThreadCreationTime : 18-04-2008 19:59:34
BasePriority : Normal
FileVersion : 11.5.0.1158
ProductVersion : 11.5.0.1158
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Logitech LVPrcSrv Module.
InternalName : LVPrcSrv.exe
LegalCopyright : (c) 1996-2007 Logitech. All rights reserved.
OriginalFilename : LVPrcSrv.exe
#:15 [sched.exe]
FilePath : C:\Program Files\Avira\AntiVir PersonalEdition Classic\
ProcessID : 1736
ThreadCreationTime : 18-04-2008 19:59:34
BasePriority : Normal
FileVersion : 8.00.00.12
ProductVersion : 8.00.00.12
ProductName : AntiVir Workstation
CompanyName : Avira GmbH
FileDescription : Antivirus Scheduler
InternalName : avschd
LegalCopyright : Copyright © 2008 Avira GmbH. All rights reserved.
LegalTrademarks : AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename : sched.exe
#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 172
ThreadCreationTime : 18-04-2008 19:59:38
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:17 [rthdcpl.exe]
FilePath : C:\WINDOWS\
ProcessID : 388
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
FileVersion : 2.1.2.0
ProductVersion : 2.1.2.0
ProductName : Realtek HD Audio Sound Effect Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek HD Audio Control Panel
LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
OriginalFilename : RTHDCPL.EXE
#:18 [apdproxy.exe]
FilePath : C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\
ProcessID : 440
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
#:19 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_05\bin\
ProcessID : 460
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
#:20 [communications_helper.exe]
FilePath : C:\Program Files\Fichiers communs\LogiShrd\LComMgr\
ProcessID : 468
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
#:21 [quickcam.exe]
FilePath : C:\Program Files\Logitech\QuickCam\
ProcessID : 484
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
#:22 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\
ProcessID : 528
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
FileVersion : 2, 0, 301, 1654
ProductVersion : 2, 0, 301, 1654
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2007
OriginalFilename : GoogleToolbarNotifier.exe
#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:24 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 552
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:25 [pando.exe]
FilePath : C:\Program Files\Pando Networks\Pando\
ProcessID : 560
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
FileVersion : 1,9,5,1
ProductVersion : 1,9,5,1
ProductName : pando
CompanyName : Pando Networks
FileDescription : pando
InternalName : pando
LegalCopyright : Copyright Pando Networks 2005, 2006, 2007
LegalTrademarks : Pando Networks
OriginalFilename : pando.exe
Comments : https://pando.com/
#:26 [wlanutl.exe]
FilePath : C:\Program Files\SAGEM Wi-Fi USB 802.11g\
ProcessID : 416
ThreadCreationTime : 18-04-2008 19:59:40
BasePriority : Normal
FileVersion : 2, 0, 13, 0
ProductVersion : 2, 0, 13, 0
ProductName : Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g
FileDescription : Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g
InternalName : WLANUTL
LegalCopyright : Copyright (c) 2004, Inc
OriginalFilename : WLANUTL.EXE
#:27 [avguard.exe]
FilePath : C:\Program Files\Avira\AntiVir PersonalEdition Classic\
ProcessID : 1220
ThreadCreationTime : 18-04-2008 19:59:44
BasePriority : Normal
FileVersion : 8.00.01.15
ProductVersion : 8.00.00.00
ProductName : AntiVir Workstation
CompanyName : Avira GmbH
FileDescription : Antivirus On-Access Service
InternalName : AVGuard
LegalCopyright : Copyright © 2008 Avira GmbH. All rights reserved.
LegalTrademarks : AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename : avguard.exe
#:28 [lvcomser.exe]
FilePath : C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\
ProcessID : 1308
ThreadCreationTime : 18-04-2008 19:59:44
BasePriority : Normal
FileVersion : 1.0.5.1158
ProductVersion : 1.0.5.1158
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Logitech Video COM Service
InternalName : LVComSer.exe
LegalCopyright : (c) 1996-2007 Logitech. All rights reserved.
OriginalFilename : LVComSer.exe
#:29 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1836
ThreadCreationTime : 18-04-2008 19:59:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:30 [lvcomser.exe]
FilePath : C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\
ProcessID : 2456
ThreadCreationTime : 18-04-2008 19:59:54
BasePriority : Normal
FileVersion : 1.0.5.1158
ProductVersion : 1.0.5.1158
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Logitech Video COM Service
InternalName : LVComSer.exe
LegalCopyright : (c) 1996-2007 Logitech. All rights reserved.
