Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse log HijackThis svp


killmat
 Partager

Messages recommandés

J'ai des pages qui s'ouvre toute seul, et des animation flash de pub aussi, j'ai essayer tout les anti spyware a jour mais sa ne marche pas voila mon log HijackThis :

 

Logfile of HijackThis v1.99.1

Scan saved at 16:49:02, on 19/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\LVComS.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\PROGRA~1\FICHIE~1\qrmu\qrmua.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\g4400ehmeh4a0.dll

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

 

Merci d'avance en espérant que vous aller m'aider.

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir killmat, bonsoir à tous,

 

Bien sûr que nous allons t'aider ! :P

 

S'il te plaît, applique la procédure "Pré-Nettoyage d'un PC infecté" -> http://forum.zebulon.fr/index.php?showtopic=69176

 

Lorsque tu auras déroulé la procédure indiquée et posté le rapport HijackThis résultant, nous l'analyserons et te dirons que faire !

Lien vers le commentaire
Partager sur d’autres sites

Voila mon log aprés la procédure apparament il y a toujour le spyware:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:11:47, on 19/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\ir28l5fu1.dll

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir killmat & ipl_001 :P

 

Infection par Look2Me!

 

Nous allons opérer en 2 parties :

-Eradication de Look2Me

-nettoyage des autres saletés dans le rapport!

 

killmat je t invite a suivre cette procédure :

 

Télécharge SpySweeper (de Webroot) ICI (version d'essai - 14 jours):

  • Clic sur le lien Free Trial sous la rubrique "SpySweeper".
  • Installe le programme. Une fois installé, il se lancera.
  • L'option de le mettre à jour s'affichera; clic Yes.
  • Lorsque les mises à jour seront installées, clic Options sur la gauche.
  • Clic sur l'onglet Sweep Options.
  • Sous What to Sweep, coche les options suivantes:

    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • DÉCOCHE Do not Sweep System Restore Folder.

    [*]Clic Sweep Now sur la gauche.

    [*]Clic sur Start.

    [*]Quand le scan est terminé, clic sur Next.

    [*]Assure-toi que tous les items sont cochés, puis clic sur Next.

    [*]Tous les items cochés seront éliminés.

    [*]Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.

    [*]Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.

    [*]Clic sur l'onglet Summary, puis clic sur Finish.

    [*]Colle le contenu du "Session Log" dans ta prochaine réponse.

Tu me posteras également un nouveau rapport hijackthis!

Lien vers le commentaire
Partager sur d’autres sites

Merci je crois que les spyware on était éradiquer, log spy sweper:

 

********

23:07: | Start of Session, samedi 19 novembre 2005 |

23:07: Spy Sweeper started

23:07: Sweep initiated using definitions version 574

23:07: Starting Memory Sweep

23:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:07: Found Adware: icannnews

23:07: Detected running threat: C:\WINDOWS\system32\mcltus40.dll (ID = 83)

23:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:08: Detected running threat: C:\WINDOWS\system32\kt0sl7d71.dll (ID = 83)

23:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:12: Memory Sweep Complete, Elapsed Time: 00:04:48

23:12: Starting Registry Sweep

23:12: Found Adware: command

23:12: HKLM\system\currentcontrolset\services\cmdservice\ (13 subtraces) (ID = 958670)

23:12: Registry Sweep Complete, Elapsed Time:00:00:17

23:12: Starting Cookie Sweep

23:12: Found Spy Cookie: xiti cookie

23:12: [email protected][1].txt (ID = 3717)

23:12: Cookie Sweep Complete, Elapsed Time: 00:00:00

23:12: Starting File Sweep

23:12: Found Adware: targetsaver

23:12: a0011928.exe (ID = 193995)

23:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:12: a0011929.exe (ID = 195128)

23:12: Found Adware: dollarrevenue

23:12: a0011927.exe (ID = 193259)

23:13: a0011697.exe (ID = 185985)

23:13: a0011930.exe (ID = 195132)

23:13: Found Adware: apropos

23:13: contextplus.exe (ID = 185940)

23:13: contextplus[1].exe (ID = 185940)

23:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:13: tsupdate2[2].ini (ID = 193498)

23:13: Found Adware: look2me

23:13: installer.exe (ID = 168558)

23:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:14: a0013980.dll (ID = 159)

23:15: kt0sl7d71.dll (ID = 159)

23:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:16: a0009535.exe (ID = 193501)

23:16: a0011918.exe (ID = 195131)

23:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:17: mcltus40.dll (ID = 159)

23:17: m246lchs1f46.dll (ID = 159)

23:17: a0011981.dll (ID = 163672)

23:17: kedhu1.dll (ID = 159)

23:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:17: a0011867.dll (ID = 163672)

23:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:18: a0012980.dll (ID = 159)

23:18: wingenerics.dll (ID = 50187)

23:18: qrmul.exe (ID = 195130)

23:18: class-barrel (ID = 78229)

23:18: qrmuc.dll (ID = 195129)

23:18: vocabulary (ID = 78283)

23:18: jtn4075qe.dll (ID = 159)

23:18: mv28l9fu1.dll (ID = 163672)

23:18: a0011976.dll (ID = 163672)

23:18: a0011919.dll (ID = 159)

23:18: installer[1].exe (ID = 168558)

23:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:20: a0011858.dll (ID = 159)

23:20: a0011862.dll (ID = 163672)

23:20: a0011857.dll (ID = 163672)

23:21: a0011696.vbs (ID = 185675)

23:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:24: Warning: Failed to access drive I:

23:24: Found System Monitor: potentially rootkit-masked files

23:24: 00000e99_437f6ed9_000e8b25 (ID = 0)

23:24: 00000914_437f71fa_0003567e (ID = 0)

23:24: 0000194d_437f71fe_0000b71b (ID = 0)

23:24: 0000401d_437f4196_0002625a (ID = 0)

23:24: data.bin (ID = 0)

23:25: lmhdimap.exe (ID = 0)

23:25: 000008ff_437f71d3_00057bcf (ID = 0)

23:25: 00004b9d_437f71d7_00089544 (ID = 0)

23:25: 00003b25_437f8d8a_000b71b0 (ID = 0)

23:25: 00004bcd_437f73b6_000487ab (ID = 0)

