Analyse log HijackThis svp

[killmat]

J'ai des pages qui s'ouvre toute seul, et des animation flash de pub aussi, j'ai essayer tout les anti spyware a jour mais sa ne marche pas voila mon log HijackThis :

 

Logfile of HijackThis v1.99.1

Scan saved at 16:49:02, on 19/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\LVComS.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\PROGRA~1\FICHIE~1\qrmu\qrmua.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\g4400ehmeh4a0.dll

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

 

Merci d'avance en espérant que vous aller m'aider.

[ipl_001]

Bonsoir killmat, bonsoir à tous,

 

Bien sûr que nous allons t'aider !

 

S'il te plaît, applique la procédure "Pré-Nettoyage d'un PC infecté" -> http://forum.zebulon.fr/index.php?showtopic=69176

 

Lorsque tu auras déroulé la procédure indiquée et posté le rapport HijackThis résultant, nous l'analyserons et te dirons que faire !

[killmat]

Merci je fais la procédure tout de suite.

[killmat]

Voila mon log aprés la procédure apparament il y a toujour le spyware:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:11:47, on 19/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\ir28l5fu1.dll

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

[Jack_Burton]

Bonsoir killmat & ipl_001

 

Infection par Look2Me!

 

Nous allons opérer en 2 parties :

-Eradication de Look2Me

-nettoyage des autres saletés dans le rapport!

 

killmat je t invite a suivre cette procédure :

 

Télécharge SpySweeper (de Webroot) ICI (version d'essai - 14 jours):

• Clic sur le lien Free Trial sous la rubrique "SpySweeper".
  
• Installe le programme. Une fois installé, il se lancera.
  
• L'option de le mettre à jour s'affichera; clic Yes.
  
• Lorsque les mises à jour seront installées, clic Options sur la gauche.
  
• Clic sur l'onglet Sweep Options.
  
• Sous What to Sweep, coche les options suivantes:
  • 
    
  • Sweep Memory
    
  • Sweep Registry
    
  • Sweep Cookies
    
  • Sweep All User Accounts
    
  • Enable Direct Disk Sweeping
    
  • Sweep Contents of Compressed Files
    
  • Sweep for Rootkits
    
  • DÉCOCHE Do not Sweep System Restore Folder.
    

  [*]Clic Sweep Now sur la gauche.

  [*]Clic sur Start.

  [*]Quand le scan est terminé, clic sur Next.

  [*]Assure-toi que tous les items sont cochés, puis clic sur Next.

  [*]Tous les items cochés seront éliminés.

  [*]Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.

  [*]Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.

  [*]Clic sur l'onglet Summary, puis clic sur Finish.

  [*]Colle le contenu du "Session Log" dans ta prochaine réponse.

Tu me posteras également un nouveau rapport hijackthis!

[killmat]

Merci je crois que les spyware on était éradiquer, log spy sweper:

 

********

23:07: | Start of Session, samedi 19 novembre 2005 |

23:07: Spy Sweeper started

23:07: Sweep initiated using definitions version 574

23:07: Starting Memory Sweep

23:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:07: Found Adware: icannnews

23:07: Detected running threat: C:\WINDOWS\system32\mcltus40.dll (ID = 83)

23:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:08: Detected running threat: C:\WINDOWS\system32\kt0sl7d71.dll (ID = 83)

23:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:12: Memory Sweep Complete, Elapsed Time: 00:04:48

23:12: Starting Registry Sweep

23:12: Found Adware: command

23:12: HKLM\system\currentcontrolset\services\cmdservice\ (13 subtraces) (ID = 958670)

23:12: Registry Sweep Complete, Elapsed Time:00:00:17

23:12: Starting Cookie Sweep

23:12: Found Spy Cookie: xiti cookie

23:12: administrateur@xiti[1].txt (ID = 3717)

23:12: Cookie Sweep Complete, Elapsed Time: 00:00:00

23:12: Starting File Sweep

23:12: Found Adware: targetsaver

23:12: a0011928.exe (ID = 193995)

23:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:12: a0011929.exe (ID = 195128)

23:12: Found Adware: dollarrevenue

23:12: a0011927.exe (ID = 193259)

23:13: a0011697.exe (ID = 185985)

23:13: a0011930.exe (ID = 195132)

23:13: Found Adware: apropos

23:13: contextplus.exe (ID = 185940)

23:13: contextplus[1].exe (ID = 185940)

23:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:13: tsupdate2[2].ini (ID = 193498)

23:13: Found Adware: look2me

23:13: installer.exe (ID = 168558)

23:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:14: a0013980.dll (ID = 159)

23:15: kt0sl7d71.dll (ID = 159)

23:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:16: a0009535.exe (ID = 193501)

23:16: a0011918.exe (ID = 195131)

23:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:17: mcltus40.dll (ID = 159)

23:17: m246lchs1f46.dll (ID = 159)

23:17: a0011981.dll (ID = 163672)

23:17: kedhu1.dll (ID = 159)

23:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:17: a0011867.dll (ID = 163672)

23:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:18: a0012980.dll (ID = 159)

23:18: wingenerics.dll (ID = 50187)

23:18: qrmul.exe (ID = 195130)

23:18: class-barrel (ID = 78229)

23:18: qrmuc.dll (ID = 195129)

23:18: vocabulary (ID = 78283)

23:18: jtn4075qe.dll (ID = 159)

23:18: mv28l9fu1.dll (ID = 163672)

23:18: a0011976.dll (ID = 163672)

23:18: a0011919.dll (ID = 159)

23:18: installer[1].exe (ID = 168558)

23:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: a0011858.dll (ID = 159)

23:20: a0011862.dll (ID = 163672)

23:20: a0011857.dll (ID = 163672)

23:21: a0011696.vbs (ID = 185675)

23:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: Warning: Failed to access drive I:

23:24: Found System Monitor: potentially rootkit-masked files

23:24: 00000e99_437f6ed9_000e8b25 (ID = 0)

23:24: 00000914_437f71fa_0003567e (ID = 0)

23:24: 0000194d_437f71fe_0000b71b (ID = 0)

23:24: 0000401d_437f4196_0002625a (ID = 0)

23:24: data.bin (ID = 0)

23:25: lmhdimap.exe (ID = 0)

