PC infecté : demande d'analyse

jcld1 · le 12 mars 2006

bonjour

désolé pour hier mais je n'étais pas la

pour le scan de Spybot je l'avais déjà fais et il n'a a 1 éléments e accelerator

qu'il ne veut pas me supprimer

je te met le rapport de ad-aware et à la suite celui de f-secure spyware que j'ai trouvé sur mon PC et exécuté

ac

Ad-Aware SE Build 1.06r1

Logfile Created on:samedi 11 mars 2006 11:25:58

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R96 09.03.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):14 total references

Tracking Cookie(TAC index:3):14 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

11-03-2006 11:25:58 - Scan started. (Custom mode)

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 352

ThreadCreationTime : 11-03-2006 10:07:29

BasePriority : Normal

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 684

ThreadCreationTime : 11-03-2006 10:07:34

BasePriority : Normal

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 708

ThreadCreationTime : 11-03-2006 10:07:35

BasePriority : High

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 752

ThreadCreationTime : 11-03-2006 10:07:36

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Système d'exploitation Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Applications Services et Contrôleur

InternalName : services.exe

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 764

ThreadCreationTime : 11-03-2006 10:07:36

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 908

ThreadCreationTime : 11-03-2006 10:07:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 956

ThreadCreationTime : 11-03-2006 10:07:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 992

ThreadCreationTime : 11-03-2006 10:07:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1048

ThreadCreationTime : 11-03-2006 10:07:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1108

ThreadCreationTime : 11-03-2006 10:07:40

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:11 [brsvc01a.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1400

ThreadCreationTime : 11-03-2006 10:07:41

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 3

ProductName : brother Industries Ltd brsvc01a

CompanyName : brother Industries Ltd

FileDescription : brsvc01a

InternalName : brsvc01a

OriginalFilename : brsvc01a.exe

#:12 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1420

ThreadCreationTime : 11-03-2006 10:07:41

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

#:13 [brss01a.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1432

ThreadCreationTime : 11-03-2006 10:07:41

BasePriority : Normal

FileVersion : 1.004

ProductVersion : 1, 0, 0, 4

ProductName : brother Industries Ltd brss01a.exe

CompanyName : brother Industries Ltd

FileDescription : brss01a.exe

InternalName : brss01a.exe

LegalCopyright : Copyright ? 2001

OriginalFilename : brss01a.exe

Comments : Brsplproc XP wrapper

#:14 [servic~1.exe]

FilePath : C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\

ProcessID : 1604

ThreadCreationTime : 11-03-2006 10:07:42

BasePriority : Normal

#:15 [brmfrmps.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1616

ThreadCreationTime : 11-03-2006 10:07:42

BasePriority : Normal

FileVersion : 1.10.10.144

ProductVersion : 1.45.11.403

ProductName : Brother MFL Pro

CompanyName : Brother Industries, Ltd.

FileDescription : Brother Popup Suspend service ( for R/M )

InternalName : Brother Popup Suspend service for Brother MFL-PRO Resource Manager

OriginalFilename : BrmfRmps.exe

#:16 [cascsvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1628

ThreadCreationTime : 11-03-2006 10:07:42

BasePriority : Normal

#:17 [cbs.exe]

FilePath : C:\Program Files\Cobian Backup 7\

ProcessID : 1656

ThreadCreationTime : 11-03-2006 10:07:42

BasePriority : Normal

FileVersion : 7.3.0.156

ProductVersion : 7.0

ProductName : Cobian Backup 7 Service

CompanyName : Luis Cobian

FileDescription : Cobian Backup 7 Service

InternalName : Luz de Luna

OriginalFilename : cbs.exe

#:18 [ewidoctrl.exe]

FilePath : C:\Program Files\ewido anti-malware\

ProcessID : 1696

ThreadCreationTime : 11-03-2006 10:07:43

BasePriority : Normal

FileVersion : 3, 0, 0, 1

ProductVersion : 3, 0, 0, 1

ProductName : ewido control

CompanyName : ewido networks

FileDescription : ewido control

InternalName : ewido control

OriginalFilename : ewidoctrl.exe

#:19 [fsgk32st.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\

ProcessID : 1708

ThreadCreationTime : 11-03-2006 10:07:43

BasePriority : Normal

FileVersion : 1, 0, 7360, 0

ProductVersion : 1, 0, 7360, 56

ProductName : F-Secure Corp. Startup service

CompanyName : F-Secure Corp.

FileDescription : fsgk32st

InternalName : fsgk32

OriginalFilename : fsgk32st.exe

Comments : Startup service for Gatekeeper Handler

#:20 [fsbwsys.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\

ProcessID : 1724

ThreadCreationTime : 11-03-2006 10:07:43

BasePriority : Normal

FileVersion : 6.70.738

ProductVersion : 6.70

ProductName : F-Secure BackWeb

CompanyName : F-Secure Corp.

FileDescription : fsbwsys

InternalName : fsbwsys

OriginalFilename : fsbwsys.exe

#:21 [fsgk32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\

ProcessID : 1736

ThreadCreationTime : 11-03-2006 10:07:43

BasePriority : Normal

FileVersion : 6.10.11380

ProductVersion : 6.10.11380

ProductName : F-Secure Corp. fsgk32

CompanyName : F-Secure Corp.