23:25: 00007e87_437f8af6_00029f63 (ID = 0)

23:25: 000013f4_437f7229_0007270e (ID = 0)

23:25: 00005279_437f722e_000a7d8c (ID = 0)

23:25: 00003a27_437f7231_00053ec6 (ID = 0)

23:25: 00004d59_437f7238_000ec82e (ID = 0)

23:25: 00005942_437f7239_000ca2dd (ID = 0)

23:25: 00001649_437f1e8a_000af79e (ID = 0)

23:25: 00003d6c_437f1e53_00029f63 (ID = 0)

23:25: 000075ef_437f3c1b_00094c5f (ID = 0)

23:25: 00005422_437f294f_000a7d8c (ID = 0)

23:25: 0000387c_437f723c_000ec82e (ID = 0)

23:25: 00006df1_437f1e93_00066ff3 (ID = 0)

23:25: 0000579c_437f723d_00076417 (ID = 0)

23:25: 0000134c_437f701d_0005f5e1 (ID = 0)

23:25: 0000366b_437f5023_0008583b (ID = 0)

23:25: 0000390c_437f8afd_0007de29 (ID = 0)

23:25: 000032c1_437f7258_000487ab (ID = 0)

23:25: 00003d6c_437f89d3_0008d24d (ID = 0)

23:25: 00002b00_437f5865_000cdfe6 (ID = 0)

23:25: 00002ea6_437f4659_00066ff3 (ID = 0)

23:25: 00006bfc_437f228a_0007270e (ID = 0)

23:25: 000037e5_437f57d0_000dd40a (ID = 0)

23:25: 000071f0_437f4196_000c65d4 (ID = 0)

23:25: 000063cb_437f209a_000a4083 (ID = 0)

23:25: 00007a5a_437f8d0c_0003567e (ID = 0)

23:25: 0000701f_437f1fec_0001312d (ID = 0)

23:25: 00005cfd_437f8f2e_0005f5e1 (ID = 0)

23:25: 00005991_437f92e2_0005f5e1 (ID = 0)

23:25: 00004230_437f502f_0009c671 (ID = 0)

23:25: 0000139d_437f2a82_0008583b (ID = 0)

23:25: 00002cd6_437f89d3_000e8b25 (ID = 0)

23:25: 00005173_437f701d_00076417 (ID = 0)

23:25: 00000f3e_437f8afe_0006acfc (ID = 0)

23:25: 00003ef6_437f2950_0000b71b (ID = 0)

23:25: 00003699_437f2a81_00031975 (ID = 0)

23:25: 00000384_437f4197_000632ea (ID = 0)

23:25: 00004cd4_437f572c_0005f5e1 (ID = 0)

23:25: 00005af1_437f1eae_0007a120 (ID = 0)

23:25: 00007f0d_437f6f3c_000cdfe6 (ID = 0)

23:25: 00001e1f_437f8db1_0007270e (ID = 0)

23:25: 00007ff5_437f228f_000bebc2 (ID = 0)

23:25: 00001ad4_437f49f5_00040d99 (ID = 0)

23:25: 000046c2_437f6493_000dd40a (ID = 0)

23:25: 000072ae_437f89d8_000a7d8c (ID = 0)

23:25: 000016d4_437f5879_0002dc6c (ID = 0)

23:25: 000018be_437f1663_000cdfe6 (ID = 0)

23:25: 00006784_437f1663_000cdfe6 (ID = 0)

23:25: 00006952_437f89d9_00016e36 (ID = 0)

23:25: 000058b0_437f2a7e_00031975 (ID = 0)

23:25: 000018be_437f89ad_00016e36 (ID = 0)

23:25: 00000099_437f8b2b_000c65d4 (ID = 0)

23:25: msppci.sys (ID = 0)

23:25: 00005991_437f2955_0001312d (ID = 0)

23:25: 0000074d_437f4945_0002dc6c (ID = 0)

23:25: 0000323b_437f229f_000e8b25 (ID = 0)

23:25: 00004ae1_437f1664_0005b8d8 (ID = 0)

23:25: dns (ID = 0)

23:25: 000032cf_437f70b2_000b34a7 (ID = 0)

23:25: 00004823_437f1c50_00031975 (ID = 0)

23:25: 00007f96_437f4ad3_000c65d4 (ID = 0)

23:25: hidkbdcr.exe (ID = 0)

23:25: 0000409d_437f2955_00057bcf (ID = 0)

23:25: 0000494a_437f559c_000bebc2 (ID = 0)

23:25: 000026ca_437f2a81_00003d09 (ID = 0)

23:25: 000012e1_437f2956_00007a12 (ID = 0)

23:25: 00004a0e_437f70ad_000c28cb (ID = 0)

23:25: 00002f14_437fa0b6_000501bd (ID = 0)

23:25: 00006e7e_437f647e_0004c4b4 (ID = 0)

23:25: 00000124_437f8b32_000d9701 (ID = 0)

23:25: 00005f32_437f8f2f_00029f63 (ID = 0)

23:25: 00007ff5_437f4add_000f0537 (ID = 0)

23:25: 00007bb9_437f2a81_00081b32 (ID = 0)

23:25: 00003d6c_437f1665_00040d99 (ID = 0)

23:25: 00002213_437f4b12_000d9701 (ID = 0)

23:25: 00004e45_437f4ae0_0008583b (ID = 0)

23:25: 00006784_437f89b2_000a4083 (ID = 0)

23:25: 00002d12_437f8c7f_0005f5e1 (ID = 0)

23:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:25: 00003bf6_437f8f34_000d1cef (ID = 0)

23:25: 00002cd6_437f4519_00031975 (ID = 0)

23:25: 000010d9_437f64d4_000487ab (ID = 0)

23:25: 00006b36_437f288c_00003d09 (ID = 0)

23:25: 00005fa4_437f572c_0008d24d (ID = 0)

23:25: index (ID = 0)

23:25: 000041bb_437f1eb5_00066ff3 (ID = 0)

23:25: 00002cd6_437f166b_0001e848 (ID = 0)

23:25: 00001366_437f9102_000d1cef (ID = 0)

23:25: 00000ddc_437f4f35_000f0537 (ID = 0)

