Comment enlever alc.exe et décryptage rapport HijackThis
Dernière réponse : dans Sécurité
Bonjour,
je n'arrive pas à me débarasser d'un backdoor dont le nom de l'exécutable est alc.exe. J'ai fait un scan HijackThis mais étant novice en la matière, je vous colle ci-dessous le rapport et sollicite votre aide pour me débarasser de tout virus.
Merci par avance,
Gasyfix.
Logfile of HijackThis v1.99.1
Scan saved at 19:17:52, on 09/02/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\bea\tuxedo8.1\bin\tuxipc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\bea\tuxedo8.1\bin\slisten.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\loadqm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINNT\system32\winamp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rajaona Razakandisa\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rxfmhdhxzjc.info/kTbFygpUbhWvyolWJbQ8UlwCSc0...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\31.bin\IMESHBAR.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E57755AC-A349-47FB-9926-4903D5EED4A0} - C:\WINNT\system32\msxml32.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\31.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windowsz] rwnt.exe
O4 - HKLM\..\Run: [ModeDashClockBold] C:\Documents and Settings\All Users\Application Data\ref global mode dash\Math Admin.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINNT\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINNT\system32\syshost.exe
O4 - HKLM\..\Run: [NeroFil] NeroFil.EXE
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\system32\spooIsv.exe
O4 - HKLM\..\Run: [Msn Update SUPPORT] MSGUPDATER.EXE
O4 - HKLM\..\Run: [Winamp Agent] C:\WINNT\system32\winamp.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\RunServices: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKLM\..\RunServices: [NeroFil] NeroFil.EXE
O4 - HKLM\..\RunServices: [Msn Update SUPPORT] MSGUPDATER.EXE
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Trans Boob] C:\DOCUME~1\RAJAON~1\APPLIC~1\MFCDCA~1\Data Idle Does.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27c1304ce0c278f4fb19/netzip...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regul...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hb...
O16 - DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} (AdValiderInterface Class) - http://www.journal-officiel.gouv.fr/verifier/AdValiderW...
O18 - Protocol: ActLink - {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - C:\Program Files\Ciel Gestion de Contacts\actlink.dll
O23 - Service: BEA ProcMGR V8.1 - Unknown owner - C:\bea\tuxedo8.1\bin\tuxipc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINNT\system32\netddesrv.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINNT\system32\spoolsv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TListen 8.1 (Port: 3050) (TUXEDO 8.1 Listener on Port 3050) - Unknown owner - C:\bea\tuxedo8.1\bin\slisten.exe
O23 - Service: WinCon (wincon net driver) (WinCon) - Unknown owner - C:\WINNT\system32\wincon.exe
je n'arrive pas à me débarasser d'un backdoor dont le nom de l'exécutable est alc.exe. J'ai fait un scan HijackThis mais étant novice en la matière, je vous colle ci-dessous le rapport et sollicite votre aide pour me débarasser de tout virus.
Merci par avance,
Gasyfix.
Logfile of HijackThis v1.99.1
Scan saved at 19:17:52, on 09/02/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\bea\tuxedo8.1\bin\tuxipc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\bea\tuxedo8.1\bin\slisten.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\loadqm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINNT\system32\winamp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rajaona Razakandisa\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rxfmhdhxzjc.info/kTbFygpUbhWvyolWJbQ8UlwCSc0...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\31.bin\IMESHBAR.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E57755AC-A349-47FB-9926-4903D5EED4A0} - C:\WINNT\system32\msxml32.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\31.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windowsz] rwnt.exe
O4 - HKLM\..\Run: [ModeDashClockBold] C:\Documents and Settings\All Users\Application Data\ref global mode dash\Math Admin.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINNT\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINNT\system32\syshost.exe
O4 - HKLM\..\Run: [NeroFil] NeroFil.EXE
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\system32\spooIsv.exe
O4 - HKLM\..\Run: [Msn Update SUPPORT] MSGUPDATER.EXE
O4 - HKLM\..\Run: [Winamp Agent] C:\WINNT\system32\winamp.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\RunServices: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKLM\..\RunServices: [NeroFil] NeroFil.EXE
O4 - HKLM\..\RunServices: [Msn Update SUPPORT] MSGUPDATER.EXE
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Trans Boob] C:\DOCUME~1\RAJAON~1\APPLIC~1\MFCDCA~1\Data Idle Does.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27c1304ce0c278f4fb19/netzip...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regul...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hb...
O16 - DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} (AdValiderInterface Class) - http://www.journal-officiel.gouv.fr/verifier/AdValiderW...
O18 - Protocol: ActLink - {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - C:\Program Files\Ciel Gestion de Contacts\actlink.dll
O23 - Service: BEA ProcMGR V8.1 - Unknown owner - C:\bea\tuxedo8.1\bin\tuxipc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINNT\system32\netddesrv.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINNT\system32\spoolsv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TListen 8.1 (Port: 3050) (TUXEDO 8.1 Listener on Port 3050) - Unknown owner - C:\bea\tuxedo8.1\bin\slisten.exe
O23 - Service: WinCon (wincon net driver) (WinCon) - Unknown owner - C:\WINNT\system32\wincon.exe
Autres pages sur : enlever alc exe decryptage rapport hijackthis
Lassé par la pub ? Créez un compte
bonsoir et bienvenue sur IDN ! :-D
mets à jour windows sur le site de windows update !
refais un scan hijackthis coche et fix ces lignes :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rxfmhdhxzjc.info/kTbFygpUbhWvyolWJbQ8UlwCSc0... RZ6WKWB7IX6/.html
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\31.bin\IMESHBAR.DLL
O2 - BHO: (no name) - {E57755AC-A349-47FB-9926-4903D5EED4A0} - C:\WINNT\system32\msxml32.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\31.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Windowsz] rwnt.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINNT\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINNT\system32\syshost.exe
O4 - HKLM\..\Run: [NeroFil] NeroFil.EXE
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\system32\spooIsv.exe
O4 - HKLM\..\Run: [Msn Update SUPPORT] MSGUPDATER.EXE
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\RunServices: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKLM\..\RunServices: [NeroFil] NeroFil.EXE
O4 - HKLM\..\RunServices: [Msn Update SUPPORT] MSGUPDATER.EXE
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Trans Boob] C:\DOCUME~1\RAJAON~1\APPLIC~1\MFCDCA~1\Data Idle Does.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regul...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hb...
ferme hijackthis
désinstalle ceux la via ajout/suppr de programmes :
Media Access
iMeshBar
supprime ces dossiers :
C:\Program Files\Media Access
C:\Program Files\iMeshBar
vide ta corbeille !
-Télécharge LSPfix -> http://www.downloads.subratam.org/lspfix.zip
Déconnecte toi d'internet.
Démarre LSPFix
Coche 'I know what I'm doing'
Clique sur 'Finish'.
redémarre ton pc
fais un scan panda en ligne :
ici
et post moi le rapport de ce scan ici une fois terminé !
A+ :-D
mets à jour windows sur le site de windows update !
refais un scan hijackthis coche et fix ces lignes :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rxfmhdhxzjc.info/kTbFygpUbhWvyolWJbQ8UlwCSc0... RZ6WKWB7IX6/.html
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\31.bin\IMESHBAR.DLL
O2 - BHO: (no name) - {E57755AC-A349-47FB-9926-4903D5EED4A0} - C:\WINNT\system32\msxml32.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\31.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Windowsz] rwnt.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINNT\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINNT\system32\syshost.exe
O4 - HKLM\..\Run: [NeroFil] NeroFil.EXE
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\system32\spooIsv.exe
O4 - HKLM\..\Run: [Msn Update SUPPORT] MSGUPDATER.EXE
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\RunServices: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKLM\..\RunServices: [NeroFil] NeroFil.EXE
O4 - HKLM\..\RunServices: [Msn Update SUPPORT] MSGUPDATER.EXE
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Trans Boob] C:\DOCUME~1\RAJAON~1\APPLIC~1\MFCDCA~1\Data Idle Does.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regul...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hb...
ferme hijackthis
désinstalle ceux la via ajout/suppr de programmes :
Media Access
iMeshBar
supprime ces dossiers :
C:\Program Files\Media Access
C:\Program Files\iMeshBar
vide ta corbeille !