23:25: 000008ff_437f71d3_00057bcf (ID = 0)

23:25: 00004b9d_437f71d7_00089544 (ID = 0)

23:25: 00003b25_437f8d8a_000b71b0 (ID = 0)

23:25: 00004bcd_437f73b6_000487ab (ID = 0)

23:25: 00007e87_437f8af6_00029f63 (ID = 0)

23:25: 000013f4_437f7229_0007270e (ID = 0)

23:25: 00005279_437f722e_000a7d8c (ID = 0)

23:25: 00003a27_437f7231_00053ec6 (ID = 0)

23:25: 00004d59_437f7238_000ec82e (ID = 0)

23:25: 00005942_437f7239_000ca2dd (ID = 0)

23:25: 00001649_437f1e8a_000af79e (ID = 0)

23:25: 00003d6c_437f1e53_00029f63 (ID = 0)

23:25: 000075ef_437f3c1b_00094c5f (ID = 0)

23:25: 00005422_437f294f_000a7d8c (ID = 0)

23:25: 0000387c_437f723c_000ec82e (ID = 0)

23:25: 00006df1_437f1e93_00066ff3 (ID = 0)

23:25: 0000579c_437f723d_00076417 (ID = 0)

23:25: 0000134c_437f701d_0005f5e1 (ID = 0)

23:25: 0000366b_437f5023_0008583b (ID = 0)

23:25: 0000390c_437f8afd_0007de29 (ID = 0)

23:25: 000032c1_437f7258_000487ab (ID = 0)

23:25: 00003d6c_437f89d3_0008d24d (ID = 0)

23:25: 00002b00_437f5865_000cdfe6 (ID = 0)

23:25: 00002ea6_437f4659_00066ff3 (ID = 0)

23:25: 00006bfc_437f228a_0007270e (ID = 0)

23:25: 000037e5_437f57d0_000dd40a (ID = 0)

23:25: 000071f0_437f4196_000c65d4 (ID = 0)

23:25: 000063cb_437f209a_000a4083 (ID = 0)

23:25: 00007a5a_437f8d0c_0003567e (ID = 0)

23:25: 0000701f_437f1fec_0001312d (ID = 0)

23:25: 00005cfd_437f8f2e_0005f5e1 (ID = 0)

23:25: 00005991_437f92e2_0005f5e1 (ID = 0)

23:25: 00004230_437f502f_0009c671 (ID = 0)

23:25: 0000139d_437f2a82_0008583b (ID = 0)

23:25: 00002cd6_437f89d3_000e8b25 (ID = 0)

23:25: 00005173_437f701d_00076417 (ID = 0)

23:25: 00000f3e_437f8afe_0006acfc (ID = 0)

23:25: 00003ef6_437f2950_0000b71b (ID = 0)

23:25: 00003699_437f2a81_00031975 (ID = 0)

23:25: 00000384_437f4197_000632ea (ID = 0)

23:25: 00004cd4_437f572c_0005f5e1 (ID = 0)

23:25: 00005af1_437f1eae_0007a120 (ID = 0)

23:25: 00007f0d_437f6f3c_000cdfe6 (ID = 0)

23:25: 00001e1f_437f8db1_0007270e (ID = 0)

23:25: 00007ff5_437f228f_000bebc2 (ID = 0)

23:25: 00001ad4_437f49f5_00040d99 (ID = 0)

23:25: 000046c2_437f6493_000dd40a (ID = 0)

23:25: 000072ae_437f89d8_000a7d8c (ID = 0)

23:25: 000016d4_437f5879_0002dc6c (ID = 0)

23:25: 000018be_437f1663_000cdfe6 (ID = 0)

23:25: 00006784_437f1663_000cdfe6 (ID = 0)

23:25: 00006952_437f89d9_00016e36 (ID = 0)

23:25: 000058b0_437f2a7e_00031975 (ID = 0)

23:25: 000018be_437f89ad_00016e36 (ID = 0)

23:25: 00000099_437f8b2b_000c65d4 (ID = 0)

23:25: msppci.sys (ID = 0)

23:25: 00005991_437f2955_0001312d (ID = 0)

23:25: 0000074d_437f4945_0002dc6c (ID = 0)

23:25: 0000323b_437f229f_000e8b25 (ID = 0)

23:25: 00004ae1_437f1664_0005b8d8 (ID = 0)

23:25: dns (ID = 0)

23:25: 000032cf_437f70b2_000b34a7 (ID = 0)

23:25: 00004823_437f1c50_00031975 (ID = 0)

23:25: 00007f96_437f4ad3_000c65d4 (ID = 0)

23:25: hidkbdcr.exe (ID = 0)

23:25: 0000409d_437f2955_00057bcf (ID = 0)

23:25: 0000494a_437f559c_000bebc2 (ID = 0)

23:25: 000026ca_437f2a81_00003d09 (ID = 0)

23:25: 000012e1_437f2956_00007a12 (ID = 0)

23:25: 00004a0e_437f70ad_000c28cb (ID = 0)

23:25: 00002f14_437fa0b6_000501bd (ID = 0)

23:25: 00006e7e_437f647e_0004c4b4 (ID = 0)

23:25: 00000124_437f8b32_000d9701 (ID = 0)

23:25: 00005f32_437f8f2f_00029f63 (ID = 0)

23:25: 00007ff5_437f4add_000f0537 (ID = 0)

23:25: 00007bb9_437f2a81_00081b32 (ID = 0)

23:25: 00003d6c_437f1665_00040d99 (ID = 0)

23:25: 00002213_437f4b12_000d9701 (ID = 0)

23:25: 00004e45_437f4ae0_0008583b (ID = 0)

23:25: 00006784_437f89b2_000a4083 (ID = 0)

23:25: 00002d12_437f8c7f_0005f5e1 (ID = 0)

23:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:25: 00003bf6_437f8f34_000d1cef (ID = 0)

23:25: 00002cd6_437f4519_00031975 (ID = 0)

23:25: 000010d9_437f64d4_000487ab (ID = 0)

23:25: 00006b36_437f288c_00003d09 (ID = 0)

23:25: 00005fa4_437f572c_0008d24d (ID = 0)

23:25: index (ID = 0)

23:25: 000041bb_437f1eb5_00066ff3 (ID = 0)