23:25: 00005db2_437f39fb_000e1113 (ID = 0)

23:25: 000026e9_437f1eb7_0008d24d (ID = 0)

23:25: 00004ae1_437f89bf_000a037a (ID = 0)

23:25: 00003a9e_437f4e01_00089544 (ID = 0)

23:25: 00007833_437f6fb4_00031975 (ID = 0)

23:25: 0000390c_437f1f07_0009c671 (ID = 0)

23:25: 0000759a_437f259c_000ec82e (ID = 0)

23:25: 00002d12_437f1f5f_00029f63 (ID = 0)

23:25: 000072ae_437f1670_0003d090 (ID = 0)

23:25: 00001649_437f45ea_0000b71b (ID = 0)

23:25: 00007049_437f2ac4_00007a12 (ID = 0)

23:25: 00005cfd_437f288d_00044aa2 (ID = 0)

23:25: 00003bf6_437f4db9_000d59f8 (ID = 0)

23:25: 000063cb_437f6fcb_00098968 (ID = 0)

23:25: 00002c3b_437f5031_000ca2dd (ID = 0)

23:25: 000048cc_437f9fef_000ec82e (ID = 0)

23:25: 000016c5_437f52b3_000b71b0 (ID = 0)

23:25: 0000074d_437f8c80_0001ab3f (ID = 0)

23:25: 00005c67_437f538b_00000000 (ID = 0)

23:25: 0000305e_437f492d_000487ab (ID = 0)

23:25: 00000a41_437f6e45_000cdfe6 (ID = 0)

23:25: 00004a80_437f34a0_000cdfe6 (ID = 0)

23:25: 00007eb7_437f9191_000dd40a (ID = 0)

23:25: 00006f11_437f6010_000baeb9 (ID = 0)

23:25: 00003699_437f5186_000e8b25 (ID = 0)

23:25: 00005af1_437f45f2_000a4083 (ID = 0)

23:25: 00005f90_437f16a8_000af79e (ID = 0)

23:25: 00007a61_437f62d8_000baeb9 (ID = 0)

23:25: 0000139d_437f9652_000af79e (ID = 0)

23:25: 00001cd0_437f9104_00003d09 (ID = 0)

23:25: 000015fd_437f6e58_00089544 (ID = 0)

23:25: 0000260d_437f22de_000baeb9 (ID = 0)

23:25: 0000314f_437f900a_0009c671 (ID = 0)

23:25: 000063cb_437f49fe_000a7d8c (ID = 0)

23:25: 00007049_437f9653_00057bcf (ID = 0)

23:25: 000056ae_437f4c0e_000f0537 (ID = 0)

23:25: 000073da_437f2a07_000ca2dd (ID = 0)

23:25: 000015a1_437f2917_000aba95 (ID = 0)

23:25: 00001ad4_437f8dc2_0007270e (ID = 0)

23:25: 00006b89_437f22e6_000632ea (ID = 0)

23:25: 0000153c_437f1edd_00040d99 (ID = 0)

23:25: 000041bb_437f45f2_000cdfe6 (ID = 0)

23:25: 00007e87_437f1edd_000bebc2 (ID = 0)

23:25: 0000030a_437f22ed_000a037a (ID = 0)

23:25: 00004823_437f44f8_00044aa2 (ID = 0)

23:25: 000018be_437f44f9_000e4e1c (ID = 0)

23:25: 00003cd6_437f3a0a_000bebc2 (ID = 0)

23:25: 0000368e_437f3bf2_0008d24d (ID = 0)

23:25: 00005d03_437f207b_0005b8d8 (ID = 0)

23:25: 0000301c_437f22f4_0006acfc (ID = 0)

23:25: 00005f32_437f2893_000501bd (ID = 0)

23:25: 00000fbf_437f3a0c_000baeb9 (ID = 0)

23:25: 0000440d_437f8b3a_000e8b25 (ID = 0)

23:25: 0000692c_437f9653_0005f5e1 (ID = 0)

23:25: 0000288f_437f54f4_000c65d4 (ID = 0)

23:25: 00000bdb_437f22fe_0004c4b4 (ID = 0)

23:25: 00005f90_437f89e5_00003d09 (ID = 0)

23:25: 00000732_437f8f12_000e4e1c (ID = 0)

23:25: 00003a61_437f54f4_000e1113 (ID = 0)

23:25: 000048e6_437f702c_000aba95 (ID = 0)

23:25: 00003bf6_437f2893_00076417 (ID = 0)

23:25: 0000442b_437f57d5_00076417 (ID = 0)

23:25: 00002db5_437f6494_00007a12 (ID = 0)

23:25: 00006b36_437f4d9e_0005b8d8 (ID = 0)

23:25: 00006bfc_437f4a1b_00094c5f (ID = 0)

23:25: 000056ae_437f2305_000a7d8c (ID = 0)

23:25: 00000d66_437f3bf3_000f0537 (ID = 0)

23:25: 000031d8_437f71d7_00016e36 (ID = 0)

23:25: 00007e87_437f4839_000aba95 (ID = 0)

23:25: 00006784_437f4504_0001312d (ID = 0)

23:25: 00000732_437f4c10_00000000 (ID = 0)

23:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:25: 0000701f_437f49c7_00090f56 (ID = 0)

23:26: 0000428b_437f8cb9_000bebc2 (ID = 0)

23:26: 00006bfc_437f8dc3_000a037a (ID = 0)

23:26: 00003a9e_437f2893_0007de29 (ID = 0)

23:26: 00003a61_437f416f_000b34a7 (ID = 0)

23:26: 00006b72_437f554a_0005b8d8 (ID = 0)

23:26: 00002f14_437f3a0d_00057bcf (ID = 0)

23:26: 000026e9_437f4622_000e1113 (ID = 0)

23:26: 00007e0e_437f694a_0006ea05 (ID = 0)

23:26: 00007dd1_437f4170_0005f5e1 (ID = 0)

23:26: 00007871_437f6c04_00066ff3 (ID = 0)

23:26: 0000486a_437f5d0b_00076417 (ID = 0)

23:26: 0000797d_437f4e02_000b71b0 (ID = 0)

23:26: 00003b25_437f208c_000c65d4 (ID = 0)