-Télécharge LSPfix -> http://www.downloads.subratam.org/lspfix.zip
Déconnecte toi d'internet.
Démarre LSPFix
Coche 'I know what I'm doing'
Clique sur 'Finish'.
redémarre ton pc
fais un scan panda en ligne :
ici
et post moi le rapport de ce scan ici une fois terminé !
A+ :-D
Hello Naheulbeuk,
Ci-dessous un extrait du rapport du scan panda :
Incident Statut Analyse
Adware:Adware/Lop No Désinfecté c:\docume~1\rajaon~1\applic~1\mfcdca~1\dataid~1.exe
Adware:adware/wupd No Désinfecté C:\WINNT\SYSTEM32\ide21201.vxd
Adware:adware/lop No Désinfecté C:\PROGRAM FILES\C2Media
Outil indésirable:application/myway No Désinfecté C:\PROGRAM FILES\MySearch
Spyware:spyware/new.net No Désinfecté C:\PROGRAM FILES\NewDotNet
Adware:adware/gator No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\fsg_tmp
Adware:adware/ist.istbar No Désinfecté Registre Windows
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@ad.yieldmanager[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@atdmt[2].txt
Spyware:Cookie/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@lop[1].txt
Spyware:Cookie/Mysearch No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@mysearch[1].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@weborama[2].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/24/7 Realmedia No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[statse.webtrendslive.com/dcsaw1ekr000000s9ak3rqvg5_2y7i]
Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Ccbill No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/GangbangSquad No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.gangbangsquad.com/]
Spyware:Cookie/PayCounter No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/SexList No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Hbmediapro No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.adopt.hbmediapro.com/]
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\2 Copy.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\build extra.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Dart settings.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\defydeaf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Dog jugs.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\dupe title.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\FilmMfcd.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Four cake.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Global Bits.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\htm option.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Math Admin.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Mix grey.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Proc 16.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\RectUp.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\SafeThe.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Sect mail.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\viewcdrom.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\meet iso dupe\Axis stupid.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\bqiomlxf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\Data Idle Does.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\frag kind inter plus.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\GreyGramWeb.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\nxqankwl.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\thxkhtzf.exe
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Default User\Cookies\rajaona razakandisa@xiti[1].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\aigjnkgl.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\bfdlhsmh.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\ciceblpc.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\cvmuizpf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\Data Idle Does.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\dlbutrsm.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\ervylwrw.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\frag kind inter plus.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\gpkfoiqf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\GreyGramWeb.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\hjkbjohe.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\liefcxrq.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\lleezfbs.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\mhgiemru.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\oqkzhkuf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\rnoaxnrt.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\uvqpqcox.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\wevvidxz.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\wioslupt.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\zabzbbop.exe
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[dcsaw1ekr000000s9ak3rqvg5_2y7i]
Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[]
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Bureau\backups\backup-20060207-234151-512.dll
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@ad.yieldmanager[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@atdmt[2].txt
Spyware:Cookie/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@lop[1].txt
Spyware:Cookie/Mysearch No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@mysearch[1].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@weborama[2].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\4534d2f0.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\457813d2.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\45b276b7.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\45b8a2f2.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\45b8aebb.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\45b98556.exe
Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\Cookies\rajaona razakandisa@belnk[1].txt
Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\Cookies\rajaona razakandisa@dist.belnk[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\Cookies\rajaona razakandisa@xiti[1].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\houdhexp.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\Inside Program.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\lhxzfwel.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\nxwmxqau.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\omgqbhft.exe
Et encore merci de ton aide!
Gasyfix
Ci-dessous un extrait du rapport du scan panda :
Incident Statut Analyse
Adware:Adware/Lop No Désinfecté c:\docume~1\rajaon~1\applic~1\mfcdca~1\dataid~1.exe
Adware:adware/wupd No Désinfecté C:\WINNT\SYSTEM32\ide21201.vxd
Adware:adware/lop No Désinfecté C:\PROGRAM FILES\C2Media
Outil indésirable:application/myway No Désinfecté C:\PROGRAM FILES\MySearch
Spyware:spyware/new.net No Désinfecté C:\PROGRAM FILES\NewDotNet
Adware:adware/gator No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\fsg_tmp
Adware:adware/ist.istbar No Désinfecté Registre Windows
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@ad.yieldmanager[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@atdmt[2].txt
Spyware:Cookie/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@lop[1].txt
Spyware:Cookie/Mysearch No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@mysearch[1].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@weborama[2].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/24/7 Realmedia No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[statse.webtrendslive.com/dcsaw1ekr000000s9ak3rqvg5_2y7i]
Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Ccbill No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/GangbangSquad No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.gangbangsquad.com/]
Spyware:Cookie/PayCounter No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/SexList No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Hbmediapro No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[.adopt.hbmediapro.com/]
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\2 Copy.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\build extra.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Dart settings.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\defydeaf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Dog jugs.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\dupe title.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\FilmMfcd.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Four cake.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Global Bits.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\htm option.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Math Admin.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Mix grey.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Proc 16.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\RectUp.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\SafeThe.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\Sect mail.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\ref global mode dash\viewcdrom.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\meet iso dupe\Axis stupid.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\bqiomlxf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\Data Idle Does.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\frag kind inter plus.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\GreyGramWeb.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\nxqankwl.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Default User\Application Data\MfcdCampHelp\thxkhtzf.exe
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Default User\Cookies\rajaona razakandisa@xiti[1].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\aigjnkgl.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\bfdlhsmh.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\ciceblpc.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\cvmuizpf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\Data Idle Does.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\dlbutrsm.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\ervylwrw.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\frag kind inter plus.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\gpkfoiqf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\GreyGramWeb.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\hjkbjohe.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\liefcxrq.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\lleezfbs.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\mhgiemru.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\oqkzhkuf.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\rnoaxnrt.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\uvqpqcox.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\wevvidxz.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\wioslupt.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\MfcdCampHelp\zabzbbop.exe
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[dcsaw1ekr000000s9ak3rqvg5_2y7i]
Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt[]
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Bureau\backups\backup-20060207-234151-512.dll
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@ad.yieldmanager[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@atdmt[2].txt
Spyware:Cookie/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@lop[1].txt
Spyware:Cookie/Mysearch No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@mysearch[1].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@weborama[2].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\4534d2f0.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\457813d2.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\45b276b7.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\45b8a2f2.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\45b8aebb.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\45b98556.exe
Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\Cookies\rajaona razakandisa@belnk[1].txt
Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\Cookies\rajaona razakandisa@dist.belnk[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\Cookies\rajaona razakandisa@xiti[1].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\houdhexp.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\Inside Program.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\lhxzfwel.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\nxwmxqau.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Local Settings\Temp\omgqbhft.exe
Et encore merci de ton aide!
Gasyfix
:-o
ok suis ces 3 étapes :
1) Télécharge la version d'essai d'Ewido ici :
http://www.ewido.net/fr/
et l'installer (important: pendant l'installation, sur la page "Additional Options" décocher les deux options "Install background guard" et "Install scan via context menu").