23:25: 00002cd6_437f166b_0001e848 (ID = 0)

23:25: 00001366_437f9102_000d1cef (ID = 0)

23:25: 00000ddc_437f4f35_000f0537 (ID = 0)

23:25: 00005db2_437f39fb_000e1113 (ID = 0)

23:25: 000026e9_437f1eb7_0008d24d (ID = 0)

23:25: 00004ae1_437f89bf_000a037a (ID = 0)

23:25: 00003a9e_437f4e01_00089544 (ID = 0)

23:25: 00007833_437f6fb4_00031975 (ID = 0)

23:25: 0000390c_437f1f07_0009c671 (ID = 0)

23:25: 0000759a_437f259c_000ec82e (ID = 0)

23:25: 00002d12_437f1f5f_00029f63 (ID = 0)

23:25: 000072ae_437f1670_0003d090 (ID = 0)

23:25: 00001649_437f45ea_0000b71b (ID = 0)

23:25: 00007049_437f2ac4_00007a12 (ID = 0)

23:25: 00005cfd_437f288d_00044aa2 (ID = 0)

23:25: 00003bf6_437f4db9_000d59f8 (ID = 0)

23:25: 000063cb_437f6fcb_00098968 (ID = 0)

23:25: 00002c3b_437f5031_000ca2dd (ID = 0)

23:25: 000048cc_437f9fef_000ec82e (ID = 0)

23:25: 000016c5_437f52b3_000b71b0 (ID = 0)

23:25: 0000074d_437f8c80_0001ab3f (ID = 0)

23:25: 00005c67_437f538b_00000000 (ID = 0)

23:25: 0000305e_437f492d_000487ab (ID = 0)

23:25: 00000a41_437f6e45_000cdfe6 (ID = 0)

23:25: 00004a80_437f34a0_000cdfe6 (ID = 0)

23:25: 00007eb7_437f9191_000dd40a (ID = 0)

23:25: 00006f11_437f6010_000baeb9 (ID = 0)

23:25: 00003699_437f5186_000e8b25 (ID = 0)

23:25: 00005af1_437f45f2_000a4083 (ID = 0)

23:25: 00005f90_437f16a8_000af79e (ID = 0)

23:25: 00007a61_437f62d8_000baeb9 (ID = 0)

23:25: 0000139d_437f9652_000af79e (ID = 0)

23:25: 00001cd0_437f9104_00003d09 (ID = 0)

23:25: 000015fd_437f6e58_00089544 (ID = 0)

23:25: 0000260d_437f22de_000baeb9 (ID = 0)

23:25: 0000314f_437f900a_0009c671 (ID = 0)

23:25: 000063cb_437f49fe_000a7d8c (ID = 0)

23:25: 00007049_437f9653_00057bcf (ID = 0)

23:25: 000056ae_437f4c0e_000f0537 (ID = 0)

23:25: 000073da_437f2a07_000ca2dd (ID = 0)

23:25: 000015a1_437f2917_000aba95 (ID = 0)

23:25: 00001ad4_437f8dc2_0007270e (ID = 0)

23:25: 00006b89_437f22e6_000632ea (ID = 0)

23:25: 0000153c_437f1edd_00040d99 (ID = 0)

23:25: 000041bb_437f45f2_000cdfe6 (ID = 0)

23:25: 00007e87_437f1edd_000bebc2 (ID = 0)

23:25: 0000030a_437f22ed_000a037a (ID = 0)

23:25: 00004823_437f44f8_00044aa2 (ID = 0)

23:25: 000018be_437f44f9_000e4e1c (ID = 0)

23:25: 00003cd6_437f3a0a_000bebc2 (ID = 0)

23:25: 0000368e_437f3bf2_0008d24d (ID = 0)

23:25: 00005d03_437f207b_0005b8d8 (ID = 0)

23:25: 0000301c_437f22f4_0006acfc (ID = 0)

23:25: 00005f32_437f2893_000501bd (ID = 0)

23:25: 00000fbf_437f3a0c_000baeb9 (ID = 0)

23:25: 0000440d_437f8b3a_000e8b25 (ID = 0)

23:25: 0000692c_437f9653_0005f5e1 (ID = 0)

23:25: 0000288f_437f54f4_000c65d4 (ID = 0)

23:25: 00000bdb_437f22fe_0004c4b4 (ID = 0)

23:25: 00005f90_437f89e5_00003d09 (ID = 0)

23:25: 00000732_437f8f12_000e4e1c (ID = 0)

23:25: 00003a61_437f54f4_000e1113 (ID = 0)

23:25: 000048e6_437f702c_000aba95 (ID = 0)

23:25: 00003bf6_437f2893_00076417 (ID = 0)

23:25: 0000442b_437f57d5_00076417 (ID = 0)

23:25: 00002db5_437f6494_00007a12 (ID = 0)

23:25: 00006b36_437f4d9e_0005b8d8 (ID = 0)

23:25: 00006bfc_437f4a1b_00094c5f (ID = 0)

23:25: 000056ae_437f2305_000a7d8c (ID = 0)

23:25: 00000d66_437f3bf3_000f0537 (ID = 0)

23:25: 000031d8_437f71d7_00016e36 (ID = 0)

23:25: 00007e87_437f4839_000aba95 (ID = 0)

23:25: 00006784_437f4504_0001312d (ID = 0)

23:25: 00000732_437f4c10_00000000 (ID = 0)

23:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:25: 0000701f_437f49c7_00090f56 (ID = 0)

23:26: 0000428b_437f8cb9_000bebc2 (ID = 0)

23:26: 00006bfc_437f8dc3_000a037a (ID = 0)

23:26: 00003a9e_437f2893_0007de29 (ID = 0)

23:26: 00003a61_437f416f_000b34a7 (ID = 0)

23:26: 00006b72_437f554a_0005b8d8 (ID = 0)

23:26: 00002f14_437f3a0d_00057bcf (ID = 0)

23:26: 000026e9_437f4622_000e1113 (ID = 0)

23:26: 00007e0e_437f694a_0006ea05 (ID = 0)

23:26: 00007dd1_437f4170_0005f5e1 (ID = 0)

23:26: 00007871_437f6c04_00066ff3 (ID = 0)

23:26: 0000486a_437f5d0b_00076417 (ID = 0)

