Les spyware reviennent

Recherche :

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Les spyware reviennent

Linflas

Bonjour,

Voilà un log réalisé par AD-Aware. Je peux retirer les objets mais ils reviennent après un reboot... :na:

Des idées ? Des suggestions ?

Linf.

Ad-Aware SE Build 1.05
Logfile Created on:samedi 19 mars 2005 16:08:43
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R32 10.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:0):17 total references
IEHijacker.Hotoffers(TAC index:7):36 total references
MRU List(TAC index:0):34 total references
Win32.Adverts.TrojanDownloader(TAC index:6):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

19-03-2005 16:08:43 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\adobe\adobe acrobat\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : C:\Documents and Settings\MMenu\recent
Description : list of recently opened documents

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 172
ThreadCreationTime : 19-03-2005 13:07:06
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 200
ThreadCreationTime : 19-03-2005 13:07:44
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 196
ThreadCreationTime : 19-03-2005 13:07:50
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 248
ThreadCreationTime : 19-03-2005 13:07:56
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 260
ThreadCreationTime : 19-03-2005 13:07:56
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Exécutable LSA et DLL serveur (version d'exportation)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 380
ThreadCreationTime : 19-03-2005 13:08:09
BasePriority : Normal

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 444
ThreadCreationTime : 19-03-2005 13:08:14
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 492
ThreadCreationTime : 19-03-2005 13:08:21
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [ccsetmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 552
ThreadCreationTime : 19-03-2005 13:08:22
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 576
ThreadCreationTime : 19-03-2005 13:08:25
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:11 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 672
ThreadCreationTime : 19-03-2005 13:08:26
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:12 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 700
ThreadCreationTime : 19-03-2005 13:08:27
BasePriority : Normal

#:13 [cusrvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 716
ThreadCreationTime : 19-03-2005 13:08:27
BasePriority : Normal
FileVersion : v4.90
ProductVersion : v4.90
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell Client Update Service
InternalName : CUSRVC
LegalCopyright : Copyright © 2003, by Novell, Inc. All rights reserved.
OriginalFilename : CUSRVC.EXE

#:14 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 736
ThreadCreationTime : 19-03-2005 13:08:27
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:15 [ntmulti.exe]
FilePath : C:\Program Files\lotus\notes\
ProcessID : 768
ThreadCreationTime : 19-03-2005 13:08:30
BasePriority : Normal

#:16 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 948
ThreadCreationTime : 19-03-2005 13:08:42
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:17 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 964
ThreadCreationTime : 19-03-2005 13:08:46
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Planificateur de tâches Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Moteur du Planificateur de tâches
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:18 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1024
ThreadCreationTime : 19-03-2005 13:08:49
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Moniteur de périphériques d'images fixes
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:19 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1044
ThreadCreationTime : 19-03-2005 13:08:50
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:20 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 1064
ThreadCreationTime : 19-03-2005 13:08:52
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Infrastructure de gestion Windows
CompanyName : Microsoft Corporation
FileDescription : Infrastructure de gestion Windows
InternalName : WINMGMT
LegalCopyright : Copyright (C) Microsoft Corp. 1995-1999

#:21 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1160
ThreadCreationTime : 19-03-2005 13:09:14
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:22 [tp4mon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1448
ThreadCreationTime : 19-03-2005 13:09:55
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : IBM
FileDescription : IBM TrackPoint Application
InternalName : tp4mon
LegalCopyright : (C) IBM 1999 - All Rights Reserved
OriginalFilename : tp4mon.exe

#:23 [dpmw32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1480
ThreadCreationTime : 19-03-2005 13:09:59
BasePriority : Normal

#:24 [nwtray.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1484
ThreadCreationTime : 19-03-2005 13:10:00
BasePriority : Normal
FileVersion : v4.90
ProductVersion : v4.90
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell System Tray Icon
LegalCopyright : Copyright © 1992-2002 Novell, Inc.
OriginalFilename : NWTRAY.EXE

#:25 [agentnt.exe]
FilePath : C:\tbclient\BIN\
ProcessID : 1548
ThreadCreationTime : 19-03-2005 13:10:03
BasePriority : Normal
FileVersion : 3.1
ProductVersion : 3.1.0
ProductName : TrackBird
CompanyName : ISTRIA
FileDescription : Agent Collector for Windows NT
InternalName : agentnt
LegalCopyright : Copyright © D2M - ISTRIA 1997-2002
OriginalFilename : agentnt.exe

#:26 [ccapp.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1568
ThreadCreationTime : 19-03-2005 13:10:03
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:27 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 1620
ThreadCreationTime : 19-03-2005 13:10:05
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:28 [agrsmmsg.exe]
FilePath : C:\WINNT\
ProcessID : 864
ThreadCreationTime : 19-03-2005 13:10:10
BasePriority : Normal
FileVersion : 2.1.31 2.1.31 06/27/2003 08:53:31
ProductVersion : 2.1.31 2.1.31 06/27/2003 08:53:31
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:29 [rundll32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1660
ThreadCreationTime : 19-03-2005 13:10:11
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:30 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1684
ThreadCreationTime : 19-03-2005 13:10:14
BasePriority : Normal