Démarrer ewido. Cliquer sur mise à jour, attendre la fin de cette mise à jour puis, fermer le programme.
Lorsque vous étes passé en mode sans échec, relancer Ewido et cliquer sur scanner puis sur scan complet du système.
Si des fichiers infectés sont trouvés, garder l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée).
A la fin du scan, Sauver le rapport (Fichier/Enregistrer sous...) et l'envoyer
2) Télécharge SpySweeper (de Webroot) de ce lien (version d'essai de 14 jours) : http://www.webroot.com/fr/products/spysweeper
Clique sur "Essayer".
Installe le programme. Une fois installé, il se lancera.
L'option de le mettre à jour s'affichera; clic Yes.
Lorsque les mises à jour seront installées, clic Options sur la gauche.
Clic sur l'onglet Sweep Options.
Sous What to Sweep, coche les options suivantes:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
DÉCOCHE Do not Sweep System Restore Folder.
Clic Sweep Now sur la gauche.
Clic sur Start.
Quand le scan est terminé, clic sur Next.
Assure-toi que tous les items sont cochés, puis clic sur Next.
Tous les items cochés seront éliminés.
Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.
Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.
Clic sur l'onglet Summary, puis clic sur Finish.
Colle le contenu du "Session Log" dans ta prochaine réponse.
Poste moi le log de Spysweeper je te prie.
3) Je te fais télécharger le logiciel suivant qui nettoiera ton pc :
-Télécharge EasyCleaner de Toni Helenius(installe le dans son dossier)
Exécute EasyCleaner Registre et Inutiles.Ne pas toucher à la fonction doublons. Supprime tout ce qu'il te propose.
envoie moi les 2 LOG spysweeper et ewido et un nouveau rapport de scan panda qui devrait etre moins étoffé (j'espère !) !
A+ 8-)
ok suis ces 3 étapes :
1) Télécharge la version d'essai d'Ewido ici :
http://www.ewido.net/fr/
et l'installer (important: pendant l'installation, sur la page "Additional Options" décocher les deux options "Install background guard" et "Install scan via context menu").
Démarrer ewido. Cliquer sur mise à jour, attendre la fin de cette mise à jour puis, fermer le programme.
Lorsque vous étes passé en mode sans échec, relancer Ewido et cliquer sur scanner puis sur scan complet du système.
Si des fichiers infectés sont trouvés, garder l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée).
A la fin du scan, Sauver le rapport (Fichier/Enregistrer sous...) et l'envoyer
2) Télécharge SpySweeper (de Webroot) de ce lien (version d'essai de 14 jours) : http://www.webroot.com/fr/products/spysweeper
Clique sur "Essayer".
Installe le programme. Une fois installé, il se lancera.
L'option de le mettre à jour s'affichera; clic Yes.
Lorsque les mises à jour seront installées, clic Options sur la gauche.
Clic sur l'onglet Sweep Options.
Sous What to Sweep, coche les options suivantes:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
DÉCOCHE Do not Sweep System Restore Folder.
Clic Sweep Now sur la gauche.
Clic sur Start.
Quand le scan est terminé, clic sur Next.
Assure-toi que tous les items sont cochés, puis clic sur Next.
Tous les items cochés seront éliminés.
Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.
Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.
Clic sur l'onglet Summary, puis clic sur Finish.
Colle le contenu du "Session Log" dans ta prochaine réponse.
Poste moi le log de Spysweeper je te prie.
3) Je te fais télécharger le logiciel suivant qui nettoiera ton pc :
-Télécharge EasyCleaner de Toni Helenius(installe le dans son dossier)
Exécute EasyCleaner Registre et Inutiles.Ne pas toucher à la fonction doublons. Supprime tout ce qu'il te propose.
envoie moi les 2 LOG spysweeper et ewido et un nouveau rapport de scan panda qui devrait etre moins étoffé (j'espère !) !
A+ 8-)
Hello Naheulbeuk,
le rapport ewido :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 21:05:29, 10/02/2006
+ Somme de contrôle: 963EE9E
+ Résultats du scan:
:mozilla.28:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.29:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.35:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
:mozilla.40:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.41:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.42:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.43:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.44:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.45:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.47:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.48:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.49:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.50:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.59:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.60:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.64:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.84:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.85:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.89:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.90:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.91:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.94:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.95:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.102:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.105:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.110:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.139:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyer et sauvegarder
:mozilla.145:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder
:mozilla.151:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.158:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder
:mozilla.189:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Onestat : Nettoyer et sauvegarder
:mozilla.210:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.212:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.213:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.233:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Paycounter : Nettoyer et sauvegarder
:mozilla.236:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@lop[1].txt -> TrackingCookie.Lop : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Program Files\NewDotNet -> Adware.NewDotNet : Nettoyer et sauvegarder
::Fin du rapport
le rapport ewido :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 21:05:29, 10/02/2006
+ Somme de contrôle: 963EE9E
+ Résultats du scan:
:mozilla.28:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.29:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.35:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
:mozilla.40:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.41:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.42:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.43:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.44:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.45:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.47:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.48:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.49:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.50:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.59:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.60:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.64:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.84:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.85:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.89:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.90:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.91:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.94:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.95:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.102:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.105:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.110:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.139:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyer et sauvegarder