FileDescription : Gatekeeper Handler II

InternalName : fsgk32

OriginalFilename : fsgk32.exe

Comments : release

#:22 [fsma32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Common\

ProcessID : 1748

ThreadCreationTime : 11-03-2006 10:07:43

BasePriority : Normal

FileVersion : 5.62.7676

ProductVersion : 5.62 Build 7676

ProductName : F-Secure Management Agent

CompanyName : F-Secure Corporation

FileDescription : F-Secure Management Agent

InternalName : VCH

LegalTrademarks : Windows is a trademark of Microsoft Corporation

OriginalFilename : FSMA32.EXE

#:23 [ghoststartservice.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\

ProcessID : 1824

ThreadCreationTime : 11-03-2006 10:07:43

BasePriority : Normal

FileVersion : 2003.775

ProductVersion : 2003.775

ProductName : Norton Ghost Start Service

CompanyName : Symantec Corporation

FileDescription : Norton Ghost Start

InternalName : GhostStartService

OriginalFilename : GhostStartService.exe

#:24 [fsmb32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Common\

ProcessID : 1836

ThreadCreationTime : 11-03-2006 10:07:43

BasePriority : Normal

FileVersion : 5.62.7676

ProductVersion : 5.62 Build 7676

ProductName : F-Secure Management Agent

CompanyName : F-Secure Corporation

FileDescription : F-Secure Message Broker

InternalName : FSMB

LegalTrademarks : Windows is a trademark of Microsoft Corporation

OriginalFilename : FSMB32.EXE

#:25 [fssm32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\

ProcessID : 1832

ThreadCreationTime : 11-03-2006 10:07:43

BasePriority : Normal

FileVersion : 6.10.11480

ProductVersion : 6.10.11480

ProductName : F-Secure Corp. fssm32

CompanyName : F-Secure Corp.

FileDescription : fssm32

InternalName : fssm32

OriginalFilename : fssm32.exe

Comments : release

#:26 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1940

ThreadCreationTime : 11-03-2006 10:07:44

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:27 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 380

ThreadCreationTime : 11-03-2006 10:07:44

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

OriginalFilename : WdfMgr.exe

#:28 [fch32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Common\

ProcessID : 408

ThreadCreationTime : 11-03-2006 10:07:45

BasePriority : Normal

FileVersion : 5.62.7676

ProductVersion : 5.62 Build 7676

ProductName : F-Secure Management Agent

CompanyName : F-Secure Corporation

FileDescription : F-Secure Configuration Handler

InternalName : FCH

LegalTrademarks : Windows is a trademark of Microsoft Corporation

OriginalFilename : FCH32.EXE

#:29 [wlancfg.exe]

FilePath : C:\Program Files\Inventel\Gateway\

ProcessID : 508

ThreadCreationTime : 11-03-2006 10:07:46

BasePriority : Normal

FileVersion : 4, 0, 0, 0

ProductVersion : 4, 0, 0, 0

ProductName : Application WLANCfg

CompanyName : Inventel

FileDescription : WLANCfg

InternalName : WLANCfg

LegalTrademarks : Inventel

OriginalFilename : WLANCfg.EXE

#:30 [fameh32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Common\

ProcessID : 604

ThreadCreationTime : 11-03-2006 10:07:48

BasePriority : Normal

FileVersion : 5.62.7676

ProductVersion : 5.62 Build 7676

ProductName : F-Secure Management Agent

CompanyName : F-Secure Corporation

FileDescription : F-Secure Alert and Management Extension Handler

InternalName : FAMEH

LegalTrademarks : Windows is a trademark of Microsoft Corporation

OriginalFilename : FAMEH32.EXE

#:31 [wmiprvse.exe]

FilePath : C:\WINDOWS\system32\wbem\

ProcessID : 1348

ThreadCreationTime : 11-03-2006 10:07:53

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

OriginalFilename : Wmiprvse.exe

#:32 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 2292

ThreadCreationTime : 11-03-2006 10:07:59

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Système d'exploitation Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Explorateur Windows

InternalName : explorer

OriginalFilename : EXPLORER.EXE

#:33 [fsdfwd.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\FWES\Program\

ProcessID : 2412

ThreadCreationTime : 11-03-2006 10:08:19

BasePriority : Normal

FileVersion : 5.70.600

ProductVersion : 5.70 Build 600

ProductName : F-Secure Anti-Virus Internet Shield

CompanyName : F-Secure Corporation

FileDescription : F-Secure Anti-Virus Internet Shield daemon

InternalName : fsdfwd

OriginalFilename : fsdfwd.exe

#:34 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2516

ThreadCreationTime : 11-03-2006 10:08:23

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

OriginalFilename : ALG.exe

#:35 [daemon.exe]

FilePath : C:\Program Files\D-Tools\

ProcessID : 2612

ThreadCreationTime : 11-03-2006 10:08:25

BasePriority : Normal

#:36 [lvcomsx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2636

ThreadCreationTime : 11-03-2006 10:08:31

BasePriority : Normal

FileVersion : 8.3.0.1096

ProductVersion : 8.3.0.1096

ProductName : Logitech QuickCam

CompanyName : Logitech Inc.

FileDescription : LVCom Server

InternalName : LVComS.exe

OriginalFilename : LVComS.exe

#:37 [logitray.exe]

FilePath : C:\Program Files\Logitech\Video\

ProcessID : 2672

ThreadCreationTime : 11-03-2006 10:08:33

BasePriority : Normal

FileVersion : 8.3.0.1098

ProductVersion : 8.3.0.1098

ProductName : Logitech QuickCam

CompanyName : Logitech Inc.