#:31 [realsched.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 1732
ThreadCreationTime : 19-03-2005 13:10:17
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:32 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1772
ThreadCreationTime : 19-03-2005 13:10:19
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:33 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1816
ThreadCreationTime : 19-03-2005 13:10:23
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:34 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1404
ThreadCreationTime : 19-03-2005 13:10:31
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:35 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1752
ThreadCreationTime : 19-03-2005 13:10:34
BasePriority : Normal
FileVersion : 7.0.0604
ProductVersion : 7.0.0604
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:36 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ProcessID : 928
ThreadCreationTime : 19-03-2005 13:10:44
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:37 [olfsnt40.exe]
FilePath : C:\Program Files\Microsoft Office\Office\1036\
ProcessID : 1856
ThreadCreationTime : 19-03-2005 13:10:48
BasePriority : Normal
FileVersion : 9.0.98.0105
ProductVersion : 9.0.98.0105
ProductName : Symantec Fax Starter Edition Printer Driver
CompanyName : Microsoft Corporation
FileDescription : Symantec Fax Starter Edition Port Launcher
InternalName : OLFSNT40.DLL
LegalCopyright : Copyright (C) Symantec Corp. 1990-1998
OriginalFilename : OLFSNT40.DLL

#:38 [msoffice.exe]
FilePath : C:\Program Files\Microsoft Office\Office\1036\
ProcessID : 1912
ThreadCreationTime : 19-03-2005 13:10:55
BasePriority : Normal
FileVersion : 9.0.2601
ProductVersion : 9.0.2601
ProductName : Microsoft Office 2000
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office 2000 component
InternalName : MSOFFICE
LegalCopyright : Copyright© 1994-1999 Microsoft Corporation. Tous droits réservés.
OriginalFilename : MSOFFICE.EXE

#:39 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 1792
ThreadCreationTime : 19-03-2005 14:42:16
BasePriority : Normal

#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 340
ThreadCreationTime : 19-03-2005 15:08:18
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f65fcb-d130-11d8-ba48-8be0c49af370}

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f65fcb-d130-11d8-ba48-8be0c49af370}
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{28f65fbe-d130-11d8-ba48-8be0c49af370}

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.onclick.1

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.onclick.1
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.onclick

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.onclick
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cf70455e-edc1-4067-b824-cd0314bc3b2e}

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cf70455e-edc1-4067-b824-cd0314bc3b2e}
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : serch_hook.transurl.1

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : serch_hook.transurl.1
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : serch_hook.transurl

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : serch_hook.transurl
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c7edab2e-d7f9-11d8-ba48-c79b0c409d70}

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c7edab2e-d7f9-11d8-ba48-c79b0c409d70}
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c7edab21-d7f9-11d8-ba48-c79b0c409d70}

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05aae5e5-47a1-4f65-8c32-8913ead54dbf}

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05aae5e5-47a1-4f65-8c32-8913ead54dbf}
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12345678-0000-0010-8000-00aaff6d2ea4}

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a77bd0a1-a8fa-48c0-8fff-5a4ddcad4581}

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a77bd0a1-a8fa-48c0-8fff-5a4ddcad4581}
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c7edab2d-d7f9-11d8-ba48-c79b0c409d70}

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c7edab2d-d7f9-11d8-ba48-c79b0c409d70}
Value :

IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28f65fca-d130-11d8-ba48-8be0c49af370}

IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28f65fca-d130-11d8-ba48-8be0c49af370}
Value :

Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.bl

Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.bl
Value :

Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.bl.1

Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.bl.1
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\internet explorer\main
Value : HOMEOldSP

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : HOMEOldSP

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 31
Objects found so far: 65

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65

Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 01A8CD05-956A-4FBA-97A2-A3CF40
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\00D3B821-C842-4E9C-8365-287E41\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : B7DF7F36-659B-4440-84E3-946BEB
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\00D3B821-C842-4E9C-8365-287E41\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 410575C1-3C8E-4BD1-A06A-0BA63A
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\73A9A4E3-B23F-43CF-8827-7E9103\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 99E1835A-F269-4477-B5CD-02FA51
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\73A9A4E3-B23F-43CF-8827-7E9103\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 3BE32A8B-5003-47A5-81F3-76B884
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\746F13DB-320B-47A7-83CB-BD19AE\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 6A8F5C29-ECAB-4316-B2FC-BF8824
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\746F13DB-320B-47A7-83CB-BD19AE\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 35193D22-4D4D-4D93-B662-C46661
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9F7072FE-22DA-4AB3-866B-D4E260\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 383C7833-249C-46D1-9B98-5A21AD
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9F7072FE-22DA-4AB3-866B-D4E260\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : D5C52F47-7E3C-439D-A13C-CB1312
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\B35BFB36-0D5E-4A11-918D-3EC3A6\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : E41C9C0D-9ECE-415F-B4CF-CBC95D
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\B35BFB36-0D5E-4A11-918D-3EC3A6\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL

IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 8D1D8375-1D34-4655-A424-518A1F
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\B77A548D-A90E-4331-891A-ACDF54\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 76

Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 76

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain
Value : CLSID

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : conc

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 91

16:30:52 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:08.831
Objects scanned:108890
Objects identified:57
Objects ignored:0
New critical objects:57

Publicité

acrobaze

Passe l'uninstall Hotoffers:
http://www.hotoffers.info/uninstall/index.html

et poste un log HijackThis.

FORUM HardWare.fr

Windows & Software

Sécurité

Les spyware reviennent

Sujets relatifs
Spyware Firefox	Galère de spyware, de l'aide pour lire mon log hijack???
problème virus ou spyware ??	Marre des virus et spyware
Un spyware ... ERF	j'ai un spyware comment le virer?!
[spyware et cie] Pas moyen de m'en debarasser	Pb IE 6 + pop up : Virus ou spyware
spyware supprimés en mode sans échec mais qui reviennent enmode normal	Spyware qui reviennent
Plus de sujets relatifs à : Les spyware reviennent

Page générée en 0.104 secondes