23:26: 0000797d_437f4e02_000b71b0 (ID = 0)

23:26: 00003b25_437f208c_000c65d4 (ID = 0)

23:26: 00003ef6_437f50ad_0001e848 (ID = 0)

23:26: 0000261e_437f4170_000c65d4 (ID = 0)

23:26: 00000c15_437f5888_0007de29 (ID = 0)

23:26: 000054dc_437f53ba_000aba95 (ID = 0)

23:26: 00007bb9_437f518b_00089544 (ID = 0)

23:26: 0000422d_437fa1a9_0000b71b (ID = 0)

23:26: 00007a5a_437f207e_00057bcf (ID = 0)

23:26: 00005e9d_437f4171_0001e848 (ID = 0)

23:26: 00003cd5_437f974c_000a037a (ID = 0)

23:26: 00006899_437f52c8_000501bd (ID = 0)

23:26: 00003605_437f702e_000f0537 (ID = 0)

23:26: 00006ad6_437f3a14_00066ff3 (ID = 0)

23:26: 00006032_437f5031_00089544 (ID = 0)

23:26: 0000047e_437f3a14_000af79e (ID = 0)

23:26: 00005753_437f9ff7_00000000 (ID = 0)

23:26: 00005d2b_437f6ce9_0006ea05 (ID = 0)

23:26: 000022ee_437f25ec_000ca2dd (ID = 0)

23:26: 000007cf_437f5732_0005b8d8 (ID = 0)

23:26: 000004b0_437f715b_0002dc6c (ID = 0)

23:26: 00007049_437f518f_000f0537 (ID = 0)

23:26: 00000940_437f62dd_00031975 (ID = 0)

23:26: 0000368e_437f53bb_00076417 (ID = 0)

23:26: 00000677_437f561a_00089544 (ID = 0)

23:26: 000013e9_437f52da_00031975 (ID = 0)

23:26: 00005e14_437f4f6a_000487ab (ID = 0)

23:26: 0000422d_437f53af_000632ea (ID = 0)

23:26: 0000638c_437f6cea_0002dc6c (ID = 0)

23:26: 00003a4c_437f6fd1_000c28cb (ID = 0)

23:26: 00006d22_437f5750_000aba95 (ID = 0)

23:26: 00005f23_437f64d5_00039387 (ID = 0)

23:26: 000022cd_437f54fb_000aba95 (ID = 0)

23:26: 00000822_437f50c2_00003d09 (ID = 0)

23:26: 0000366b_437f911c_00057bcf (ID = 0)

23:26: 00007eb7_437f5030_00007a12 (ID = 0)

23:26: 00007dd1_437f54fb_000bebc2 (ID = 0)

23:26: 00000728_437f64f4_000aba95 (ID = 0)

23:26: 00001953_437f5719_000dd40a (ID = 0)

23:26: 00003e12_437f8f2e_00090f56 (ID = 0)

23:26: 000001eb_437f1ed5_00040d99 (ID = 0)

23:26: 000026a6_437f8cbb_0000f424 (ID = 0)

23:26: 00002213_437f8df5_0000b71b (ID = 0)

23:26: 00000902_437f5189_000b34a7 (ID = 0)

23:26: 000013e9_437f974d_00031975 (ID = 0)

23:26: 00001a49_437f4da1_00029f63 (ID = 0)

23:26: 00004a80_437f5205_00094c5f (ID = 0)

23:26: 00002ea6_437f8ab2_00066ff3 (ID = 0)

23:26: 00005991_437f50c4_00000000 (ID = 0)

23:26: 00004402_437f561a_000b34a7 (ID = 0)

23:26: 00000fbf_437f538f_000ec82e (ID = 0)

23:26: 00001af6_437f6e83_000e8b25 (ID = 0)

23:26: 00006c69_437f5430_000ca2dd (ID = 0)

23:26: 00004080_437f52db_00031975 (ID = 0)

23:26: 00003e12_437f4d9f_000af79e (ID = 0)

23:26: 00005f1e_437f571f_00029f63 (ID = 0)

23:26: 0000261e_437f5510_00066ff3 (ID = 0)

23:26: 00007983_437f3bf9_00029f63 (ID = 0)

23:26: 00007f96_437f8dc3_000f0537 (ID = 0)

23:26: 000056ae_437f8f12_000ca2dd (ID = 0)

23:26: 000075ef_437f5409_0000b71b (ID = 0)

23:26: 00000ecc_437f5750_000d9701 (ID = 0)

23:26: cmpnet1.exe (ID = 0)

23:26: 00007282_437f5b38_0007de29 (ID = 0)

23:26: 00000e12_437f571a_00094c5f (ID = 0)

23:26: 00005e9d_437f5510_00094c5f (ID = 0)

23:26: 000032e6_437f5554_0000f424 (ID = 0)

23:26: 000048cc_437f39fc_00098968 (ID = 0)

23:26: 00001481_437f57eb_000d59f8 (ID = 0)

23:26: 00004080_437f974d_000487ab (ID = 0)

23:26: 00006f68_437f6e82_00029f63 (ID = 0)

23:26: 000004f0_437f6f43_0000b71b (ID = 0)

23:26: 000011f4_437f5723_000bebc2 (ID = 0)

23:26: 0000323b_437f4ae3_000c28cb (ID = 0)

23:26: 0000491c_437f8b58_000b71b0 (ID = 0)

23:26: 00004ae1_437f1e50_000c65d4 (ID = 0)

23:26: 0000797d_437f28a9_00081b32 (ID = 0)

23:26: 00000099_437f1f1e_000501bd (ID = 0)

23:26: 000073d9_437f5d73_00029f63 (ID = 0)

23:26: 000074ad_437f6011_0002625a (ID = 0)

23:26: 000019da_437f5b94_00016e36 (ID = 0)

23:26: 0000260d_437f8df5_0007de29 (ID = 0)

23:26: 00000f3e_437f4869_00098968 (ID = 0)

23:26: 000022cd_437f4170_0001ab3f (ID = 0)

23:26: 00003807_437f588b_00094c5f (ID = 0)

23:26: 000078b4_437f707a_00007a12 (ID = 0)

23:26: 000012db_437f8ab4_000501bd (ID = 0)