:mozilla.145:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder
:mozilla.151:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.158:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder
:mozilla.189:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Onestat : Nettoyer et sauvegarder
:mozilla.210:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.212:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.213:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.233:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Paycounter : Nettoyer et sauvegarder
:mozilla.236:C:\Documents and Settings\Rajaona Razakandisa\Application Data\Mozilla\Firefox\Profiles\fm464y8z.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@lop[1].txt -> TrackingCookie.Lop : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Rajaona Razakandisa\Cookies\rajaona razakandisa@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Program Files\NewDotNet -> Adware.NewDotNet : Nettoyer et sauvegarder
::Fin du rapport
Le rapport spyware :
********
21:11: | Début de session, vendredi 10 février 2006 |
21:11: Spy Sweeper démarrée
21:11: Analyse lancée avec la version des définitions 613
21:11: Démarrage de l’analyse de la mémoire
21:14: Analyse de la mémoire terminée, temps passé : 00:02:48
21:14: Démarrage de l’analyse du Registre
21:14: Trouvé Adware: gain - common components
21:14: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (10 traces secondaires) (ID = 126731)
21:14: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (10 traces secondaires) (ID = 126751)
21:14: Trouvé Adware: hotbar
21:14: HKCR\hbtinstie.hbinstobj.1\ (3 traces secondaires) (ID = 127301)
21:14: HKCR\hbtinstie.hbinstobj\ (5 traces secondaires) (ID = 127302)
21:14: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 traces secondaires) (ID = 127325)
21:14: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 traces secondaires) (ID = 127339)
21:14: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 traces secondaires) (ID = 127353)
21:14: HKLM\software\classes\hbtinstie.hbinstobj.1\ (3 traces secondaires) (ID = 127467)
21:14: HKLM\software\classes\hbtinstie.hbinstobj\ (5 traces secondaires) (ID = 127468)
21:14: HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 traces secondaires) (ID = 127490)
21:14: HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 traces secondaires) (ID = 127503)
21:14: HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 traces secondaires) (ID = 127514)
21:14: HKLM\software\classes\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 traces secondaires) (ID = 127537)
21:14: HKLM\software\classes\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 traces secondaires) (ID = 127543)
21:14: HKLM\software\classes\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 traces secondaires) (ID = 127555)
21:14: HKLM\software\classes\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 traces secondaires) (ID = 127557)
21:14: HKLM\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (1 traces secondaires) (ID = 127569)
21:14: HKCR\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 traces secondaires) (ID = 127635)
21:14: HKCR\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 traces secondaires) (ID = 127641)
21:14: HKCR\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 traces secondaires) (ID = 127654)
21:14: HKCR\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 traces secondaires) (ID = 127656)
21:14: Trouvé Adware: ieloader
21:14: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/axload.dll\ (2 traces secondaires) (ID = 128080)
21:14: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\axload.dll (ID = 128082)
21:14: Trouvé Adware: ist istbar
21:14: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 traces secondaires) (ID = 129103)
21:14: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll\ (2 traces secondaires) (ID = 129127)
21:14: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\istactivex.dll (ID = 129176)
21:14: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 traces secondaires) (ID = 129190)
21:14: Trouvé Adware: relatedlinks bho
21:14: HKCR\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 traces secondaires) (ID = 139367)
21:14: HKLM\software\classes\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 traces secondaires) (ID = 139376)
21:14: HKLM\software\classes\typelib\{15084be8-9a01-4e0b-a358-93688ec7d7aa}\ (9 traces secondaires) (ID = 139379)
21:14: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 traces secondaires) (ID = 139388)
21:14: HKCR\typelib\{15084be8-9a01-4e0b-a358-93688ec7d7aa}\ (9 traces secondaires) (ID = 139389)
21:14: Trouvé Adware: winad
21:14: HKCR\appid\loaderx.exe\ (1 traces secondaires) (ID = 147150)
21:14: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 traces secondaires) (ID = 147151)
21:14: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 traces secondaires) (ID = 147153)
21:14: HKLM\software\classes\appid\loaderx.exe\ (1 traces secondaires) (ID = 147164)
21:14: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 traces secondaires) (ID = 147165)
21:14: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 traces secondaires) (ID = 147167)
21:14: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 traces secondaires) (ID = 147176)
21:14: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/mediaaccx.dll\ (2 traces secondaires) (ID = 147200)
21:14: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\mediaaccx.dll (ID = 147228)
21:14: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 traces secondaires) (ID = 147244)
21:14: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 traces secondaires) (ID = 774223)
21:14: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (8 traces secondaires) (ID = 774241)
21:14: HKCR\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 traces secondaires) (ID = 774268)
21:14: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 traces secondaires) (ID = 774358)
21:14: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 traces secondaires) (ID = 774394)
21:14: HKCR\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (8 traces secondaires) (ID = 774403)
21:14: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 traces secondaires) (ID = 774412)
21:14: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 traces secondaires) (ID = 774457)
21:14: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 traces secondaires) (ID = 774499)
21:14: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (8 traces secondaires) (ID = 774517)
21:14: HKLM\software\classes\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 traces secondaires) (ID = 774544)
21:14: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 traces secondaires) (ID = 774634)
21:14: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 traces secondaires) (ID = 774670)
21:14: HKLM\software\classes\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (8 traces secondaires) (ID = 774679)
21:14: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 traces secondaires) (ID = 774688)
21:14: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 traces secondaires) (ID = 774733)
21:15: HKU\S-1-5-21-1957994488-1708537768-725345543-1000\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)
21:15: Analyse du Registre terminée, temps passé :00:00:30
21:15: Démarrage de l’analyse des cookies
21:15: Trouvé Spy Cookie: yieldmanager cookie
21:15: rajaona razakandisa@ad.yieldmanager[1].txt (ID = 3751)
21:15: Trouvé Spy Cookie: searchweb2 cookie
21:15: rajaona razakandisa@searchweb2[1].txt (ID = 3325)
21:15: Analyse des cookies terminée, temps passé : 00:00:00
21:15: Démarrage de l’analyse des fichiers
21:15: c:\documents and settings\rajaona razakandisa\local settings\temp\fsg_tmp (ID = -2147480935)
21:15: Trouvé Adware: lopdotcom
21:15: c:\program files\c2media (ID = -2147480676)
21:15: Trouvé Adware: clipgenie
21:15: wrdpreview.wmv (ID = 53093)
21:15: grvpreview.wmv (ID = 53061)
21:16: Trouvé Adware: ezula ilookup