FileDescription : ImageStudio Tray Application

InternalName : LogiTray.exe

OriginalFilename : LogiTray.exe

#:38 [ghoststarttrayapp.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\

ProcessID : 2680

ThreadCreationTime : 11-03-2006 10:08:33

BasePriority : Normal

FileVersion : 2003.775

ProductVersion : 2003.775

ProductName : Norton Ghost Start

CompanyName : Symantec Corporation

FileDescription : Norton Ghost Start

InternalName : GhostStartTrayApp

OriginalFilename : GhostStartTrayApp.exe

#:39 [realsched.exe]

FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\

ProcessID : 2696

ThreadCreationTime : 11-03-2006 10:08:35

BasePriority : Normal

FileVersion : 0.1.0.3492

ProductVersion : 0.1.0.3492

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

#:40 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_06\bin\

ProcessID : 2716

ThreadCreationTime : 11-03-2006 10:08:36

BasePriority : Normal

#:41 [fsav32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\

ProcessID : 2744

ThreadCreationTime : 11-03-2006 10:08:36

BasePriority : Normal

FileVersion : 5.53.10480

ProductVersion : 5.53.10480

ProductName : F-Secure Anti-Virus

CompanyName : F-Secure Corporation

FileDescription : FSAV Handler

InternalName : FSAV32

OriginalFilename : FSAV32.exe

#:42 [fsm32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Common\

ProcessID : 2792

ThreadCreationTime : 11-03-2006 10:08:42

BasePriority : Normal

FileVersion : 5.62.7676

ProductVersion : 5.62 Build 7676

ProductName : F-Secure Management Agent

CompanyName : F-Secure Corporation

FileDescription : F-Secure Settings and Statistics

InternalName : FSM

LegalTrademarks : Windows is a trademark of Microsoft Corporation

OriginalFilename : FSM32.EXE

#:43 [ispnews.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\FSGUI\

ProcessID : 2808

ThreadCreationTime : 11-03-2006 10:08:42

BasePriority : Normal

FileVersion : 1, 0, 0, 14

ProductVersion : 1, 0, 0, 14

ProductName : News Service Application

CompanyName : F-Secure Corporation

FileDescription : News Service

InternalName : ISP News

OriginalFilename : ispnews.exe

#:44 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 2828

ThreadCreationTime : 11-03-2006 10:08:44

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

#:45 [wscntfy.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2956

ThreadCreationTime : 11-03-2006 10:08:48

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Security Center Notification App

InternalName : wscntfy.exe

OriginalFilename : wscntfy.exe

#:46 [livecom.exe]

FilePath : C:\PROGRA~1\Livecom\APPLIC~1\Exe\

ProcessID : 3224

ThreadCreationTime : 11-03-2006 10:09:01

BasePriority : Normal

FileVersion : 1, 1, 0, 10

ProductVersion : 1, 1, 0, 10

ProductName : Livecom

FileDescription : Livecom

InternalName : Livecom

OriginalFilename : Livecom.EXE

Comments : Version de validation

#:47 [fsguiexe.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\FSGUI\

ProcessID : 3640

ThreadCreationTime : 11-03-2006 10:09:11

BasePriority : Normal

FileVersion : 5, 70, 2090, 0

ProductVersion : 5, 1, 0, 0

ProductName : ISP 2005

FileDescription : gui standby component

InternalName : fsguiexe

OriginalFilename : fsguiexe.exe

#:48 [alertm~1.exe]

FilePath : C:\WINDOWS\System32\ALERTM~1\

ProcessID : 1456

ThreadCreationTime : 11-03-2006 10:09:27

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : Application AlertModule

FileDescription : Application MFC AlertModule

InternalName : AlertModule

OriginalFilename : AlertModule.EXE

#:49 [fxsvr2.exe]

FilePath : C:\Program Files\Logitech\Video\

ProcessID : 3320

ThreadCreationTime : 11-03-2006 10:09:42

BasePriority : Normal

FileVersion : 8.3.0.1098

ProductVersion : 8.3.0.1098

ProductName : Logitech QuickCam

CompanyName : Logitech Inc.

FileDescription : QuickCam Framework Server

InternalName : FxSvr.EXE

OriginalFilename : FxSvr.EXE

#:50 [toaster.exe]

FilePath : C:\PROGRA~1\Livecom\Toaster\

ProcessID : 3884

ThreadCreationTime : 11-03-2006 10:09:56

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : Application Toaster

CompanyName : France Telecom R&D

FileDescription : Application MFC Toaster

InternalName : Toaster

OriginalFilename : Toaster.EXE

#:51 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2440

ThreadCreationTime : 11-03-2006 10:10:23

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:52 [fspex.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\

ProcessID : 3792

ThreadCreationTime : 11-03-2006 10:10:49

BasePriority : Normal

#:53 [ftplayer.exe]

FilePath : C:\PROGRA~1\Livecom\APPLIC~1\eConfv4\

ProcessID : 3512

ThreadCreationTime : 11-03-2006 10:10:58

BasePriority : Normal

FileVersion : 4, 0, 0, 1

ProductVersion : 4, 0, 0, 1

ProductName : eConf

CompanyName : France Telecom

FileDescription : eConf player

InternalName : ftplayer

OriginalFilename : ftplayer.exe

#:54 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 2920

ThreadCreationTime : 11-03-2006 10:23:43

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

OriginalFilename : Ad-Aware.exe

#:55 [solsuite.exe]

FilePath : E:\Program Files\SolSuite\

ProcessID : 2308

ThreadCreationTime : 11-03-2006 10:24:19

BasePriority : Normal

FileVersion : 16.1.0.0

ProductVersion : 14.2

CompanyName : TreeCardGames.com

FileDescription : SolSuite

#:56 [outlook.exe]

FilePath : C:\Program Files\Microsoft Office\Office\

ProcessID : 2688

ThreadCreationTime : 11-03-2006 10:24:47

BasePriority : Normal

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

MRU List Object Recognized!

Location: : C:\Documents and Settings\LE DU\recent

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\google\navclient\1.1\history

Description :

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description :

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description :

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\internet explorer\typedurls

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\search assistant\acmru

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\recentdocs

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\realnetworks\realplayer\6.0\preferences

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\realnetworks\realplayer\6.0\preferences

Description :

MRU List Object Recognized!

Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows media\wmsdk\general

Description :

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@tradedoubler[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:le [email protected]/

Expires : 04-03-2026 10:59:22

LastSync : Hits:7

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@2o7[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:le [email protected]/

Expires : 08-03-2011 15:57:22

LastSync : Hits:4

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@bluestreak[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:73

Value : Cookie:le [email protected]/

Expires : 07-03-2016 17:43:08

LastSync : Hits:73

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@estat[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:le [email protected]/

Expires : 06-03-2016 11:00:12

LastSync : Hits:5

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:88

Value : Cookie:le [email protected]/

Expires : 09-05-2006 20:42:20

LastSync : Hits:88

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@doubleclick[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:9

Value : Cookie:le [email protected]/

Expires : 09-03-2009 22:42:14

LastSync : Hits:9

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:le [email protected]/

Expires : 12-05-2006 11:33:58

LastSync : Hits:3

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@fastclick[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:le [email protected]/

Expires : 09-03-2008 21:57:02

LastSync : Hits:2

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@tribalfusion[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:9

Value : Cookie:le [email protected]/

Expires : 01-01-2038 01:00:00

LastSync : Hits:9

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@weborama[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:le [email protected]/

Expires : 08-03-2011 15:49:32

LastSync : Hits:10

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:103

Value : Cookie:le [email protected]/

Expires : 06-03-2026 11:38:24

LastSync : Hits:103

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:11

Value : Cookie:le [email protected]/

Expires : 01-03-2036 15:57:06

LastSync : Hits:11

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@valueclick[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:le [email protected]/

Expires : 05-03-2031 11:36:44

LastSync : Hits:1

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : le du@atdmt[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:le [email protected]/

Expires : 09-03-2011 01:00:00

LastSync : Hits:2

UseCount : 0

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 14

Objects found so far: 28

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 28

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 28

12:07:28 Scan Complete

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:41:29.940

Objects scanned:137526

Objects identified:14

Objects ignored:0

New critical objects:14

Securitoo Anti-Spyware Build 1.06r1

Fichier journal créé le :dimanche 12 mars 2006 10:38:10

Utilisation du fichier de définitions :SE1R94 28.02.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Références détectées lors de l’analyse :

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(Index TAC :0):14 Nombre total de références

Tracking Cookie(Index TAC :3):16 Nombre total de références

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Securitoo Anti-Spyware Settings

===========================

Définir : Rechercher les entrées à risque négligeable

Définir : Mode sécurisé (tjrs demander confirm.)

Définir : Analyser les processus actifs

Définir : Analyser le registre

Définir : Analyser en profondeur le registre

Définir : Analyser mes favoris IE pour rech. URL interdites

Définir : Analyser mon fichier Hosts

Extended Securitoo Anti-Spyware Settings

===========================

Définir : Décharger les modules et les processus reconnus pendant l’analyse

Définir : Ignorer les fichiers fractionnés lors de l’analyse des archives .CAB

Définir : Anal. reg. pr tous utili. et non pr utili. actuel uniqmnt

Définir : Toujours essayer de décharger les modules avant la suppression

Définir : Lors de la suppression, décharger l’Explorateur et IE si nécessaire

Définir : Perm. Win. supp. fich. en cours au proch. démar.

Définir : Supprimer les objets en quarantaine après la restauration

Définir : Forcer le blocage des fenêtres publicitaires

Définir : Sélec. auto. objets problématiques dans listes de résultats

Définir : Inclure les paramètres de base d'Anti-Spyware dans le fichier journal

Définir : Inclure un récapitulatif des références dans le fichier journal

Définir : Inclure les détails des données ADS dans le fichier journal

Définir : Afficher l’écran d’accueil

Définir : Sauvegarder le fichier de définitions utilisé avant d’effectuer une mise à jour

Définir : Émettre un son à la fin de l’analyse en cas de détection d'objets critiques

12-03-2006 10:38:10 - L’analyse a démarré. (Analyse complète du système)

MRU List Objet reconnu !

Emplacement : : C:\Documents and Settings\LE DU\recent

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\google\navclient\1.1\history

Description :

MRU List Objet reconnu !

Emplacement : : software\microsoft\direct3d\mostrecentapplication

Description :

MRU List Objet reconnu !

Emplacement : : software\microsoft\direct3d\mostrecentapplication

Description :

MRU List Objet reconnu !

Emplacement : : software\microsoft\directdraw\mostrecentapplication

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\internet explorer\typedurls

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\search assistant\acmru

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\recentdocs

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\realnetworks\realplayer\6.0\preferences

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\realnetworks\realplayer\6.0\preferences

Description :

MRU List Objet reconnu !

Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows media\wmsdk\general

Description :

Affichage des processus en cours d'exécution

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 352

ThreadCreationTime : 12-03-2006 09:16:23

BasePriority : Normal

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 684

ThreadCreationTime : 12-03-2006 09:16:28

BasePriority : Normal

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 708

ThreadCreationTime : 12-03-2006 09:16:29

BasePriority : High

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 752

ThreadCreationTime : 12-03-2006 09:16:29

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Système d'exploitation Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Applications Services et Contrôleur

InternalName : services.exe

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 764

ThreadCreationTime : 12-03-2006 09:16:30

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 912

ThreadCreationTime : 12-03-2006 09:16:32

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 960

ThreadCreationTime : 12-03-2006 09:16:32

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1000

ThreadCreationTime : 12-03-2006 09:16:32

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1044

ThreadCreationTime : 12-03-2006 09:16:32

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1108

ThreadCreationTime : 12-03-2006 09:16:34

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:11 [brsvc01a.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1404