23:26: 00003ef6_437f50ad_0001e848 (ID = 0)

23:26: 0000261e_437f4170_000c65d4 (ID = 0)

23:26: 00000c15_437f5888_0007de29 (ID = 0)

23:26: 000054dc_437f53ba_000aba95 (ID = 0)

23:26: 00007bb9_437f518b_00089544 (ID = 0)

23:26: 0000422d_437fa1a9_0000b71b (ID = 0)

23:26: 00007a5a_437f207e_00057bcf (ID = 0)

23:26: 00005e9d_437f4171_0001e848 (ID = 0)

23:26: 00003cd5_437f974c_000a037a (ID = 0)

23:26: 00006899_437f52c8_000501bd (ID = 0)

23:26: 00003605_437f702e_000f0537 (ID = 0)

23:26: 00006ad6_437f3a14_00066ff3 (ID = 0)

23:26: 00006032_437f5031_00089544 (ID = 0)

23:26: 0000047e_437f3a14_000af79e (ID = 0)

23:26: 00005753_437f9ff7_00000000 (ID = 0)

23:26: 00005d2b_437f6ce9_0006ea05 (ID = 0)

23:26: 000022ee_437f25ec_000ca2dd (ID = 0)

23:26: 000007cf_437f5732_0005b8d8 (ID = 0)

23:26: 000004b0_437f715b_0002dc6c (ID = 0)

23:26: 00007049_437f518f_000f0537 (ID = 0)

23:26: 00000940_437f62dd_00031975 (ID = 0)

23:26: 0000368e_437f53bb_00076417 (ID = 0)

23:26: 00000677_437f561a_00089544 (ID = 0)

23:26: 000013e9_437f52da_00031975 (ID = 0)

23:26: 00005e14_437f4f6a_000487ab (ID = 0)

23:26: 0000422d_437f53af_000632ea (ID = 0)

23:26: 0000638c_437f6cea_0002dc6c (ID = 0)

23:26: 00003a4c_437f6fd1_000c28cb (ID = 0)

23:26: 00006d22_437f5750_000aba95 (ID = 0)

23:26: 00005f23_437f64d5_00039387 (ID = 0)

23:26: 000022cd_437f54fb_000aba95 (ID = 0)

23:26: 00000822_437f50c2_00003d09 (ID = 0)

23:26: 0000366b_437f911c_00057bcf (ID = 0)

23:26: 00007eb7_437f5030_00007a12 (ID = 0)

23:26: 00007dd1_437f54fb_000bebc2 (ID = 0)

23:26: 00000728_437f64f4_000aba95 (ID = 0)

23:26: 00001953_437f5719_000dd40a (ID = 0)

23:26: 00003e12_437f8f2e_00090f56 (ID = 0)

23:26: 000001eb_437f1ed5_00040d99 (ID = 0)

23:26: 000026a6_437f8cbb_0000f424 (ID = 0)

23:26: 00002213_437f8df5_0000b71b (ID = 0)

23:26: 00000902_437f5189_000b34a7 (ID = 0)

23:26: 000013e9_437f974d_00031975 (ID = 0)

23:26: 00001a49_437f4da1_00029f63 (ID = 0)

23:26: 00004a80_437f5205_00094c5f (ID = 0)

23:26: 00002ea6_437f8ab2_00066ff3 (ID = 0)

23:26: 00005991_437f50c4_00000000 (ID = 0)

23:26: 00004402_437f561a_000b34a7 (ID = 0)

23:26: 00000fbf_437f538f_000ec82e (ID = 0)

23:26: 00001af6_437f6e83_000e8b25 (ID = 0)

23:26: 00006c69_437f5430_000ca2dd (ID = 0)

23:26: 00004080_437f52db_00031975 (ID = 0)

23:26: 00003e12_437f4d9f_000af79e (ID = 0)

23:26: 00005f1e_437f571f_00029f63 (ID = 0)

23:26: 0000261e_437f5510_00066ff3 (ID = 0)

23:26: 00007983_437f3bf9_00029f63 (ID = 0)

23:26: 00007f96_437f8dc3_000f0537 (ID = 0)

23:26: 000056ae_437f8f12_000ca2dd (ID = 0)

23:26: 000075ef_437f5409_0000b71b (ID = 0)

23:26: 00000ecc_437f5750_000d9701 (ID = 0)

23:26: cmpnet1.exe (ID = 0)

23:26: 00007282_437f5b38_0007de29 (ID = 0)

23:26: 00000e12_437f571a_00094c5f (ID = 0)

23:26: 00005e9d_437f5510_00094c5f (ID = 0)

23:26: 000032e6_437f5554_0000f424 (ID = 0)

23:26: 000048cc_437f39fc_00098968 (ID = 0)

23:26: 00001481_437f57eb_000d59f8 (ID = 0)

23:26: 00004080_437f974d_000487ab (ID = 0)

23:26: 00006f68_437f6e82_00029f63 (ID = 0)

23:26: 000004f0_437f6f43_0000b71b (ID = 0)

23:26: 000011f4_437f5723_000bebc2 (ID = 0)

23:26: 0000323b_437f4ae3_000c28cb (ID = 0)

23:26: 0000491c_437f8b58_000b71b0 (ID = 0)

23:26: 00004ae1_437f1e50_000c65d4 (ID = 0)

23:26: 0000797d_437f28a9_00081b32 (ID = 0)

23:26: 00000099_437f1f1e_000501bd (ID = 0)

23:26: 000073d9_437f5d73_00029f63 (ID = 0)

23:26: 000074ad_437f6011_0002625a (ID = 0)

23:26: 000019da_437f5b94_00016e36 (ID = 0)

23:26: 0000260d_437f8df5_0007de29 (ID = 0)

23:26: 00000f3e_437f4869_00098968 (ID = 0)

23:26: 000022cd_437f4170_0001ab3f (ID = 0)

23:26: 00003807_437f588b_00094c5f (ID = 0)

23:26: 000078b4_437f707a_00007a12 (ID = 0)

23:26: 000012db_437f8ab4_000501bd (ID = 0)

23:26: 00001f16_437f5f6e_000ca2dd (ID = 0)

23:26: 00001916_437f4171_000af79e (ID = 0)

23:26: 00005064_437f5b9e_00066ff3 (ID = 0)