23:26: 00001f16_437f5f6e_000ca2dd (ID = 0)

23:26: 00001916_437f4171_000af79e (ID = 0)

23:26: 00005064_437f5b9e_00066ff3 (ID = 0)

23:26: 00001850_437f585e_000ec82e (ID = 0)

23:26: 00007983_437f5406_00016e36 (ID = 0)

23:26: 0000260d_437f4b14_0007de29 (ID = 0)

23:26: 0000183a_437f6f46_000a7d8c (ID = 0)

23:26: 00002fe7_437f64ce_0008d24d (ID = 0)

23:26: 00000120_437f23f5_0006acfc (ID = 0)

23:26: 00002852_437f6062_0006acfc (ID = 0)

23:26: 000049d0_437f6c2a_000632ea (ID = 0)

23:26: 00005af1_437f8a59_000dd40a (ID = 0)

23:26: 0000440d_437f1f29_00016e36 (ID = 0)

23:26: 000072ae_437f1e5a_00022551 (ID = 0)

23:26: 00006952_437f1e5b_00040d99 (ID = 0)

23:26: 00005f90_437f1e61_00007a12 (ID = 0)

23:26: 00004cad_437f28c7_000d1cef (ID = 0)

23:26: 00004d06_437f1f34_000a037a (ID = 0)

23:26: 00003e12_437f2892_0006ea05 (ID = 0)

23:26: 00003004_437f5d17_0007270e (ID = 0)

23:26: 00004db7_437f1f3e_000baeb9 (ID = 0)

23:26: 0000314f_437f28cc_0006ea05 (ID = 0)

23:26: 00001547_437f1f48_000e4e1c (ID = 0)

23:26: 000054de_437f1f51_0002dc6c (ID = 0)

23:26: 00000099_437f487b_0006acfc (ID = 0)

23:26: 000001eb_437f4651_000cdfe6 (ID = 0)

23:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:26: 00005e14_437f28cc_000ca2dd (ID = 0)

23:26: 00000bb3_437f4653_000c28cb (ID = 0)

23:26: 00004df2_437f28e6_000bebc2 (ID = 0)

23:26: 00007cb8_437f6e5d_000b71b0 (ID = 0)

23:26: 00004dc8_437f1f69_00007a12 (ID = 0)

23:26: 00006443_437f1f69_00039387 (ID = 0)

23:26: 00001cd0_437f28ed_00076417 (ID = 0)

23:26: 00006d69_437f5c84_000a4083 (ID = 0)

23:26: 000066bb_437f1f74_00007a12 (ID = 0)

23:26: 000066c4_437f28ed_000af79e (ID = 0)

23:26: 00001796_437f5d1c_000a7d8c (ID = 0)

23:26: 00004230_437f28f0_0007de29 (ID = 0)

23:26: 0000074d_437f1f66_00007a12 (ID = 0)

23:26: 00006032_437f28f0_00094c5f (ID = 0)

23:26: 00006a15_437f5c86_000dd40a (ID = 0)

23:26: 00004ff8_437f5c8e_00003d09 (ID = 0)

23:26: 00003d6c_437f4511_000e8b25 (ID = 0)

23:26: 000018be_437f1e49_00007a12 (ID = 0)

23:26: 00004dc8_437f8c84_00003d09 (ID = 0)

23:26: 00004531_437f708f_000ca2dd (ID = 0)

23:26: 00001238_437f49d8_00039387 (ID = 0)

23:26: 000046cf_437f579c_0007a120 (ID = 0)

23:26: 0000759a_437f8f15_0001e848 (ID = 0)

23:26: 00003ef6_437f92d2_000bebc2 (ID = 0)

23:26: 00004d67_437f5f82_000a037a (ID = 0)

23:26: 00000af0_437f6d3d_00044aa2 (ID = 0)

23:26: 00003cd6_437fa009_000cdfe6 (ID = 0)

23:26: 000041bb_437f8aaa_000baeb9 (ID = 0)

23:26: 00007874_437f571f_00081b32 (ID = 0)

23:26: 00004e45_437f8dcb_000b34a7 (ID = 0)

23:26: 00004ae1_437f4504_00016e36 (ID = 0)

23:26: 00005c67_437f39fd_0007a120 (ID = 0)

23:26: 00006ad6_437f53a4_00044aa2 (ID = 0)

23:26: 0000123b_437f6c2b_000c65d4 (ID = 0)

23:26: 00005f49_437f4f34_0001ab3f (ID = 0)

23:26: 00001fb4_437f6f52_00003d09 (ID = 0)

23:26: 000010d9_437f64fa_00029f63 (ID = 0)

23:26: 0000767d_437f8d12_0006acfc (ID = 0)

23:26: 000046a7_437f6d3d_000f0537 (ID = 0)

23:26: 0000007b_437f6eb1_00031975 (ID = 0)

23:26: 000001d3_437f57b5_0007de29 (ID = 0)

23:26: 000043db_437f6cbf_000b71b0 (ID = 0)

23:26: 0000401d_437f5554_0003567e (ID = 0)

23:26: 00005968_437f5fa2_000ca2dd (ID = 0)

23:26: 00004eae_437f6049_000a4083 (ID = 0)

23:26: 00004d54_437f5ba0_0000b71b (ID = 0)

23:26: 000079d1_437f64d8_0000f424 (ID = 0)

23:26: 00001d18_437f5b3b_0006acfc (ID = 0)

23:27: 00003308_437f6b8d_000b71b0 (ID = 0)

23:27: 00003a2d_437f57b7_000aba95 (ID = 0)

23:27: 00006270_437f5b3c_0000b71b (ID = 0)

23:27: 00006048_437f57b8_0000f424 (ID = 0)

23:27: 000057c2_437f6cc0_00090f56 (ID = 0)

23:27: 00006014_437f6ecf_000aba95 (ID = 0)

23:27: 00001927_437f7161_0007a120 (ID = 0)

23:27: 0000190b_437f6fb7_0001e848 (ID = 0)

23:27: 00005878_437f8f29_0007de29 (ID = 0)

23:27: 000057d3_437f57b8_00029f63 (ID = 0)

23:27: 00000878_437f66e3_0005f5e1 (ID = 0)

23:27: 00000633_437f5ac3_000ec82e (ID = 0)