21:16: search.src (ID = 111060)
21:16: button_small.gif (ID = 60415)
21:17: Trouvé Adware: shopathomeselect
21:17: sahuninstall.exe (ID = 75917)
21:17: gatorpdpsetup.log (ID = 61399)
21:17: gatorhdplugin.log (ID = 119819)
21:17: gatorplugin.log (ID = 61400)
21:17: Trouvé Adware: brilliant digital
21:17: bdeclean.exe (ID = 51737)
21:17: bdeimage.dll (ID = 51747)
21:17: b3d.b3d (ID = 51726)
21:17: installb3d3200.cab (ID = 51776)
21:17: installb3dviewer2.cab (ID = 51785)
21:17: installb3dplayer3200.cab (ID = 51782)
21:17: syscheckb3dplayer.cab (ID = 51793)
21:17: installb3dcodecs.cab (ID = 51778)
21:17: installb3drasts.cab (ID = 51784)
21:17: b3dstats.cab (ID = 51731)
21:17: b3d.b3d (ID = 51726)
21:17: bdeclean.exe (ID = 51737)
21:17: setup.cab (ID = 51791)
21:17: config3.ini (ID = 51769)
21:17: webinstaller.dll (ID = 75986)
21:17: lsp_.dll (ID = 75815)
21:17: sahdownloader_.exe (ID = 75908)
21:17: sahuninstall_.exe (ID = 75922)
21:17: sahhtml_.exe (ID = 75911)
21:17: setup.inf (ID = 75931)
21:17: bdedata2.dll (ID = 51739)
21:17: v.dat (ID = 75970)
21:17: vg.dat (ID = 57301)
21:17: sahuninstall_.exe (ID = 75921)
21:17: sahhtml_.exe (ID = 75912)
21:17: setup.inf (ID = 75926)
21:17: setup.exe (ID = 51792)
21:19: sahhtml.exe (ID = 75912)
21:19: bdedata2.dll (ID = 51739)
21:19: bdeinsta3.dll (ID = 51750)
21:19: bdeinstallman3.exe (ID = 51752)
21:19: bdeinstallprogress3.dll (ID = 51753)
21:19: bde3dref3p3.dll (ID = 51735)
21:19: bderastmmx3.dll (ID = 51760)
21:19: bderastdx3.dll (ID = 51757)
21:19: ezstub.exe (ID = 60525)
21:19: Trouvé Adware: mindset interactive - favoriteman
21:19: vg.dat (ID = 69878)
21:19: sahagent.log (ID = 75887)
21:21: guninstaller.exe (ID = 61468)
21:21: appmgrgui.zip (ID = 61281)
21:22: cmediagnostics.log (ID = 61291)
21:23: egieengine.dll (ID = 61343)
21:23: greygramweb.exe (ID = 90)
21:23: hdplugin1101.inf (ID = 114237)
21:23: backup-20060207-234151-512.dll (ID = 91)
21:24: qlvjnppu.exe (ID = 95)
21:24: dupe title.exe (ID = 122)
21:24: axis stupid.exe (ID = 91)
21:25: omgqbhft.exe (ID = 95)
21:25: uxkeifcq.exe (ID = 95)
21:25: nffbpjfs.exe (ID = 95)
21:26: inside program.exe (ID = 121)
21:27: bqiomlxf.exe (ID = 122)
21:27: hfixcfg (ID = 61483)
21:28: cmediagnostics.log (ID = 61291)
21:28: appmgrgui.zip (ID = 61281)
21:28: hfixcfg (ID = 61483)
21:28: fillin.wav (ID = 61352)
21:28: gmt.exe.manifest (ID = 61434)
21:28: gator.log (ID = 61386)
21:31: extpreview.wmv (ID = 53042)
21:31: celebpreview.wmv (ID = 53030)
21:31: Trouvé Adware: delfin
21:31: license.txt (ID = 57723)
21:31: delfinad.ebd (ID = 57676)
21:31: delfinlo.ebd (ID = 57687)
21:32: gmt.exe.manifest (ID = 61434)
21:33: casinopreview.wmv (ID = 53029)
21:33: bikpreview.wmv (ID = 53028)
21:35: gator.log (ID = 61386)
21:36: genun.ez (ID = 111054)
21:40: scroller.swf (ID = 53090)
21:40: Trouvé Adware: networkessentials
21:40: install.exe (ID = 71033)
21:40: Trouvé Adware: whenu
21:40: readme.txt (ID = 74357)
21:40: Trouvé Adware: whenu save
21:40: save.htm (ID = 74382)
21:40: player.html (ID = 53078)
21:40: playerslices.htm (ID = 53080)
21:40: main.html (ID = 53069)
21:40: save.exe (ID = 74374)
21:41: rnoaxnrt.exe (ID = 122)
21:42: shgzgzvc.exe (ID = 95)
21:42: filmmfcd.exe (ID = 122)
21:43: dart settings.exe (ID = 122)
21:43: viewcdrom.exe (ID = 122)
21:43: safethe.exe (ID = 122)
21:44: nxqankwl.exe (ID = 122)
21:44: hjkbjohe.exe (ID = 122)
21:44: nxwmxqau.exe (ID = 95)
21:44: gpkfoiqf.exe (ID = 122)
21:45: f1_2b_categories.html (ID = 53045)
21:45: fillin.wav (ID = 61352)
21:45: 45b8aebb.exe (ID = 121)
21:45: 45b8a2f2.exe (ID = 121)
21:46: staa.exe (ID = 162)
21:46: stab.exe (ID = 162)
21:46: sta22.exe (ID = 162)
21:46: greygramweb.exe (ID = 90)
21:46: 45b276b7.exe (ID = 121)
21:47: upayb[1].int (ID = 121)
21:47: bfdlhsmh.exe (ID = 121)
21:47: frag kind inter plus.exe (ID = 121)
21:47: frag kind inter plus.exe (ID = 121)
21:47: inside program.exe (ID = 121)
21:47: legend.lgn (ID = 60573)
21:47: param.ez (ID = 111058)
21:47: rwds.rst (ID = 111059)
21:47: channelstyles.css (ID = 53034)
21:47: f1_1.html (ID = 53043)
21:47: f1_2a.html (ID = 53044)
21:47: f1_3.html (ID = 53046)
21:47: f2.html (ID = 53047)
21:47: f3_1.html (ID = 53048)
21:47: Trouvé Adware: great net downloadware
21:47: 1013.pid (ID = 59282)
21:47: 51.dl (ID = 59288)
21:47: 90.dl (ID = 59291)
21:47: gatorsupportinfo.txt (ID = 61414)
21:47: mepcme.dat (ID = 61517)
21:47: f3_2a_player.html (ID = 53085)
21:47: f3_2b.html (ID = 53050)
21:47: f3_3.html (ID = 53051)
21:47: f3_4a_files.html (ID = 53052)
21:47: f3_4b.html (ID = 53053)
21:47: f3_5.html (ID = 53054)
21:47: playerstyles.css (ID = 53034)
21:47: channels.js (ID = 53036)
21:47: guistyles.css (ID = 53034)
21:47: launch.html (ID = 53068)
21:47: content.js (ID = 53041)
21:47: user.html (ID = 57799)
21:47: description.txt (ID = 57695)
21:47: delfinbd.edx (ID = 57681)
21:47: delfined.edx (ID = 57681)
21:47: delfinid.edx (ID = 57684)
21:47: delfindl.edx (ID = 57681)
21:47: delfinaf.edx (ID = 57679)
21:47: delfinco.edx (ID = 57681)
21:47: delfinld.edx (ID = 57681)
21:47: global.cfg (ID = 146968)
21:47: Trouvé Adware: precisiontime
21:47: precisiontime.ini (ID = 61562)
21:47: precisiontimewebsite.url (ID = 61569)
21:47: 448.ga (ID = 61233)
21:47: q0tasjbqbgaaaleq-tobgnpj.gdt2 (ID = 61574)
21:47: lbbho.ini (ID = 73732)
21:47: Trouvé Adware: ie access
21:47: ieaccess2.inf (ID = 62619)
21:47: about gain publishing.lnk (ID = 61270)
21:47: gain publishing web site.url (ID = 61372)
21:47: toptext button show - hide.lnk (ID = 60649)
21:47: gstartup.lnk (ID = 61450)
21:47: precisiontime.lnk (ID = 61563)
21:47: gstartup.lnk (ID = 61450)
21:48: lbbho.ini (ID = 73732)
21:48: mepcme.dat (ID = 61517)
21:48: gatorsupportinfo.txt (ID = 61414)
21:49: Trouvé Adware: instant access
21:49: ia.inf (ID = 63846)
21:49: dtc32.inf (ID = 63678)
21:49: bundle.inf (ID = 61287)
21:49: backup-20060209-213632-488.inf (ID = 62333)
21:51: Avertissement: Unhandled Archive Type
21:51: Avertissement: Unhandled Archive Type
21:51: Avertissement: Unhandled Archive Type
21:52: Avertissement: Unhandled Archive Type
22:01: Avertissement: Unhandled Archive Type
22:01: Avertissement: Unhandled Archive Type
22:01: Avertissement: Unhandled Archive Type
22:32: Analyse des fichiers terminée, temps passé : 01:17:34
22:32: Analyse complète terminée. Durée 01:20:58
22:32: Traces trouvées : 622
22:33: Processus de suppression lancé.
22:33: Mise en quarantaine de toutes les traces : ist istbar
22:33: Mise en quarantaine de toutes les traces : lopdotcom
22:33: Mise en quarantaine de toutes les traces : delfin
22:33: Mise en quarantaine de toutes les traces : hotbar
22:34: Mise en quarantaine de toutes les traces : mindset interactive - favoriteman
22:34: Mise en quarantaine de toutes les traces : winad
22:34: Mise en quarantaine de toutes les traces : brilliant digital
22:34: Mise en quarantaine de toutes les traces : clipgenie
22:34: Mise en quarantaine de toutes les traces : ezula ilookup
22:34: Mise en quarantaine de toutes les traces : great net downloadware
22:34: Mise en quarantaine de toutes les traces : ie access
22:34: Mise en quarantaine de toutes les traces : ieloader
22:34: Mise en quarantaine de toutes les traces : instant access
22:34: Mise en quarantaine de toutes les traces : networkessentials
22:34: Mise en quarantaine de toutes les traces : relatedlinks bho
22:34: Mise en quarantaine de toutes les traces : shopathomeselect
22:34: Mise en quarantaine de toutes les traces : gain - common components
22:34: Mise en quarantaine de toutes les traces : precisiontime
22:34: Mise en quarantaine de toutes les traces : searchweb2 cookie
22:34: Mise en quarantaine de toutes les traces : whenu save
22:34: Mise en quarantaine de toutes les traces : whenu
22:34: Mise en quarantaine de toutes les traces : yieldmanager cookie
22:34: Processus de suppression lancé. Durée 00:01:32
********
21:07: | Début de session, vendredi 10 février 2006 |
21:07: Spy Sweeper démarrée
21:08: Les définitions de logiciels espions ont été mises à jour.