23:26: 00001850_437f585e_000ec82e (ID = 0)

23:26: 00007983_437f5406_00016e36 (ID = 0)

23:26: 0000260d_437f4b14_0007de29 (ID = 0)

23:26: 0000183a_437f6f46_000a7d8c (ID = 0)

23:26: 00002fe7_437f64ce_0008d24d (ID = 0)

23:26: 00000120_437f23f5_0006acfc (ID = 0)

23:26: 00002852_437f6062_0006acfc (ID = 0)

23:26: 000049d0_437f6c2a_000632ea (ID = 0)

23:26: 00005af1_437f8a59_000dd40a (ID = 0)

23:26: 0000440d_437f1f29_00016e36 (ID = 0)

23:26: 000072ae_437f1e5a_00022551 (ID = 0)

23:26: 00006952_437f1e5b_00040d99 (ID = 0)

23:26: 00005f90_437f1e61_00007a12 (ID = 0)

23:26: 00004cad_437f28c7_000d1cef (ID = 0)

23:26: 00004d06_437f1f34_000a037a (ID = 0)

23:26: 00003e12_437f2892_0006ea05 (ID = 0)

23:26: 00003004_437f5d17_0007270e (ID = 0)

23:26: 00004db7_437f1f3e_000baeb9 (ID = 0)

23:26: 0000314f_437f28cc_0006ea05 (ID = 0)

23:26: 00001547_437f1f48_000e4e1c (ID = 0)

23:26: 000054de_437f1f51_0002dc6c (ID = 0)

23:26: 00000099_437f487b_0006acfc (ID = 0)

23:26: 000001eb_437f4651_000cdfe6 (ID = 0)

23:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:26: 00005e14_437f28cc_000ca2dd (ID = 0)

23:26: 00000bb3_437f4653_000c28cb (ID = 0)

23:26: 00004df2_437f28e6_000bebc2 (ID = 0)

23:26: 00007cb8_437f6e5d_000b71b0 (ID = 0)

23:26: 00004dc8_437f1f69_00007a12 (ID = 0)

23:26: 00006443_437f1f69_00039387 (ID = 0)

23:26: 00001cd0_437f28ed_00076417 (ID = 0)

23:26: 00006d69_437f5c84_000a4083 (ID = 0)

23:26: 000066bb_437f1f74_00007a12 (ID = 0)

23:26: 000066c4_437f28ed_000af79e (ID = 0)

23:26: 00001796_437f5d1c_000a7d8c (ID = 0)

23:26: 00004230_437f28f0_0007de29 (ID = 0)

23:26: 0000074d_437f1f66_00007a12 (ID = 0)

23:26: 00006032_437f28f0_00094c5f (ID = 0)

23:26: 00006a15_437f5c86_000dd40a (ID = 0)

23:26: 00004ff8_437f5c8e_00003d09 (ID = 0)

23:26: 00003d6c_437f4511_000e8b25 (ID = 0)

23:26: 000018be_437f1e49_00007a12 (ID = 0)

23:26: 00004dc8_437f8c84_00003d09 (ID = 0)

23:26: 00004531_437f708f_000ca2dd (ID = 0)

23:26: 00001238_437f49d8_00039387 (ID = 0)

23:26: 000046cf_437f579c_0007a120 (ID = 0)

23:26: 0000759a_437f8f15_0001e848 (ID = 0)

23:26: 00003ef6_437f92d2_000bebc2 (ID = 0)

23:26: 00004d67_437f5f82_000a037a (ID = 0)

23:26: 00000af0_437f6d3d_00044aa2 (ID = 0)

23:26: 00003cd6_437fa009_000cdfe6 (ID = 0)

23:26: 000041bb_437f8aaa_000baeb9 (ID = 0)

23:26: 00007874_437f571f_00081b32 (ID = 0)

23:26: 00004e45_437f8dcb_000b34a7 (ID = 0)

23:26: 00004ae1_437f4504_00016e36 (ID = 0)

23:26: 00005c67_437f39fd_0007a120 (ID = 0)

23:26: 00006ad6_437f53a4_00044aa2 (ID = 0)

23:26: 0000123b_437f6c2b_000c65d4 (ID = 0)

23:26: 00005f49_437f4f34_0001ab3f (ID = 0)

23:26: 00001fb4_437f6f52_00003d09 (ID = 0)

23:26: 000010d9_437f64fa_00029f63 (ID = 0)

23:26: 0000767d_437f8d12_0006acfc (ID = 0)

23:26: 000046a7_437f6d3d_000f0537 (ID = 0)

23:26: 0000007b_437f6eb1_00031975 (ID = 0)

23:26: 000001d3_437f57b5_0007de29 (ID = 0)

23:26: 000043db_437f6cbf_000b71b0 (ID = 0)

23:26: 0000401d_437f5554_0003567e (ID = 0)

23:26: 00005968_437f5fa2_000ca2dd (ID = 0)

23:26: 00004eae_437f6049_000a4083 (ID = 0)

23:26: 00004d54_437f5ba0_0000b71b (ID = 0)

23:26: 000079d1_437f64d8_0000f424 (ID = 0)

23:26: 00001d18_437f5b3b_0006acfc (ID = 0)

23:27: 00003308_437f6b8d_000b71b0 (ID = 0)

23:27: 00003a2d_437f57b7_000aba95 (ID = 0)

23:27: 00006270_437f5b3c_0000b71b (ID = 0)

23:27: 00006048_437f57b8_0000f424 (ID = 0)

23:27: 000057c2_437f6cc0_00090f56 (ID = 0)

23:27: 00006014_437f6ecf_000aba95 (ID = 0)

23:27: 00001927_437f7161_0007a120 (ID = 0)

23:27: 0000190b_437f6fb7_0001e848 (ID = 0)

23:27: 00005878_437f8f29_0007de29 (ID = 0)

23:27: 000057d3_437f57b8_00029f63 (ID = 0)

23:27: 00000878_437f66e3_0005f5e1 (ID = 0)

23:27: 00000633_437f5ac3_000ec82e (ID = 0)

23:27: 0000458f_437f57b8_00057bcf (ID = 0)

23:27: 00005fa8_437f648d_000632ea (ID = 0)