23:27: 0000458f_437f57b8_00057bcf (ID = 0)

23:27: 00005fa8_437f648d_000632ea (ID = 0)

23:27: 00000975_437f57b8_00076417 (ID = 0)

23:27: 00005005_437f5885_000a4083 (ID = 0)

23:27: 00004ad4_437f5fa4_00066ff3 (ID = 0)

23:27: 000048db_437f6063_0005b8d8 (ID = 0)

23:27: 000044aa_437f70ae_0005b8d8 (ID = 0)

23:27: 000020ad_437f70b2_000632ea (ID = 0)

23:27: 0000357e_437f6c56_00031975 (ID = 0)

23:27: 000037e6_437f57bc_0008583b (ID = 0)

23:27: 00006784_437f1e49_000d9701 (ID = 0)

23:27: 00004af3_437f6b99_000d59f8 (ID = 0)

23:27: 00006443_437f8c94_000bebc2 (ID = 0)

23:27: 00000d66_437f53fb_00040d99 (ID = 0)

23:27: 00002c49_437f5425_0003d090 (ID = 0)

23:27: 00000822_437f92d2_000e8b25 (ID = 0)

23:27: 00000c7b_437f5885_000a4083 (ID = 0)

23:27: ace.dll (ID = 0)

23:27: 000013a6_437f6fac_000632ea (ID = 0)

23:27: 0000323b_437f8dcf_0005b8d8 (ID = 0)

23:27: 00005772_437f9560_000e8b25 (ID = 0)

23:27: 00004c85_437f5bb6_000b71b0 (ID = 0)

23:27: 0000489c_437f5531_00090f56 (ID = 0)

23:27: 00005410_437f6fcf_000d59f8 (ID = 0)

23:27: 00006b72_437f417e_0003d090 (ID = 0)

23:27: 00001e1f_437f49ee_00029f63 (ID = 0)

23:27: 000066bb_437f8c95_00066ff3 (ID = 0)

23:27: 00004509_437f8d12_000e1113 (ID = 0)

23:27: 0000121f_437f937a_00040d99 (ID = 0)

23:27: 00005e73_437f5d2f_000d59f8 (ID = 0)

23:27: 00006172_437f417d_00098968 (ID = 0)

23:27: 00003cd5_437f52ca_00057bcf (ID = 0)

23:27: 000032e6_437f4182_000cdfe6 (ID = 0)

23:27: 000071f0_437f556b_0004c4b4 (ID = 0)

23:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:27: 000022ee_437f8f28_00076417 (ID = 0)

23:27: 00005d03_437f49c8_00040d99 (ID = 0)

23:27: 00004944_437f4fe1_000c65d4 (ID = 0)

23:27: 0000030a_437f8eb6_0000f424 (ID = 0)

23:27: 00004d06_437f8bc3_00053ec6 (ID = 0)

23:27: 00004944_437f90a5_000c65d4 (ID = 0)

23:27: 00001547_437f4930_00016e36 (ID = 0)

23:27: 00002cf7_437f5fa8_0007270e (ID = 0)

23:27: 00003c61_437f5425_0009c671 (ID = 0)

23:27: 000060bf_437fa007_0007de29 (ID = 0)

23:27: 0000153c_437f4838_00057bcf (ID = 0)

23:27: 00004823_437f8984_000501bd (ID = 0)

23:27: 00001366_437f4fec_000baeb9 (ID = 0)

23:27: 0000470e_437f5d37_0000f424 (ID = 0)

23:27: 000033cd_437f6ee7_000baeb9 (ID = 0)

23:27: 0000591d_437f57cb_000e4e1c (ID = 0)

23:27: 000026e9_437f8aaf_0005f5e1 (ID = 0)

23:27: 00005f32_437f4da9_000a4083 (ID = 0)

23:27: 00000384_437f559c_00094c5f (ID = 0)

23:27: 0000047e_437f53a5_000ec82e (ID = 0)

23:27: 00002fff_437f5430_00081b32 (ID = 0)

23:27: 00001916_437f5531_000baeb9 (ID = 0)

23:27: 00001238_437f8d69_00029f63 (ID = 0)

23:27: 000048cc_437f538a_000af79e (ID = 0)

23:27: 000058b0_437f9387_00022551 (ID = 0)

23:27: 00006b36_437f8f29_000a037a (ID = 0)

23:27: 00006e5d_437f49ee_000e1113 (ID = 0)

23:27: 00007a5a_437f49c8_000d1cef (ID = 0)

23:27: 000033ea_437f39fc_00094c5f (ID = 0)

23:27: 00002d12_437f4930_000b34a7 (ID = 0)

23:27: 00000a87_437f6c57_000b71b0 (ID = 0)

23:27: 00004f66_437f6fae_000c28cb (ID = 0)

23:27: 0000182f_437f5f74_0003567e (ID = 0)

23:27: 00000390_437f64e8_0005f5e1 (ID = 0)

23:27: 000027d3_437f6ee8_000ca2dd (ID = 0)

23:27: 0000634f_437f6e63_00003d09 (ID = 0)

23:27: 00002e40_437f90ac_0007270e (ID = 0)

23:27: 00004c66_437f64fc_000ec82e (ID = 0)

23:27: 000039ce_437f5ba1_00044aa2 (ID = 0)

23:27: 000065ca_437f7160_000e8b25 (ID = 0)

23:27: 000023c9_437f39fc_00098968 (ID = 0)

23:27: 000030a7_437f6493_0002625a (ID = 0)

23:27: 0000745e_437f6fd0_0004c4b4 (ID = 0)

23:27: 00006172_437f554a_0002dc6c (ID = 0)

23:27: 00004087_437f57ec_0000f424 (ID = 0)

23:27: 000075ec_437f6fd2_00040d99 (ID = 0)

23:27: 00006ad4_437f572c_00016e36 (ID = 0)

23:27: 00001316_437f5fd4_000ec82e (ID = 0)

23:27: 00005503_437f6fd6_000e8b25 (ID = 0)

23:27: 00005422_437f9285_000af79e (ID = 0)

23:27: 00004e57_437f5fcf_0000b71b (ID = 0)

23:27: 00005d24_437f604a_00053ec6 (ID = 0)

23:27: 00005753_437f39fd_0004c4b4 (ID = 0)