ThreadCreationTime : 12-03-2006 09:16:35

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 3

ProductName : brother Industries Ltd brsvc01a

CompanyName : brother Industries Ltd

FileDescription : brsvc01a

InternalName : brsvc01a

OriginalFilename : brsvc01a.exe

#:12 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1428

ThreadCreationTime : 12-03-2006 09:16:35

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

#:13 [brss01a.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1440

ThreadCreationTime : 12-03-2006 09:16:35

BasePriority : Normal

FileVersion : 1.004

ProductVersion : 1, 0, 0, 4

ProductName : brother Industries Ltd brss01a.exe

CompanyName : brother Industries Ltd

FileDescription : brss01a.exe

InternalName : brss01a.exe

OriginalFilename : brss01a.exe

Comments : Brsplproc XP wrapper

#:14 [servic~1.exe]

FilePath : C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\

ProcessID : 1608

ThreadCreationTime : 12-03-2006 09:16:37

BasePriority : Normal

#:15 [brmfrmps.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1620

ThreadCreationTime : 12-03-2006 09:16:37

BasePriority : Normal

FileVersion : 1.10.10.144

ProductVersion : 1.45.11.403

ProductName : Brother MFL Pro

CompanyName : Brother Industries, Ltd.

FileDescription : Brother Popup Suspend service ( for R/M )

InternalName : Brother Popup Suspend service for Brother MFL-PRO Resource Manager

OriginalFilename : BrmfRmps.exe

#:16 [cascsvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1632

ThreadCreationTime : 12-03-2006 09:16:37

BasePriority : Normal

#:17 [cbs.exe]

FilePath : C:\Program Files\Cobian Backup 7\

ProcessID : 1660

ThreadCreationTime : 12-03-2006 09:16:37

BasePriority : Normal

FileVersion : 7.3.0.156

ProductVersion : 7.0

ProductName : Cobian Backup 7 Service

CompanyName : Luis Cobian

FileDescription : Cobian Backup 7 Service

InternalName : Luz de Luna

OriginalFilename : cbs.exe

#:18 [ewidoctrl.exe]

FilePath : C:\Program Files\ewido anti-malware\

ProcessID : 1716

ThreadCreationTime : 12-03-2006 09:16:38

BasePriority : Normal

FileVersion : 3, 0, 0, 1

ProductVersion : 3, 0, 0, 1

ProductName : ewido control

CompanyName : ewido networks

FileDescription : ewido control

InternalName : ewido control

OriginalFilename : ewidoctrl.exe

#:19 [fsgk32st.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\

ProcessID : 1736

ThreadCreationTime : 12-03-2006 09:16:38

BasePriority : Normal

FileVersion : 1, 0, 7360, 0

ProductVersion : 1, 0, 7360, 56

ProductName : F-Secure Corp. Startup service

CompanyName : F-Secure Corp.

FileDescription : fsgk32st

InternalName : fsgk32

OriginalFilename : fsgk32st.exe

Comments : Startup service for Gatekeeper Handler

#:20 [fsgk32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\

ProcessID : 1764

ThreadCreationTime : 12-03-2006 09:16:38

BasePriority : Normal

FileVersion : 6.10.11380

ProductVersion : 6.10.11380

ProductName : F-Secure Corp. fsgk32

CompanyName : F-Secure Corp.

FileDescription : Gatekeeper Handler II

InternalName : fsgk32

OriginalFilename : fsgk32.exe

Comments : release

#:21 [fsbwsys.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\

ProcessID : 1772

ThreadCreationTime : 12-03-2006 09:16:38

BasePriority : Normal

FileVersion : 6.70.738

ProductVersion : 6.70

ProductName : F-Secure BackWeb

CompanyName : F-Secure Corp.

FileDescription : fsbwsys

InternalName : fsbwsys

OriginalFilename : fsbwsys.exe

#:22 [fsma32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Common\

ProcessID : 1804

ThreadCreationTime : 12-03-2006 09:16:38

BasePriority : Normal

FileVersion : 5.62.7676

ProductVersion : 5.62 Build 7676

ProductName : F-Secure Management Agent

CompanyName : F-Secure Corporation

FileDescription : F-Secure Management Agent

InternalName : VCH

LegalTrademarks : Windows is a trademark of Microsoft Corporation

OriginalFilename : FSMA32.EXE

#:23 [ghoststartservice.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\

ProcessID : 1852

ThreadCreationTime : 12-03-2006 09:16:38

BasePriority : Normal

FileVersion : 2003.775

ProductVersion : 2003.775

ProductName : Norton Ghost Start Service

CompanyName : Symantec Corporation

FileDescription : Norton Ghost Start

InternalName : GhostStartService

OriginalFilename : GhostStartService.exe

#:24 [fsmb32.exe]

FilePath : C:\Program Files\Securitoo\Av_Fw\Common\

ProcessID : 1884

ThreadCreationTime : 12-03-2006 09:16:38

BasePriority : Normal

FileVersion : 5.62.7676

ProductVersion : 5.62 Build 7676

ProductName : F-Secure Management Agent

CompanyName : F-Secure Corporation

FileDescription : F-Secure Message Broker

Inter

tornado · le 12 mars 2006

Salut,

Le rapport d'ad-aware ne montre rien d'inquiétant... pourrais-tu poster le rapport de spybot ? On va supprimer manuellement l'élément infectieux qu'il a trouvé.

Tu peux toujours essayer le scan antispyware en ligne de trendmicro (différent de housecall) --> http://www.trendmicro.com/spyware-scan/ (il nécessite IE) et poster le rapport...

A+

Ps: si il ne donne rien, on essaiera avec silent runner, un outil pour détecter les malwares "cachés" (rootkits).