23:27: 00000975_437f57b8_00076417 (ID = 0)

23:27: 00005005_437f5885_000a4083 (ID = 0)

23:27: 00004ad4_437f5fa4_00066ff3 (ID = 0)

23:27: 000048db_437f6063_0005b8d8 (ID = 0)

23:27: 000044aa_437f70ae_0005b8d8 (ID = 0)

23:27: 000020ad_437f70b2_000632ea (ID = 0)

23:27: 0000357e_437f6c56_00031975 (ID = 0)

23:27: 000037e6_437f57bc_0008583b (ID = 0)

23:27: 00006784_437f1e49_000d9701 (ID = 0)

23:27: 00004af3_437f6b99_000d59f8 (ID = 0)

23:27: 00006443_437f8c94_000bebc2 (ID = 0)

23:27: 00000d66_437f53fb_00040d99 (ID = 0)

23:27: 00002c49_437f5425_0003d090 (ID = 0)

23:27: 00000822_437f92d2_000e8b25 (ID = 0)

23:27: 00000c7b_437f5885_000a4083 (ID = 0)

23:27: ace.dll (ID = 0)

23:27: 000013a6_437f6fac_000632ea (ID = 0)

23:27: 0000323b_437f8dcf_0005b8d8 (ID = 0)

23:27: 00005772_437f9560_000e8b25 (ID = 0)

23:27: 00004c85_437f5bb6_000b71b0 (ID = 0)

23:27: 0000489c_437f5531_00090f56 (ID = 0)

23:27: 00005410_437f6fcf_000d59f8 (ID = 0)

23:27: 00006b72_437f417e_0003d090 (ID = 0)

23:27: 00001e1f_437f49ee_00029f63 (ID = 0)

23:27: 000066bb_437f8c95_00066ff3 (ID = 0)

23:27: 00004509_437f8d12_000e1113 (ID = 0)

23:27: 0000121f_437f937a_00040d99 (ID = 0)

23:27: 00005e73_437f5d2f_000d59f8 (ID = 0)

23:27: 00006172_437f417d_00098968 (ID = 0)

23:27: 00003cd5_437f52ca_00057bcf (ID = 0)

23:27: 000032e6_437f4182_000cdfe6 (ID = 0)

23:27: 000071f0_437f556b_0004c4b4 (ID = 0)

23:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:27: 000022ee_437f8f28_00076417 (ID = 0)

23:27: 00005d03_437f49c8_00040d99 (ID = 0)

23:27: 00004944_437f4fe1_000c65d4 (ID = 0)

23:27: 0000030a_437f8eb6_0000f424 (ID = 0)

23:27: 00004d06_437f8bc3_00053ec6 (ID = 0)

23:27: 00004944_437f90a5_000c65d4 (ID = 0)

23:27: 00001547_437f4930_00016e36 (ID = 0)

23:27: 00002cf7_437f5fa8_0007270e (ID = 0)

23:27: 00003c61_437f5425_0009c671 (ID = 0)

23:27: 000060bf_437fa007_0007de29 (ID = 0)

23:27: 0000153c_437f4838_00057bcf (ID = 0)

23:27: 00004823_437f8984_000501bd (ID = 0)

23:27: 00001366_437f4fec_000baeb9 (ID = 0)

23:27: 0000470e_437f5d37_0000f424 (ID = 0)

23:27: 000033cd_437f6ee7_000baeb9 (ID = 0)

23:27: 0000591d_437f57cb_000e4e1c (ID = 0)

23:27: 000026e9_437f8aaf_0005f5e1 (ID = 0)

23:27: 00005f32_437f4da9_000a4083 (ID = 0)

23:27: 00000384_437f559c_00094c5f (ID = 0)

23:27: 0000047e_437f53a5_000ec82e (ID = 0)

23:27: 00002fff_437f5430_00081b32 (ID = 0)

23:27: 00001916_437f5531_000baeb9 (ID = 0)

23:27: 00001238_437f8d69_00029f63 (ID = 0)

23:27: 000048cc_437f538a_000af79e (ID = 0)

23:27: 000058b0_437f9387_00022551 (ID = 0)

23:27: 00006b36_437f8f29_000a037a (ID = 0)

23:27: 00006e5d_437f49ee_000e1113 (ID = 0)

23:27: 00007a5a_437f49c8_000d1cef (ID = 0)

23:27: 000033ea_437f39fc_00094c5f (ID = 0)

23:27: 00002d12_437f4930_000b34a7 (ID = 0)

23:27: 00000a87_437f6c57_000b71b0 (ID = 0)

23:27: 00004f66_437f6fae_000c28cb (ID = 0)

23:27: 0000182f_437f5f74_0003567e (ID = 0)

23:27: 00000390_437f64e8_0005f5e1 (ID = 0)

23:27: 000027d3_437f6ee8_000ca2dd (ID = 0)

23:27: 0000634f_437f6e63_00003d09 (ID = 0)

23:27: 00002e40_437f90ac_0007270e (ID = 0)

23:27: 00004c66_437f64fc_000ec82e (ID = 0)

23:27: 000039ce_437f5ba1_00044aa2 (ID = 0)

23:27: 000065ca_437f7160_000e8b25 (ID = 0)

23:27: 000023c9_437f39fc_00098968 (ID = 0)

23:27: 000030a7_437f6493_0002625a (ID = 0)

23:27: 0000745e_437f6fd0_0004c4b4 (ID = 0)

23:27: 00006172_437f554a_0002dc6c (ID = 0)

23:27: 00004087_437f57ec_0000f424 (ID = 0)

23:27: 000075ec_437f6fd2_00040d99 (ID = 0)

23:27: 00006ad4_437f572c_00016e36 (ID = 0)

23:27: 00001316_437f5fd4_000ec82e (ID = 0)

23:27: 00005503_437f6fd6_000e8b25 (ID = 0)

23:27: 00005422_437f9285_000af79e (ID = 0)

23:27: 00004e57_437f5fcf_0000b71b (ID = 0)

23:27: 00005d24_437f604a_00053ec6 (ID = 0)

23:27: 00005753_437f39fd_0004c4b4 (ID = 0)

23:27: 00002cd5_437f7109_00029f63 (ID = 0)