23:27: 00002cd5_437f7109_00029f63 (ID = 0)

23:27: 00004f68_437f5fd0_000e4e1c (ID = 0)

23:27: 00007b44_437f57ec_00031975 (ID = 0)

23:27: 0000249e_437f571f_000d1cef (ID = 0)

23:27: 00006486_437f6493_000d9701 (ID = 0)

23:27: 000060bf_437f39fd_0006acfc (ID = 0)

23:27: 0000456d_437f6948_00076417 (ID = 0)

23:27: 00002059_437f572c_000a037a (ID = 0)

23:27: 00005c5e_437f64fd_0001ab3f (ID = 0)

23:27: 00006d4e_437f64fd_0001e848 (ID = 0)

23:27: 00005753_437f538a_000b34a7 (ID = 0)

23:27: 00005579_437f6051_00029f63 (ID = 0)

23:27: 0000252a_437f57d0_00098968 (ID = 0)

23:27: 00007153_437f6fb3_0000b71b (ID = 0)

23:27: 00003f4a_437f5fb0_0003567e (ID = 0)

23:27: 00006ea1_437f64fc_0003d090 (ID = 0)

23:27: 000052a1_437f6fcc_00029f63 (ID = 0)

23:27: 00005478_437f6c58_0007270e (ID = 0)

23:27: 0000765f_437f57f8_0009c671 (ID = 0)

23:27: 00007cfe_437f6052_0001e848 (ID = 0)

23:27: 000054dc_437f3b68_00090f56 (ID = 0)

23:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:27: 000058e6_437f6dd0_0001e848 (ID = 0)

23:27: 00000ce1_437f6479_000ca2dd (ID = 0)

23:27: 00005c46_437f5c97_000a037a (ID = 0)

23:27: 00005772_437f518c_0003d090 (ID = 0)

23:27: 000060bf_437f538a_000f0537 (ID = 0)

23:27: 00006be8_437f56c2_000aba95 (ID = 0)

23:27: 00003bb1_437f5bb3_000632ea (ID = 0)

23:27: 00003c61_437f416b_00022551 (ID = 0)

23:27: 00004fc0_437f647a_000e8b25 (ID = 0)

23:27: 00004509_437f49cb_000b34a7 (ID = 0)

23:27: 00007014_437f62df_00057bcf (ID = 0)

23:27: 00001bfc_437f6dd3_00098968 (ID = 0)

23:27: 00004b40_437f8f29_00003d09 (ID = 0)

23:27: 0000301c_437f8eb7_000d9701 (ID = 0)

23:27: 00006ad6_437fa185_00039387 (ID = 0)

23:27: 00005039_437f56c3_0003567e (ID = 0)

23:27: 00002fff_437f416b_00081b32 (ID = 0)

23:27: 00004509_437f2080_000487ab (ID = 0)

23:27: 00006bcb_437f571a_00031975 (ID = 0)

23:27: 0000773b_437f588c_00044aa2 (ID = 0)

23:27: 00006df1_437f45ed_00007a12 (ID = 0)

23:27: 00005f90_437f45ac_0009c671 (ID = 0)

23:27: 00007987_437f752f_0008d24d (ID = 0)

23:27: 000012db_437f1edb_00098968 (ID = 0)

23:27: 00000f3e_437f1f0a_000c65d4 (ID = 0)

23:27: 00000124_437f1f20_0005b8d8 (ID = 0)

23:27: 0000491c_437f1f2b_0008583b (ID = 0)

23:27: 000039b3_437f1f59_0008583b (ID = 0)

23:27: 0000428b_437f1fa7_000ca2dd (ID = 0)

23:27: 0000198c_437f752c_000c28cb (ID = 0)

23:27: 00006df1_437f89f9_000632ea (ID = 0)

23:27: 00001238_437f2083_000b34a7 (ID = 0)

23:27: 00006af8_437f73b4_000c28cb (ID = 0)

23:27: 00001e1f_437f208c_000e1113 (ID = 0)

23:27: 00006e5d_437f208f_000c28cb (ID = 0)

23:27: ai_19-11-2005.log (ID = 0)

23:27: 0000187e_437f393d_000e4e1c (ID = 0)

23:27: 00002350_437f259d_0006acfc (ID = 0)

23:27: 00000ddc_437f28ad_00057bcf (ID = 0)

23:28: 00004944_437f28e7_000baeb9 (ID = 0)

23:28: 00002e40_437f28e8_0001e848 (ID = 0)

23:28: 00001366_437f28ed_00066ff3 (ID = 0)

23:28: 0000366b_437f28ed_00089544 (ID = 0)

23:28: 00007eb7_437f28f0_00089544 (ID = 0)

23:28: 00002c3b_437f28f1_00089544 (ID = 0)

23:28: 0000390c_437f483a_000bebc2 (ID = 0)

23:28: 00000822_437f2951_0002dc6c (ID = 0)

23:28: 0000798b_437f2956_00022551 (ID = 0)

23:28: 00000902_437f2a81_0003d090 (ID = 0)

23:28: 00005772_437f2a81_0008583b (ID = 0)

23:28: 00004657_437f3fb5_000a037a (ID = 0)

23:28: 000016c5_437f393d_000ec82e (ID = 0)

23:28: 00006899_437f393e_0003567e (ID = 0)

23:28: 000013e9_437f393e_0007270e (ID = 0)

23:28: 00003cd5_437f393e_00039387 (ID = 0)

23:28: 00004080_437f39fb_000af79e (ID = 0)

23:28: 0000422d_437f3af4_00090f56 (ID = 0)

23:28: 00000677_437f4293_00044aa2 (ID = 0)

23:28: 0000494a_437f4290_000f0537 (ID = 0)

23:28: 00000bb3_437f8ab0_0000f424 (ID = 0)

23:28: 00001547_437f8bdb_0001e848 (ID = 0)

23:28: 00005d03_437f8cce_000a7d8c (ID = 0)

23:28: 00006e5d_437f8dc1_0005f5e1 (ID = 0)

23:28: 000063cb_437f8dc3_000487ab (ID = 0)

23:28: 00007ff5_437f8dc4_00007a12 (ID = 0)

23:28: 00003a9e_437f8f44_00000000 (ID = 0)