Modifié le 12 mars 2006 par tornado

jcld1 · le 12 mars 2006

ci-joint rapport demandé

pour trendmicro je n'ai pas su comment sauvegarder le rapport.

si tu as une solution, elle sera la bienvenue car cela fait plusieurs fois que je ne sais comment effectuer la sauvegarde;le résultat était:

14 tracking cookie

4 peer to peer

7 adaware

5 trojan

14 dialer

2 parasite

après suppression il m'a été demandé de réinstaller le servic pack 2 ? ce que j'ai fait

pour spybot

tout a été corrigé sauf eAcceleration 2 éléments

eAcceleration: Dossier Programme (Répertoire, nothing done)

C:\Program Files\Acceleration Software\Anti-Virus\

eAcceleration: Dossier Programme (Répertoire, nothing done)

C:\Program Files\Acceleration Software\

DoubleClick: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done)

Advertising.com: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done)

Avenue A, Inc.: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2006-03-09 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2005-05-31 advcheck.dll (1.0.2.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2005-05-31 Tools.dll (2.0.0.2)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2006-03-10 Includes\Cookies.sbi (*)

2006-03-10 Includes\Dialer.sbi (*)

2006-03-10 Includes\Hijackers.sbi (*)

2006-03-10 Includes\Keyloggers.sbi (*)

2006-03-10 Includes\Malware.sbi (*)

2006-03-10 Includes\PUPS.sbi (*)

2006-03-10 Includes\Revision.sbi (*)

2006-03-10 Includes\Security.sbi (*)

2006-03-10 Includes\Spybots.sbi (*)

2005-02-17 Includes\Tracks.uti

2006-03-10 Includes\Trojans.sbi (*)

jcld

Modifié le 12 mars 2006 par jcld1

jcld1 · le 12 mars 2006

ci-joint rapport demandé

pour trendmicro je n'ai pas su comment sauvegarder le rapport.

si tu as une solution, elle sera la bienvenue car cela fait plusieurs fois que je ne sais comment effectuer la sauvegarde;le résultat était:

14 tracking cookie

4 peer to peer

7 adaware

5 trojan

14 dialer

2 parasite

après suppression il m'a été demandé de réinstaller le servic pack 2 ? ce que j'ai fait

pour spybot

tout a été corrigé sauf eAcceleration 2 éléments

eAcceleration: Dossier Programme (Répertoire, nothing done)

C:\Program Files\Acceleration Software\Anti-Virus\

eAcceleration: Dossier Programme (Répertoire, nothing done)

C:\Program Files\Acceleration Software\

DoubleClick: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done)

Advertising.com: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done)

Avenue A, Inc.: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2006-03-09 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2005-05-31 advcheck.dll (1.0.2.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2005-05-31 Tools.dll (2.0.0.2)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2006-03-10 Includes\Cookies.sbi (*)

2006-03-10 Includes\Dialer.sbi (*)

2006-03-10 Includes\Hijackers.sbi (*)

2006-03-10 Includes\Keyloggers.sbi (*)

2006-03-10 Includes\Malware.sbi (*)

2006-03-10 Includes\PUPS.sbi (*)

2006-03-10 Includes\Revision.sbi (*)

2006-03-10 Includes\Security.sbi (*)

2006-03-10 Includes\Spybots.sbi (*)

2005-02-17 Includes\Tracks.uti

2006-03-10 Includes\Trojans.sbi (*)

jcld

ci-joint rapport silent runners

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Livecom" = ""C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe"" [empty string]

"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]

"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]

"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]

"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]

"EoEngine" = (empty string)

"EoClock" = (empty string)

"GhostStartTrayApp" = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" ["Symantec Corporation"]

"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"FSASWREG" = ""C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"" [null data]

"F-Secure TNB" = ""C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]

"F-Secure Manager" = ""C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]

"F-Secure Startup Wizard" = ""C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot" ["F-Secure Corporation"]

"News Service" = ""C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"" ["F-Secure Corporation"]

"RegistryMechanic" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"OE_WMPWMFSDK_Install_2" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmnetmgr.dll"" [MS]

"OE_WMPWMFSDK_Install_3" = "C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll"" [MS]

"OE_WMPWMFSDK_Install_4" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmod.dll"" [MS]

"OE_WMPWMFSDK_Install_5" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmoe2.dll"" [MS]

"OE_WMPWMFSDK_Install_6" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmoe.dll"" [MS]

"OE_WMPWMFSDK_Install_7" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmod.dll"" [MS]

"OE_WMPWMFSDK_Install_8" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmoe.dll"" [MS]

"OE_WMPWMFSDK_Install_9" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe.dll"" [MS]

"OE_WMPWMFSDK_Install_10" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe2.dll"" [MS]

"OE_WMPWMFSDK_Install_20" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmod.dll"" [MS]

"OE_WMPWMFSDK_Install_21" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mpg4dmod.dll"" [MS]

"OE_WMPWMFSDK_Install_22" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp43dmod.dll"" [MS]

"OE_WMPWMFSDK_Install_23" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp4sdmod.dll"" [MS]

"OE_WMPWMFSDK_Install_24" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmod.dll"" [MS]

"OE_WMPWMFSDK_Install_30" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\laprxy.dll"" [MS]

"OE_WMPWMFSDK_Install_31" = ""C:\WINDOWS\system32\logagent.exe" /RegServer" [MS]

"OE_WMPWMFSDK_Install_32" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvcore.dll"" [MS]

"OE_WMPDRM_Install_1" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmstor.dll"" [MS]

"OE_WMPDRM_Install_2" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmclien.dll"" [MS]

"OE_WMPDRM_Install_4" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmv2clt.dll"" [MS]

"OE_WMPDRM_Install_5" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\blackbox.dll"" [MS]