21:11: | Fin de session, vendredi 10 février 2006 |
********
21:11: | Début de session, vendredi 10 février 2006 |
21:11: Spy Sweeper démarrée
21:11: Analyse lancée avec la version des définitions 613
21:11: Démarrage de l’analyse de la mémoire
21:14: Analyse de la mémoire terminée, temps passé : 00:02:48
21:14: Démarrage de l’analyse du Registre
21:14: Trouvé Adware: gain - common components
21:14: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (10 traces secondaires) (ID = 126731)
21:14: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (10 traces secondaires) (ID = 126751)
21:14: Trouvé Adware: hotbar
21:14: HKCR\hbtinstie.hbinstobj.1\ (3 traces secondaires) (ID = 127301)
21:14: HKCR\hbtinstie.hbinstobj\ (5 traces secondaires) (ID = 127302)
21:14: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 traces secondaires) (ID = 127325)
21:14: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 traces secondaires) (ID = 127339)
21:14: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 traces secondaires) (ID = 127353)
21:14: HKLM\software\classes\hbtinstie.hbinstobj.1\ (3 traces secondaires) (ID = 127467)
21:14: HKLM\software\classes\hbtinstie.hbinstobj\ (5 traces secondaires) (ID = 127468)
21:14: HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 traces secondaires) (ID = 127490)
21:14: HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 traces secondaires) (ID = 127503)
21:14: HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 traces secondaires) (ID = 127514)
21:14: HKLM\software\classes\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 traces secondaires) (ID = 127537)
21:14: HKLM\software\classes\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 traces secondaires) (ID = 127543)
21:14: HKLM\software\classes\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 traces secondaires) (ID = 127555)
21:14: HKLM\software\classes\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 traces secondaires) (ID = 127557)
21:14: HKLM\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (1 traces secondaires) (ID = 127569)
21:14: HKCR\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 traces secondaires) (ID = 127635)
21:14: HKCR\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 traces secondaires) (ID = 127641)
21:14: HKCR\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 traces secondaires) (ID = 127654)
21:14: HKCR\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 traces secondaires) (ID = 127656)
21:14: Trouvé Adware: ieloader
21:14: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/axload.dll\ (2 traces secondaires) (ID = 128080)
21:14: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\axload.dll (ID = 128082)
21:14: Trouvé Adware: ist istbar
21:14: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 traces secondaires) (ID = 129103)
21:14: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll\ (2 traces secondaires) (ID = 129127)
21:14: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\istactivex.dll (ID = 129176)
21:14: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 traces secondaires) (ID = 129190)
21:14: Trouvé Adware: relatedlinks bho
21:14: HKCR\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 traces secondaires) (ID = 139367)
21:14: HKLM\software\classes\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 traces secondaires) (ID = 139376)
21:14: HKLM\software\classes\typelib\{15084be8-9a01-4e0b-a358-93688ec7d7aa}\ (9 traces secondaires) (ID = 139379)
21:14: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 traces secondaires) (ID = 139388)
21:14: HKCR\typelib\{15084be8-9a01-4e0b-a358-93688ec7d7aa}\ (9 traces secondaires) (ID = 139389)
21:14: Trouvé Adware: winad
21:14: HKCR\appid\loaderx.exe\ (1 traces secondaires) (ID = 147150)
21:14: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 traces secondaires) (ID = 147151)
21:14: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 traces secondaires) (ID = 147153)
21:14: HKLM\software\classes\appid\loaderx.exe\ (1 traces secondaires) (ID = 147164)
21:14: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 traces secondaires) (ID = 147165)
21:14: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 traces secondaires) (ID = 147167)
21:14: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 traces secondaires) (ID = 147176)
21:14: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/mediaaccx.dll\ (2 traces secondaires) (ID = 147200)
21:14: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\mediaaccx.dll (ID = 147228)
21:14: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 traces secondaires) (ID = 147244)
21:14: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 traces secondaires) (ID = 774223)
21:14: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (8 traces secondaires) (ID = 774241)
21:14: HKCR\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 traces secondaires) (ID = 774268)
21:14: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 traces secondaires) (ID = 774358)
21:14: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 traces secondaires) (ID = 774394)
21:14: HKCR\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (8 traces secondaires) (ID = 774403)
21:14: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 traces secondaires) (ID = 774412)
21:14: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 traces secondaires) (ID = 774457)
21:14: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 traces secondaires) (ID = 774499)
21:14: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (8 traces secondaires) (ID = 774517)
21:14: HKLM\software\classes\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 traces secondaires) (ID = 774544)
21:14: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 traces secondaires) (ID = 774634)
21:14: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 traces secondaires) (ID = 774670)
21:14: HKLM\software\classes\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (8 traces secondaires) (ID = 774679)
21:14: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 traces secondaires) (ID = 774688)
21:14: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 traces secondaires) (ID = 774733)
21:15: HKU\S-1-5-21-1957994488-1708537768-725345543-1000\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)
21:15: Analyse du Registre terminée, temps passé :00:00:30
21:15: Démarrage de l’analyse des cookies
21:15: Trouvé Spy Cookie: yieldmanager cookie
21:15: rajaona razakandisa@ad.yieldmanager[1].txt (ID = 3751)
21:15: Trouvé Spy Cookie: searchweb2 cookie
21:15: rajaona razakandisa@searchweb2[1].txt (ID = 3325)
21:15: Analyse des cookies terminée, temps passé : 00:00:00
21:15: Démarrage de l’analyse des fichiers