23:28: 00006b89_437f8eb4_000c28cb (ID = 0)

23:28: 00000bdb_437f4b22_0006ea05 (ID = 0)

23:28: 0000030a_437f4b18_000b71b0 (ID = 0)

23:28: 00001a49_437f8f2e_00098968 (ID = 0)

23:28: 00000120_437f4c85_0002dc6c (ID = 0)

23:28: 0000797d_437f8f44_00022551 (ID = 0)

23:28: 00005f49_437f8f45_000d59f8 (ID = 0)

23:28: 00004cad_437f8fa8_000e1113 (ID = 0)

23:28: 00004df2_437f909c_0006ea05 (ID = 0)

23:28: 00006899_437f974c_00022551 (ID = 0)

23:28: 00005db2_437f974d_000af79e (ID = 0)

23:28: 000033ea_437f974d_000b34a7 (ID = 0)

23:28: 000033ea_437f5386_0000b71b (ID = 0)

23:28: 000023c9_437f5387_000a7d8c (ID = 0)

23:28: 00003cd6_437f538e_000a4083 (ID = 0)

23:28: 00002f14_437f5391_0009c671 (ID = 0)

23:28: 00000fc9_437f571a_0007de29 (ID = 0)

23:28: 00002b0c_437f5723_0005f5e1 (ID = 0)

23:28: 00005a9f_437f572c_0003d090 (ID = 0)

23:28: 0000127e_437f572c_000a7d8c (ID = 0)

23:28: 00006732_437f573c_000e1113 (ID = 0)

23:28: 00001dc0_437f57d1_0002625a (ID = 0)

23:28: 0000251f_437f5b3a_0003d090 (ID = 0)

23:28: 00005876_437f5fd1_0007270e (ID = 0)

23:28: 000066fa_437f5fd3_000aba95 (ID = 0)

23:28: 00006c6c_437f64fc_0002625a (ID = 0)

23:28: 000013f5_437f6df9_0005f5e1 (ID = 0)

23:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:30: 200511191431.zip (ID = 185985)

23:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: File Sweep Complete, Elapsed Time: 00:37:40

23:50: Full Sweep has completed. Elapsed time 00:42:54

23:50: Traces Found: 605

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: Removal process initiated

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: Quarantining All Traces: icannnews

23:59: icannnews is in use. It will be removed on reboot.

23:59: C:\WINDOWS\system32\mcltus40.dll is in use. It will be removed on reboot.

23:59: C:\WINDOWS\system32\kt0sl7d71.dll is in use. It will be removed on reboot.

23:59: Quarantining All Traces: look2me

23:59: look2me is in use. It will be removed on reboot.

23:59: kt0sl7d71.dll is in use. It will be removed on reboot.

23:59: m246lchs1f46.dll is in use. It will be removed on reboot.

23:59: Quarantining All Traces: potentially rootkit-masked files

00:13: potentially rootkit-masked files is in use. It will be removed on reboot.

00:13: 00000e99_437f6ed9_000e8b25 is in use. It will be removed on reboot.

00:13: 00000914_437f71fa_0003567e is in use. It will be removed on reboot.

00:13: 0000194d_437f71fe_0000b71b is in use. It will be removed on reboot.

00:13: 0000401d_437f4196_0002625a is in use. It will be removed on reboot.

00:13: data.bin is in use.<

Modifié le 19 novembre 2005 par killmat

[Thanos]

salut killmat

 

Reposte un nouveau log hijack en mode normal, je ne pourrais pas l'analyser, mais ca aidera Jack

[killmat]

Et voila:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:28:40, on 20/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\WINDOWS\system32\LVComS.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[Jack_Burton]

Bonjour a tous, bonjour Killmat, et Charles

 

Bon, Look2Me a été éradiqué!

J analyse le reste du rapport, réponse dans un moment!

[Jack_Burton]

Re bonjour,

 

3 choses a mettre en avant sur ton rapport :

 

-NetTransport : ce méfier des logiciels de gestionnaires de téléchargement! Certains sont porteurs de spywares! Cela ne semble pas etre le cas de NetTransport mais mieux vaut etre prudent!

 

-France Telecom Routing Table Service (FTRTSVC) : alala, le fameux service installé a l insu de l utilisateur par Wanadoo! Il n est pas infectueux mais il arrive que ce service et le processus FTRTSVC.exe auquel il est associé provoque des dysfonctionnements a la machine de l utilisateur, c est pourquoi je le fais systématiquement supprimer du systeme!

 

-O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe<---- fichier infecté

 

Imprime ces instructions ou sauvegarde les dans un fichier texte de façon à pouvoir les consulter en mode sans échec.

 

1/ Télécharge et installe EasyCleaner de Toni Helenius: http://personal.inet.fi/business/toniarts/ecleane.htm

 

2/ Redémarre en mode sans échec.

 

3/ Vérifie d'avoir accès à tous les fichiers

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

 

4/ Dans le menu Demarrer>Executer >tape: Services.msc

 

Recherche le service avec cette orthographe exacte:

-France Telecom Routing Table Service (FTRTSVC)

 

Double clic dessus et clic sur [arreter] puis dans :

type de demarrage --> sélectionne désactivé.

 

5/ Relance un scan HijackThis, clique sur "Do a system scan only" et coche les lignes ci-dessous :

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

 

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

 

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

 

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe<---cette ligne ne devrait plus apparaitre du fait que l on a stoppé le service en question

 

Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".

 

6/ Supprime le(s) fichier(s) & dossier incriminé(s) [s'il(s) existe(nt) encore] par l'Explorateur Windows :

 

-C:\WINDOWS\System32\FTRTSVC.exe

-C:\PROGRA~1\FICHIE~1\qrmu<----supprime tout le dossier

 

7/ Execute EasyCleaner: Utilise les fonctions "Inutiles" et "Registre" seulement. Ne touche pas à la fonction "doublons".

 

8/ Redémarre l'ordinateur en mode normal et poste un nouveau rapport HijackThis à titre de vérification.

 

 

Edit : n oublie pas que SpySweeper est un logiciel gratuit que pendant 14 jours! Ensuite, tu ne pourras plus bénéficier des mises a jour et de la protection en temps réel a moins de l acheter et de payer une licence!

Modifié le 20 novembre 2005 par Jack_Burton