OriginalFilename : LVComSer.exe
#:31 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2980
ThreadCreationTime : 18-04-2008 19:59:57
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:32 [cocimanager.exe]
FilePath : C:\Program Files\Fichiers communs\Logishrd\LQCVFX\
ProcessID : 3516
ThreadCreationTime : 18-04-2008 20:00:00
BasePriority : Normal
FileVersion : 11.5.0.1169
ProductVersion : 11.5.0.1169
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Camera Control Interface
InternalName : COCIManager.exe
LegalCopyright : (c) 1996-2008 Logitech. All rights reserved.
OriginalFilename : COCIManager.exe
#:33 [usnsvc.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3944
ThreadCreationTime : 18-04-2008 20:00:50
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Sharing USN Journal Reader Service
InternalName : usnsvc.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : usnsvc.exe
#:34 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3960
ThreadCreationTime : 18-04-2008 20:00:50
BasePriority : Normal
#:35 [utorrent.exe]
FilePath : C:\Program Files\uTorrent\
ProcessID : 1668
ThreadCreationTime : 18-04-2008 20:22:26
BasePriority : Normal
#:36 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2384
ThreadCreationTime : 18-04-2008 23:40:12
BasePriority : Normal
#:37 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 520
ThreadCreationTime : 19-04-2008 08:14:23
BasePriority : Normal
FileVersion : 7.00.6000.16574 (vista_gdr.071008-1500)
ProductVersion : 7.00.6000.16574
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:38 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 2312
ThreadCreationTime : 19-04-2008 08:42:44
BasePriority : Normal
FileVersion : 3.6.0.248
ProductVersion : 3.6
ProductName : Skype
CompanyName : Skype Technologies S.A.
FileDescription : Skype. Take a deep breath
InternalName : Skype.exe
LegalCopyright : (c) Skype Technologies S.A.
OriginalFilename : Skype.exe
#:39 [skypepm.exe]
FilePath : C:\Program Files\Skype\Plugin Manager\
ProcessID : 3720
ThreadCreationTime : 19-04-2008 08:46:02
BasePriority : Normal
FileVersion : 1.5.0.32
ProductVersion : 1.0.0.0
CompanyName : Skype Technologies
FileDescription : Skype Extras Manager
LegalCopyright : Skype Limited
#:40 [avgnt.exe]
FilePath : C:\Program Files\Avira\AntiVir PersonalEdition Classic\
ProcessID : 4232
ThreadCreationTime : 19-04-2008 11:41:16
BasePriority : Normal
FileVersion : 8.00.00.07
ProductVersion : 8.00.00.07
ProductName : AntiVir Workstation
CompanyName : Avira GmbH
FileDescription : Antivirus System Tray Tool
InternalName : avsystray.exe
LegalCopyright : Copyright © 2008 Avira GmbH. All rights reserved.
LegalTrademarks : AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename : avgnt.exe
#:41 [avscan.exe]
FilePath : c:\program files\avira\antivir personaledition classic\
ProcessID : 2480
ThreadCreationTime : 19-04-2008 13:12:26
BasePriority : Normal
FileVersion : 8.01.02.12
ProductVersion : 8.01.02.12
ProductName : AntiVir Workstation
CompanyName : Avira GmbH
FileDescription : Workstation On-Demand Scanner
InternalName : avscan
LegalCopyright : Copyright © 2008 Avira GmbH. All rights reserved.
LegalTrademarks : AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename : avscan.exe
#:42 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 5608
ThreadCreationTime : 19-04-2008 14:57:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Bloc-notes
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : NOTEPAD.EXE
#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 6124
ThreadCreationTime : 19-04-2008 15:10:50
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@bs.serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@bs.serving-sys.com/
Expires : 01-01-2038
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:administrateur@serving-sys.com/
Expires : 01-01-2038
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@adbrite[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrateur@adbrite.com/
Expires : 19-04-2009 15:31:04
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@media.adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@media.adrevolver.com/adrevolver/
Expires : 19-04-2009 15:22:18
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@adrevolver.com/
Expires : 19-04-2009 15:22:18
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@atdmt.com/
Expires : 19-04-2010 02:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@ad.yieldmanager[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:administrateur@ad.yieldmanager.com/
Expires : 19-04-2010 15:31:04
LastSync : Hits:11
UseCount : 0
Hits : 11
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@media.adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrateur@media.adrevolver.com/
Expires : 19-01-2013 19:08:46
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrateur@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrateur@weborama.fr/
Expires : 19-04-2010 15:26:30
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 23
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 23
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
17:35:38 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:24:30.562
Objects scanned:257432
Objects identified:9
Objects ignored:0
New critical objects:9