"OE_WMPDRM_Install_6" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\msnetobj.dll"" [MS]

"OE_WMPWMP7_Install_0" = "C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary" [MS]

"OE_WMPWMP7_Install_1" = ""C:\Program Files\Windows Media Player\migrate.exe" /s" [MS]

"OE_WMPWMP7_Install_2" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmp.dll" [MS]

"OE_WMPWMP7_Install_8" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpshell.dll" [MS]

"OE_WMPWMP7_Install_9" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpasf.dll" [MS]

"OE_WMPWMP7_Install_10" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpdxm.dll" [MS]

"OE_WMPWMP7_Install_11" = "C:\WINDOWS\system32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"" [MS]

"OE_WMPWMDM_Install_7" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll" [MS]

"OE_WMPWMP7_Install_20" = "C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

"load" = (value not set)

"run" = (value not set)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

"AppInit_DLLs" = (value not set)

HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.exe" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:

-----------------------------

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"FriendlyName" = ""

"Source" = "file:///C:/DOCUME~1/LEDU~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg"

"SubscribedURL" = "file:///C:/DOCUME~1/LEDU~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"SCRNSAVE.EXE" = "C:\WINDOWS\Johnny2.scr" ["MacSourcery"]

Enabled Scheduled Tasks:

------------------------

"Scheduled scanning task" -> launches: "C:\PROGRA~1\SECURI~1\Av_Fw\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\Av_Fw\ANTI-V~1\report.txt " ["F-Secure Corporation"]

"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{C6075FF0-1F32-11D4-A681-0050DA502650}\ = "&GirafaBar" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Girafa\GirafaBar.dll" ["Girafa.Com Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{C6075FF0-1F32-11D4-A681-0050DA502650}\ = "&GirafaBar" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Girafa\GirafaBar.dll" ["Girafa.Com Inc."]

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{78A7D3B4-23E3-11D4-A682-0050DA502650}\

"ButtonText" = "Girafa"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points

------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):

[strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Brother Popup Suspend service for Resource manager, brmfrmps, ""C:\WINDOWS\system32\Brmfrmps.exe" -service " ["Brother Industries, Ltd."]

BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]

Casc'ADSL, CascSvc, "C:\WINDOWS\system32\CascSvc.exe" [null data]

Cobian Backup 7 service, CobBackup7, "C:\Program Files\Cobian Backup 7\cbs.exe" ["Luis Cobian"]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]

F-Secure Gatekeeper Handler Starter, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."]

F-Secure Management Agent, FSMA, ""C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE"" ["F-Secure Corporation"]

fsbwsys, fsbwsys, ""C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe"" ["F-Secure Corp."]

GhostStartService, GhostStartService, "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe" ["Symantec Corporation"]

HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

Securitoo Antivirus Firewall, BackWeb Plug-in - 8520111, "C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE" [null data]

Service de lancement de WlanCfg, Wlancfg, "C:\Program Files\Inventel\Gateway\wlancfg.exe SVC" ["Inventel"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\

VSP1:\Driver = "vsmon1.dll" [null data]

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 267 seconds, including 15 seconds for message boxes)

Modifié le 12 mars 2006 par jcld1

jcld1 · le 14 mars 2006

ci-joint rapport silent runners

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Livecom" = ""C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe"" [empty string]

"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]

"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]

"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]

"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]

"EoEngine" = (empty string)

"EoClock" = (empty string)

"GhostStartTrayApp" = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" ["Symantec Corporation"]

"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"FSASWREG" = ""C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"" [null data]

"F-Secure TNB" = ""C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]

"F-Secure Manager" = ""C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]

"F-Secure Startup Wizard" = ""C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot" ["F-Secure Corporation"]

"News Service" = ""C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"" ["F-Secure Corporation"]

"RegistryMechanic" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"OE_WMPWMFSDK_Install_2" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmnetmgr.dll"" [MS]

"OE_WMPWMFSDK_Install_3" = "C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll"" [MS]

"OE_WMPWMFSDK_Install_4" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmod.dll"" [MS]

"OE_WMPWMFSDK_Install_5" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmoe2.dll"" [MS]

"OE_WMPWMFSDK_Install_6" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmoe.dll"" [MS]

"OE_WMPWMFSDK_Install_7" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmod.dll"" [MS]

"OE_WMPWMFSDK_Install_8" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmoe.dll"" [MS]

"OE_WMPWMFSDK_Install_9" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe.dll"" [MS]

"OE_WMPWMFSDK_Install_10" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe2.dll"" [MS]

"OE_WMPWMFSDK_Install_20" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmod.dll"" [MS]

"OE_WMPWMFSDK_Install_21" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mpg4dmod.dll"" [MS]

"OE_WMPWMFSDK_Install_22" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp43dmod.dll"" [MS]

"OE_WMPWMFSDK_Install_23" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp4sdmod.dll"" [MS]

"OE_WMPWMFSDK_Install_24" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmod.dll"" [MS]

"OE_WMPWMFSDK_Install_30" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\laprxy.dll"" [MS]

"OE_WMPWMFSDK_Install_31" = ""C:\WINDOWS\system32\logagent.exe" /RegServer" [MS]

"OE_WMPWMFSDK_Install_32" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvcore.dll"" [MS]

"OE_WMPDRM_Install_1" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmstor.dll"" [MS]

"OE_WMPDRM_Install_2" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmclien.dll"" [MS]

"OE_WMPDRM_Install_4" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmv2clt.dll"" [MS]

"OE_WMPDRM_Install_5" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\blackbox.dll"" [MS]

"OE_WMPDRM_Install_6" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\msnetobj.dll"" [MS]

"OE_WMPWMP7_Install_0" = "C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary" [MS]