21:15: c:\documents and settings\rajaona razakandisa\local settings\temp\fsg_tmp (ID = -2147480935)
21:15: Trouvé Adware: lopdotcom
21:15: c:\program files\c2media (ID = -2147480676)
21:15: Trouvé Adware: clipgenie
21:15: wrdpreview.wmv (ID = 53093)
21:15: grvpreview.wmv (ID = 53061)
21:16: Trouvé Adware: ezula ilookup
21:16: search.src (ID = 111060)
21:16: button_small.gif (ID = 60415)
21:17: Trouvé Adware: shopathomeselect
21:17: sahuninstall.exe (ID = 75917)
21:17: gatorpdpsetup.log (ID = 61399)
21:17: gatorhdplugin.log (ID = 119819)
21:17: gatorplugin.log (ID = 61400)
21:17: Trouvé Adware: brilliant digital
21:17: bdeclean.exe (ID = 51737)
21:17: bdeimage.dll (ID = 51747)
21:17: b3d.b3d (ID = 51726)
21:17: installb3d3200.cab (ID = 51776)
21:17: installb3dviewer2.cab (ID = 51785)
21:17: installb3dplayer3200.cab (ID = 51782)
21:17: syscheckb3dplayer.cab (ID = 51793)
21:17: installb3dcodecs.cab (ID = 51778)
21:17: installb3drasts.cab (ID = 51784)
21:17: b3dstats.cab (ID = 51731)
21:17: b3d.b3d (ID = 51726)
21:17: bdeclean.exe (ID = 51737)
21:17: setup.cab (ID = 51791)
21:17: config3.ini (ID = 51769)
21:17: webinstaller.dll (ID = 75986)
21:17: lsp_.dll (ID = 75815)
21:17: sahdownloader_.exe (ID = 75908)
21:17: sahuninstall_.exe (ID = 75922)
21:17: sahhtml_.exe (ID = 75911)
21:17: setup.inf (ID = 75931)
21:17: bdedata2.dll (ID = 51739)
21:17: v.dat (ID = 75970)
21:17: vg.dat (ID = 57301)
21:17: sahuninstall_.exe (ID = 75921)
21:17: sahhtml_.exe (ID = 75912)
21:17: setup.inf (ID = 75926)
21:17: setup.exe (ID = 51792)
21:19: sahhtml.exe (ID = 75912)
21:19: bdedata2.dll (ID = 51739)
21:19: bdeinsta3.dll (ID = 51750)
21:19: bdeinstallman3.exe (ID = 51752)
21:19: bdeinstallprogress3.dll (ID = 51753)
21:19: bde3dref3p3.dll (ID = 51735)
21:19: bderastmmx3.dll (ID = 51760)
21:19: bderastdx3.dll (ID = 51757)
21:19: ezstub.exe (ID = 60525)
21:19: Trouvé Adware: mindset interactive - favoriteman
21:19: vg.dat (ID = 69878)
21:19: sahagent.log (ID = 75887)
21:21: guninstaller.exe (ID = 61468)
21:21: appmgrgui.zip (ID = 61281)
21:22: cmediagnostics.log (ID = 61291)
21:23: egieengine.dll (ID = 61343)
21:23: greygramweb.exe (ID = 90)
21:23: hdplugin1101.inf (ID = 114237)
21:23: backup-20060207-234151-512.dll (ID = 91)
21:24: qlvjnppu.exe (ID = 95)
21:24: dupe title.exe (ID = 122)
21:24: axis stupid.exe (ID = 91)
21:25: omgqbhft.exe (ID = 95)
21:25: uxkeifcq.exe (ID = 95)
21:25: nffbpjfs.exe (ID = 95)
21:26: inside program.exe (ID = 121)
21:27: bqiomlxf.exe (ID = 122)
21:27: hfixcfg (ID = 61483)
21:28: cmediagnostics.log (ID = 61291)
21:28: appmgrgui.zip (ID = 61281)
21:28: hfixcfg (ID = 61483)
21:28: fillin.wav (ID = 61352)
21:28: gmt.exe.manifest (ID = 61434)
21:28: gator.log (ID = 61386)
21:31: extpreview.wmv (ID = 53042)
21:31: celebpreview.wmv (ID = 53030)
21:31: Trouvé Adware: delfin
21:31: license.txt (ID = 57723)
21:31: delfinad.ebd (ID = 57676)
21:31: delfinlo.ebd (ID = 57687)
21:32: gmt.exe.manifest (ID = 61434)
21:33: casinopreview.wmv (ID = 53029)
21:33: bikpreview.wmv (ID = 53028)
21:35: gator.log (ID = 61386)
21:36: genun.ez (ID = 111054)
21:40: scroller.swf (ID = 53090)
21:40: Trouvé Adware: networkessentials
21:40: install.exe (ID = 71033)
21:40: Trouvé Adware: whenu
21:40: readme.txt (ID = 74357)
21:40: Trouvé Adware: whenu save
21:40: save.htm (ID = 74382)
21:40: player.html (ID = 53078)
21:40: playerslices.htm (ID = 53080)
21:40: main.html (ID = 53069)
21:40: save.exe (ID = 74374)
21:41: rnoaxnrt.exe (ID = 122)
21:42: shgzgzvc.exe (ID = 95)
21:42: filmmfcd.exe (ID = 122)
21:43: dart settings.exe (ID = 122)
21:43: viewcdrom.exe (ID = 122)
21:43: safethe.exe (ID = 122)
21:44: nxqankwl.exe (ID = 122)
21:44: hjkbjohe.exe (ID = 122)
21:44: nxwmxqau.exe (ID = 95)
21:44: gpkfoiqf.exe (ID = 122)
21:45: f1_2b_categories.html (ID = 53045)
21:45: fillin.wav (ID = 61352)
21:45: 45b8aebb.exe (ID = 121)
21:45: 45b8a2f2.exe (ID = 121)
21:46: staa.exe (ID = 162)
21:46: stab.exe (ID = 162)
21:46: sta22.exe (ID = 162)
21:46: greygramweb.exe (ID = 90)
21:46: 45b276b7.exe (ID = 121)
21:47: upayb[1].int (ID = 121)
21:47: bfdlhsmh.exe (ID = 121)
21:47: frag kind inter plus.exe (ID = 121)
21:47: frag kind inter plus.exe (ID = 121)
21:47: inside program.exe (ID = 121)
21:47: legend.lgn (ID = 60573)
21:47: param.ez (ID = 111058)
21:47: rwds.rst (ID = 111059)
21:47: channelstyles.css (ID = 53034)
21:47: f1_1.html (ID = 53043)
21:47: f1_2a.html (ID = 53044)
21:47: f1_3.html (ID = 53046)
21:47: f2.html (ID = 53047)
21:47: f3_1.html (ID = 53048)
21:47: Trouvé Adware: great net downloadware
21:47: 1013.pid (ID = 59282)
21:47: 51.dl (ID = 59288)
21:47: 90.dl (ID = 59291)
21:47: gatorsupportinfo.txt (ID = 61414)
21:47: mepcme.dat (ID = 61517)
21:47: f3_2a_player.html (ID = 53085)
21:47: f3_2b.html (ID = 53050)
21:47: f3_3.html (ID = 53051)
21:47: f3_4a_files.html (ID = 53052)
21:47: f3_4b.html (ID = 53053)
21:47: f3_5.html (ID = 53054)
21:47: playerstyles.css (ID = 53034)
21:47: channels.js (ID = 53036)
21:47: guistyles.css (ID = 53034)
21:47: launch.html (ID = 53068)
21:47: content.js (ID = 53041)
21:47: user.html (ID = 57799)
21:47: description.txt (ID = 57695)
21:47: delfinbd.edx (ID = 57681)
21:47: delfined.edx (ID = 57681)
21:47: delfinid.edx (ID = 57684)
21:47: delfindl.edx (ID = 57681)
21:47: delfinaf.edx (ID = 57679)
21:47: delfinco.edx (ID = 57681)
21:47: delfinld.edx (ID = 57681)
21:47: global.cfg (ID = 146968)
21:47: Trouvé Adware: precisiontime
21:47: precisiontime.ini (ID = 61562)
21:47: precisiontimewebsite.url (ID = 61569)
21:47: 448.ga (ID = 61233)
21:47: q0tasjbqbgaaaleq-tobgnpj.gdt2 (ID = 61574)
21:47: lbbho.ini (ID = 73732)
21:47: Trouvé Adware: ie access
21:47: ieaccess2.inf (ID = 62619)
21:47: about gain publishing.lnk (ID = 61270)
21:47: gain publishing web site.url (ID = 61372)
21:47: toptext button show - hide.lnk (ID = 60649)
21:47: gstartup.lnk (ID = 61450)
21:47: precisiontime.lnk (ID = 61563)
21:47: gstartup.lnk (ID = 61450)
21:48: lbbho.ini (ID = 73732)
21:48: mepcme.dat (ID = 61517)
21:48: gatorsupportinfo.txt (ID = 61414)
21:49: Trouvé Adware: instant access
21:49: ia.inf (ID = 63846)
21:49: dtc32.inf (ID = 63678)
21:49: bundle.inf (ID = 61287)
21:49: backup-20060209-213632-488.inf (ID = 62333)
21:51: Avertissement: Unhandled Archive Type
21:51: Avertissement: Unhandled Archive Type
21:51: Avertissement: Unhandled Archive Type
21:52: Avertissement: Unhandled Archive Type
22:01: Avertissement: Unhandled Archive Type
22:01: Avertissement: Unhandled Archive Type
22:01: Avertissement: Unhandled Archive Type
22:32: Analyse des fichiers terminée, temps passé : 01:17:34
22:32: Analyse complète terminée. Durée 01:20:58
22:32: Traces trouvées : 622
22:33: Processus de suppression lancé.
22:33: Mise en quarantaine de toutes les traces : ist istbar
22:33: Mise en quarantaine de toutes les traces : lopdotcom
22:33: Mise en quarantaine de toutes les traces : delfin
22:33: Mise en quarantaine de toutes les traces : hotbar
22:34: Mise en quarantaine de toutes les traces : mindset interactive - favoriteman
22:34: Mise en quarantaine de toutes les traces : winad
22:34: Mise en quarantaine de toutes les traces : brilliant digital
22:34: Mise en quarantaine de toutes les traces : clipgenie
22:34: Mise en quarantaine de toutes les traces : ezula ilookup
22:34: Mise en quarantaine de toutes les traces : great net downloadware
22:34: Mise en quarantaine de toutes les traces : ie access
22:34: Mise en quarantaine de toutes les traces : ieloader
22:34: Mise en quarantaine de toutes les traces : instant access
22:34: Mise en quarantaine de toutes les traces : networkessentials
22:34: Mise en quarantaine de toutes les traces : relatedlinks bho
22:34: Mise en quarantaine de toutes les traces : shopathomeselect
22:34: Mise en quarantaine de toutes les traces : gain - common components
22:34: Mise en quarantaine de toutes les traces : precisiontime
22:34: Mise en quarantaine de toutes les traces : searchweb2 cookie
22:34: Mise en quarantaine de toutes les traces : whenu save
22:34: Mise en quarantaine de toutes les traces : whenu
22:34: Mise en quarantaine de toutes les traces : yieldmanager cookie
22:34: Processus de suppression lancé. Durée 00:01:32
********
21:07: | Début de session, vendredi 10 février 2006 |
21:07: Spy Sweeper démarrée
21:08: Les définitions de logiciels espions ont été mises à jour.
21:11: | Fin de session, vendredi 10 février 2006 |
le dernier rapport panda :
Spyware:Cookie/Buzztone No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\Cookies\rajaona@www.buzztone[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\Cookies\rajaona@xiti[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\Cookies\rajaona@xiti[2].txt
Adware:Adware/SAHAgent No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\Downloaded Program Files\xmltok_.dll
Adware:Adware/eZula No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\eZinstall.exe
Adware:Adware/RelatedLinks No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\lbbho.dll
Spyware:Spyware/New.net No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\NDNuninstall4_94.exe
Dialer![:D]( ":D")
ialer.Gen No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\SYSTEM\EasyDates_fr-uninstall.exe
Adware:Adware/SAHAgent No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\SYSTEM\xmltok.dll
Outil indésirable:Application/ServUBased.A No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\SYSTEM32\DWRCS Uploads\ServUDaemon.exe
Adware:Adware/DelFinMedia No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\TEMP\Adware\DelFinMediaViewer29j.exe
Adware:Adware/SAHAgent No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\TEMP\SahUpdate\xmltok_.dll
Outil indésirable:Application/Psexec.A No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\winnt\system32\psexec.exe
Outil indésirable:Application/ServUBased.A No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\winnt\system32\rundll16.exe
Outil indésirable:Application/ServUBased.A No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\winnt\system32\ServUDaemon.exe
Outil indésirable:Application/MyWay No Désinfecté C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Outil indésirable:Application/MyWay No Désinfecté C:\Program Files\MyWay\myBar\S4SETP.EXE
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc123.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc124.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc125.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc126.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc127.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc137.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc138.exe
Spyware:Cookie/Belnk No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc2952.txt
Spyware:Cookie/Mysearch No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc2956.txt
Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc2973.txt
Spyware:Cookie/Belnk No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc2976.txt
Outil indésirable:Application/RealSpy No Désinfecté C:\WINNT\system32\actskn45.ocx
Adware:Adware/Lop No Désinfecté C:\WINNT\Temp\sta14.exe
Encore merci de ton aide.
Spyware:Cookie/Buzztone No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\Cookies\rajaona@www.buzztone[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\Cookies\rajaona@xiti[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\Cookies\rajaona@xiti[2].txt
Adware:Adware/SAHAgent No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\Downloaded Program Files\xmltok_.dll
Adware:Adware/eZula No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\eZinstall.exe
Adware:Adware/RelatedLinks No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\lbbho.dll
Spyware:Spyware/New.net No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\NDNuninstall4_94.exe
Dialer
ialer.Gen No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\SYSTEM\EasyDates_fr-uninstall.exe Adware:Adware/SAHAgent No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\SYSTEM\xmltok.dll
Outil indésirable:Application/ServUBased.A No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\SYSTEM32\DWRCS Uploads\ServUDaemon.exe
Adware:Adware/DelFinMedia No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\TEMP\Adware\DelFinMediaViewer29j.exe
Adware:Adware/SAHAgent No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\WINDOWS\TEMP\SahUpdate\xmltok_.dll
Outil indésirable:Application/Psexec.A No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\winnt\system32\psexec.exe
Outil indésirable:Application/ServUBased.A No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\winnt\system32\rundll16.exe
Outil indésirable:Application/ServUBased.A No Désinfecté C:\Documents and Settings\Rajaona Razakandisa\Mes documents\Sauvegarde\winnt\system32\ServUDaemon.exe
Outil indésirable:Application/MyWay No Désinfecté C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Outil indésirable:Application/MyWay No Désinfecté C:\Program Files\MyWay\myBar\S4SETP.EXE
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc123.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc124.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc125.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc126.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc127.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc137.exe
Adware:Adware/Lop No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc138.exe
Spyware:Cookie/Belnk No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc2952.txt
Spyware:Cookie/Mysearch No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc2956.txt
Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc2973.txt
Spyware:Cookie/Belnk No Désinfecté C:\RECYCLER\S-1-5-21-1957994488-1708537768-725345543-1000\Dc2976.txt
Outil indésirable:Application/RealSpy No Désinfecté C:\WINNT\system32\actskn45.ocx
Adware:Adware/Lop No Désinfecté C:\WINNT\Temp\sta14.exe
Encore merci de ton aide.
et le dernier rzpport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 05:29:42, on 11/02/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\bea\tuxedo8.1\bin\tuxipc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\bea\tuxedo8.1\bin\slisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\loadqm.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rajaona Razakandisa\Bureau\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cgqxvpjfakyctkmhwfq.com/kTbFygpUbhWvyolWJbQ8...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} (AdValiderInterface Class) - http://www.journal-officiel.gouv.fr/verifier/AdValiderW...
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: BEA ProcMGR V8.1 - Unknown owner - C:\bea\tuxedo8.1\bin\tuxipc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINNT\system32\netddesrv.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINNT\system32\spoolsv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TListen 8.1 (Port: 3050) (TUXEDO 8.1 Listener on Port 3050) - Unknown owner - C:\bea\tuxedo8.1\bin\slisten.exe
O23 - Service: WinCon (wincon net driver) (WinCon) - Unknown owner - C:\WINNT\system32\wincon.exe
Logfile of HijackThis v1.99.1
Scan saved at 05:29:42, on 11/02/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\bea\tuxedo8.1\bin\tuxipc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\bea\tuxedo8.1\bin\slisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\loadqm.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rajaona Razakandisa\Bureau\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cgqxvpjfakyctkmhwfq.com/kTbFygpUbhWvyolWJbQ8...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} (AdValiderInterface Class) - http://www.journal-officiel.gouv.fr/verifier/AdValiderW...
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: BEA ProcMGR V8.1 - Unknown owner - C:\bea\tuxedo8.1\bin\tuxipc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINNT\system32\netddesrv.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINNT\system32\spoolsv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TListen 8.1 (Port: 3050) (TUXEDO 8.1 Listener on Port 3050) - Unknown owner - C:\bea\tuxedo8.1\bin\slisten.exe
O23 - Service: WinCon (wincon net driver) (WinCon) - Unknown owner - C:\WINNT\system32\wincon.exe
Lassé par la pub ? Créez un compte
- Contenus similaires :