23:27: 00004f68_437f5fd0_000e4e1c (ID = 0)

23:27: 00007b44_437f57ec_00031975 (ID = 0)

23:27: 0000249e_437f571f_000d1cef (ID = 0)

23:27: 00006486_437f6493_000d9701 (ID = 0)

23:27: 000060bf_437f39fd_0006acfc (ID = 0)

23:27: 0000456d_437f6948_00076417 (ID = 0)

23:27: 00002059_437f572c_000a037a (ID = 0)

23:27: 00005c5e_437f64fd_0001ab3f (ID = 0)

23:27: 00006d4e_437f64fd_0001e848 (ID = 0)

23:27: 00005753_437f538a_000b34a7 (ID = 0)

23:27: 00005579_437f6051_00029f63 (ID = 0)

23:27: 0000252a_437f57d0_00098968 (ID = 0)

23:27: 00007153_437f6fb3_0000b71b (ID = 0)

23:27: 00003f4a_437f5fb0_0003567e (ID = 0)

23:27: 00006ea1_437f64fc_0003d090 (ID = 0)

23:27: 000052a1_437f6fcc_00029f63 (ID = 0)

23:27: 00005478_437f6c58_0007270e (ID = 0)

23:27: 0000765f_437f57f8_0009c671 (ID = 0)

23:27: 00007cfe_437f6052_0001e848 (ID = 0)

23:27: 000054dc_437f3b68_00090f56 (ID = 0)

23:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:27: 000058e6_437f6dd0_0001e848 (ID = 0)

23:27: 00000ce1_437f6479_000ca2dd (ID = 0)

23:27: 00005c46_437f5c97_000a037a (ID = 0)

23:27: 00005772_437f518c_0003d090 (ID = 0)

23:27: 000060bf_437f538a_000f0537 (ID = 0)

23:27: 00006be8_437f56c2_000aba95 (ID = 0)

23:27: 00003bb1_437f5bb3_000632ea (ID = 0)

23:27: 00003c61_437f416b_00022551 (ID = 0)

23:27: 00004fc0_437f647a_000e8b25 (ID = 0)

23:27: 00004509_437f49cb_000b34a7 (ID = 0)

23:27: 00007014_437f62df_00057bcf (ID = 0)

23:27: 00001bfc_437f6dd3_00098968 (ID = 0)

23:27: 00004b40_437f8f29_00003d09 (ID = 0)

23:27: 0000301c_437f8eb7_000d9701 (ID = 0)

23:27: 00006ad6_437fa185_00039387 (ID = 0)

23:27: 00005039_437f56c3_0003567e (ID = 0)

23:27: 00002fff_437f416b_00081b32 (ID = 0)

23:27: 00004509_437f2080_000487ab (ID = 0)

23:27: 00006bcb_437f571a_00031975 (ID = 0)

23:27: 0000773b_437f588c_00044aa2 (ID = 0)

23:27: 00006df1_437f45ed_00007a12 (ID = 0)

23:27: 00005f90_437f45ac_0009c671 (ID = 0)

23:27: 00007987_437f752f_0008d24d (ID = 0)

23:27: 000012db_437f1edb_00098968 (ID = 0)

23:27: 00000f3e_437f1f0a_000c65d4 (ID = 0)

23:27: 00000124_437f1f20_0005b8d8 (ID = 0)

23:27: 0000491c_437f1f2b_0008583b (ID = 0)

23:27: 000039b3_437f1f59_0008583b (ID = 0)

23:27: 0000428b_437f1fa7_000ca2dd (ID = 0)

23:27: 0000198c_437f752c_000c28cb (ID = 0)

23:27: 00006df1_437f89f9_000632ea (ID = 0)

23:27: 00001238_437f2083_000b34a7 (ID = 0)

23:27: 00006af8_437f73b4_000c28cb (ID = 0)

23:27: 00001e1f_437f208c_000e1113 (ID = 0)

23:27: 00006e5d_437f208f_000c28cb (ID = 0)

23:27: ai_19-11-2005.log (ID = 0)

23:27: 0000187e_437f393d_000e4e1c (ID = 0)

23:27: 00002350_437f259d_0006acfc (ID = 0)

23:27: 00000ddc_437f28ad_00057bcf (ID = 0)

23:28: 00004944_437f28e7_000baeb9 (ID = 0)

23:28: 00002e40_437f28e8_0001e848 (ID = 0)

23:28: 00001366_437f28ed_00066ff3 (ID = 0)

23:28: 0000366b_437f28ed_00089544 (ID = 0)

23:28: 00007eb7_437f28f0_00089544 (ID = 0)

23:28: 00002c3b_437f28f1_00089544 (ID = 0)

23:28: 0000390c_437f483a_000bebc2 (ID = 0)

23:28: 00000822_437f2951_0002dc6c (ID = 0)

23:28: 0000798b_437f2956_00022551 (ID = 0)

23:28: 00000902_437f2a81_0003d090 (ID = 0)

23:28: 00005772_437f2a81_0008583b (ID = 0)

23:28: 00004657_437f3fb5_000a037a (ID = 0)

23:28: 000016c5_437f393d_000ec82e (ID = 0)

23:28: 00006899_437f393e_0003567e (ID = 0)

23:28: 000013e9_437f393e_0007270e (ID = 0)

23:28: 00003cd5_437f393e_00039387 (ID = 0)

23:28: 00004080_437f39fb_000af79e (ID = 0)

23:28: 0000422d_437f3af4_00090f56 (ID = 0)

23:28: 00000677_437f4293_00044aa2 (ID = 0)

23:28: 0000494a_437f4290_000f0537 (ID = 0)

23:28: 00000bb3_437f8ab0_0000f424 (ID = 0)

23:28: 00001547_437f8bdb_0001e848 (ID = 0)

23:28: 00005d03_437f8cce_000a7d8c (ID = 0)

23:28: 00006e5d_437f8dc1_0005f5e1 (ID = 0)

23:28: 000063cb_437f8dc3_000487ab (ID = 0)

23:28: 00007ff5_437f8dc4_00007a12 (ID = 0)

23:28: 00003a9e_437f8f44_00000000 (ID = 0)

23:28: 00006b89_437f8eb4_000c28cb (ID = 0)

23:28: 00000bdb_437f4b22_0006ea05 (ID = 0)

23:28: 0000030a_437f4b18_000b71b0 (ID = 0)

23:28: 00001a49_437f8f2e_00098968 (ID = 0)

23:28: 00000120_437f4c85_0002dc6c (ID = 0)

23:28: 0000797d_437f8f44_00022551 (ID = 0)

23:28: 00005f49_437f8f45_000d59f8 (ID = 0)

23:28: 00004cad_437f8fa8_000e1113 (ID = 0)

23:28: 00004df2_437f909c_0006ea05 (ID = 0)

23:28: 00006899_437f974c_00022551 (ID = 0)

23:28: 00005db2_437f974d_000af79e (ID = 0)

23:28: 000033ea_437f974d_000b34a7 (ID = 0)

23:28: 000033ea_437f5386_0000b71b (ID = 0)

23:28: 000023c9_437f5387_000a7d8c (ID = 0)

23:28: 00003cd6_437f538e_000a4083 (ID = 0)

23:28: 00002f14_437f5391_0009c671 (ID = 0)

23:28: 00000fc9_437f571a_0007de29 (ID = 0)

23:28: 00002b0c_437f5723_0005f5e1 (ID = 0)

23:28: 00005a9f_437f572c_0003d090 (ID = 0)

23:28: 0000127e_437f572c_000a7d8c (ID = 0)

23:28: 00006732_437f573c_000e1113 (ID = 0)

23:28: 00001dc0_437f57d1_0002625a (ID = 0)

23:28: 0000251f_437f5b3a_0003d090 (ID = 0)

23:28: 00005876_437f5fd1_0007270e (ID = 0)

23:28: 000066fa_437f5fd3_000aba95 (ID = 0)

23:28: 00006c6c_437f64fc_0002625a (ID = 0)

23:28: 000013f5_437f6df9_0005f5e1 (ID = 0)

23:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:30: 200511191431.zip (ID = 185985)

23:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: File Sweep Complete, Elapsed Time: 00:37:40

23:50: Full Sweep has completed. Elapsed time 00:42:54

23:50: Traces Found: 605

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: Removal process initiated

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

23:59: Quarantining All Traces: icannnews

23:59: icannnews is in use. It will be removed on reboot.

23:59: C:\WINDOWS\system32\mcltus40.dll is in use. It will be removed on reboot.

23:59: C:\WINDOWS\system32\kt0sl7d71.dll is in use. It will be removed on reboot.

23:59: Quarantining All Traces: look2me

23:59: look2me is in use. It will be removed on reboot.

23:59: kt0sl7d71.dll is in use. It will be removed on reboot.

23:59: m246lchs1f46.dll is in use. It will be removed on reboot.

23:59: Quarantining All Traces: potentially rootkit-masked files

00:13: potentially rootkit-masked files is in use. It will be removed on reboot.

00:13: 00000e99_437f6ed9_000e8b25 is in use. It will be removed on reboot.

00:13: 00000914_437f71fa_0003567e is in use. It will be removed on reboot.

00:13: 0000194d_437f71fe_0000b71b is in use. It will be removed on reboot.

00:13: 0000401d_437f4196_0002625a is in use. It will be removed on reboot.

00:13: data.bin is in use.<

Modifié par killmat
Lien vers le commentaire
Partager sur d’autres sites

Et voila:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:28:40, on 20/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\WINDOWS\system32\LVComS.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Lien vers le commentaire
Partager sur d’autres sites

Bonjour a tous, bonjour Killmat, et Charles :P

 

Bon, Look2Me a été éradiqué!

J analyse le reste du rapport, réponse dans un moment!

Lien vers le commentaire
Partager sur d’autres sites

Re bonjour,

 

3 choses a mettre en avant sur ton rapport :

 

-NetTransport : ce méfier des logiciels de gestionnaires de téléchargement! Certains sont porteurs de spywares! Cela ne semble pas etre le cas de NetTransport mais mieux vaut etre prudent!

 

-France Telecom Routing Table Service (FTRTSVC) : alala, le fameux service installé a l insu de l utilisateur par Wanadoo! Il n est pas infectueux mais il arrive que ce service et le processus FTRTSVC.exe auquel il est associé provoque des dysfonctionnements a la machine de l utilisateur, c est pourquoi je le fais systématiquement supprimer du systeme!

 

-O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe<---- fichier infecté

 

Imprime ces instructions ou sauvegarde les dans un fichier texte de façon à pouvoir les consulter en mode sans échec.

 

1/ Télécharge et installe EasyCleaner de Toni Helenius: http://personal.inet.fi/business/toniarts/ecleane.htm

 

2/ Redémarre en mode sans échec.

 

3/ Vérifie d'avoir accès à tous les fichiers

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

 

4/ Dans le menu Demarrer>Executer >tape: Services.msc

 

Recherche le service avec cette orthographe exacte:

-France Telecom Routing Table Service (FTRTSVC)

 

Double clic dessus et clic sur [arreter] puis dans :

type de demarrage --> sélectionne désactivé.

 

5/ Relance un scan HijackThis, clique sur "Do a system scan only" et coche les lignes ci-dessous :

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

 

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [qrmu] C:\PROGRA~1\FICHIE~1\qrmu\qrmum.exe

 

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

 

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe<---cette ligne ne devrait plus apparaitre du fait que l on a stoppé le service en question

 

Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".

 

6/ Supprime le(s) fichier(s) & dossier incriminé(s) [s'il(s) existe(nt) encore] par l'Explorateur Windows :

 

-C:\WINDOWS\System32\FTRTSVC.exe

-C:\PROGRA~1\FICHIE~1\qrmu<----supprime tout le dossier

 

7/ Execute EasyCleaner: Utilise les fonctions "Inutiles" et "Registre" seulement. Ne touche pas à la fonction "doublons".

 

8/ Redémarre l'ordinateur en mode normal et poste un nouveau rapport HijackThis à titre de vérification.

 

 

Edit : n oublie pas que SpySweeper est un logiciel gratuit que pendant 14 jours! Ensuite, tu ne pourras plus bénéficier des mises a jour et de la protection en temps réel a moins de l acheter et de payer une licence!

Modifié par Jack_Burton
Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Partager

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...