"OE_WMPWMP7_Install_1" = ""C:\Program Files\Windows Media Player\migrate.exe" /s" [MS]

"OE_WMPWMP7_Install_2" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmp.dll" [MS]

"OE_WMPWMP7_Install_8" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpshell.dll" [MS]

"OE_WMPWMP7_Install_9" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpasf.dll" [MS]

"OE_WMPWMP7_Install_10" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpdxm.dll" [MS]

"OE_WMPWMP7_Install_11" = "C:\WINDOWS\system32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"" [MS]

"OE_WMPWMDM_Install_7" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll" [MS]

"OE_WMPWMP7_Install_20" = "C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

"load" = (value not set)

"run" = (value not set)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

"AppInit_DLLs" = (value not set)

HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.exe" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:

-----------------------------

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"FriendlyName" = ""

"Source" = "file:///C:/DOCUME~1/LEDU~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg"

"SubscribedURL" = "file:///C:/DOCUME~1/LEDU~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"SCRNSAVE.EXE" = "C:\WINDOWS\Johnny2.scr" ["MacSourcery"]

Enabled Scheduled Tasks:

------------------------

"Scheduled scanning task" -> launches: "C:\PROGRA~1\SECURI~1\Av_Fw\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\Av_Fw\ANTI-V~1\report.txt " ["F-Secure Corporation"]

"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{C6075FF0-1F32-11D4-A681-0050DA502650}\ = "&GirafaBar" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Girafa\GirafaBar.dll" ["Girafa.Com Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{C6075FF0-1F32-11D4-A681-0050DA502650}\ = "&GirafaBar" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Girafa\GirafaBar.dll" ["Girafa.Com Inc."]

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{78A7D3B4-23E3-11D4-A682-0050DA502650}\

"ButtonText" = "Girafa"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points

------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):

[strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Brother Popup Suspend service for Resource manager, brmfrmps, ""C:\WINDOWS\system32\Brmfrmps.exe" -service " ["Brother Industries, Ltd."]

BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]

Casc'ADSL, CascSvc, "C:\WINDOWS\system32\CascSvc.exe" [null data]

Cobian Backup 7 service, CobBackup7, "C:\Program Files\Cobian Backup 7\cbs.exe" ["Luis Cobian"]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]

F-Secure Gatekeeper Handler Starter, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."]

F-Secure Management Agent, FSMA, ""C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE"" ["F-Secure Corporation"]

fsbwsys, fsbwsys, ""C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe"" ["F-Secure Corp."]

GhostStartService, GhostStartService, "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe" ["Symantec Corporation"]

HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

Securitoo Antivirus Firewall, BackWeb Plug-in - 8520111, "C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE" [null data]

Service de lancement de WlanCfg, Wlancfg, "C:\Program Files\Inventel\Gateway\wlancfg.exe SVC" ["Inventel"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\

VSP1:\Driver = "vsmon1.dll" [null data]

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 267 seconds, including 15 seconds for message boxes)

jcld1 · le 14 mars 2006

bonjour,

n'ayant plus de nouvelles je me pose la question?

suite à mes derniers résultats restés sans commentaireque paeux t-on faire

jcld

tornado · le 15 mars 2006

Salut jlcd1 et désolé de la lenteur de ma réponse...

Le rapport de silentrunners ne montre rien d'anormal.

Je te recommande donc de faire ce scan antispyware en ligne de trendmicro, différent de trendmicro housecall --> http://www.trendmicro.com/spyware-scan/ (il fonctionne uniquement sous IE)

Sauve le rapport ( tu vas voir, ce n'est pas compliqué) et poste-le.

Si il ne donne toujours rien, il va falloir regarder du côté des rootkits (malware cachés).

A+

Modifié le 15 mars 2006 par tornado

jcld1 · le 15 mars 2006

bonsoir et merci de prendre le temps de suivre mon problème

je n'ai pas pu avoir de rapport maios il m'a indiqué

13 cookies

1 trojan :TSPY_lineage.LU

1 TRACKWARE: spyware_track_ISpy

au stade ou j'en suis je me demande si il reste des virus

panda e,n avait détruit, je ne recoie plus de message quand je transfert sur mon portable

le scan de securitoo est bon?

jcld

tornado · le 15 mars 2006

Salut,

Est-ce que tu as les chemins des fichiers malveillants trouvés ?

au stade ou j'en suis je me demande si il reste des virus
panda e,n avait détruit, je ne recoie plus de message quand je transfert sur mon portable

le scan de securitoo est bon?

Cela signifie que tu n'as plus de problèmes ?

Si il y en a toujours, on peut toujours voir si des rootkits sont présents sur ton pc :

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

A+

jcld1 · le 16 mars 2006

Salut,

Est-ce que tu as les chemins des fichiers malveillants trouvés ?

Cela signifie que tu n'as plus de problèmes ?

Si il y en a toujours, on peut toujours voir si des rootkits sont présents sur ton pc :

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

A+

je n'ai pas pu obtenir de rapport mais suite au scan,

rien n'a été trouvé

jcld

Connexion

Pas encore inscrit ?

PC infecté : demande d'analyse

Messages recommandés

jcld1

Lien vers le commentaire

Partager sur d’autres sites

tornado

Lien vers le commentaire

Partager sur d’autres sites

jcld1

Lien vers le commentaire

Partager sur d’autres sites

jcld1

Lien vers le commentaire

Partager sur d’autres sites

jcld1

Lien vers le commentaire

Partager sur d’autres sites

jcld1

Lien vers le commentaire

Partager sur d’autres sites

tornado

Lien vers le commentaire

Partager sur d’autres sites

jcld1

Lien vers le commentaire

Partager sur d’autres sites

tornado

Lien vers le commentaire

Partager sur d’autres sites

jcld1

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer