Les spyware reviennent
Les spyware reviennent - Sécurité - Windows & Software
Marsh Posté le 20-03-2005 à 13:53:10
Passe l'uninstall Hotoffers:
http://www.hotoffers.info/uninstall/index.html
et poste un log HijackThis.
Sujets relatifs:
- Spyware Firefox
- Galère de spyware, de l'aide pour lire mon log hijack???
- problème virus ou spyware ??
- Marre des virus et spyware
- Un spyware ... ERF
- j'ai un spyware comment le virer?!
- [spyware et cie] Pas moyen de m'en debarasser
- Pb IE 6 + pop up : Virus ou spyware
- spyware supprimés en mode sans échec mais qui reviennent enmode normal
- Spyware qui reviennent
Marsh Posté le 19-03-2005 à 16:39:11
Bonjour,
Voilà un log réalisé par AD-Aware. Je peux retirer les objets mais ils reviennent après un reboot...
Des idées ? Des suggestions ?
Linf.
Ad-Aware SE Build 1.05
Logfile Created on:samedi 19 mars 2005 16:08:43
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R32 10.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:0):17 total references
IEHijacker.Hotoffers(TAC index:7):36 total references
MRU List(TAC index:0):34 total references
Win32.Adverts.TrojanDownloader(TAC index:6):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
19-03-2005 16:08:43 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\adobe\adobe acrobat\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Documents and Settings\MMenu\recent
Description : list of recently opened documents
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 172
ThreadCreationTime : 19-03-2005 13:07:06
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 200
ThreadCreationTime : 19-03-2005 13:07:44
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 196
ThreadCreationTime : 19-03-2005 13:07:50
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 248
ThreadCreationTime : 19-03-2005 13:07:56
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 260
ThreadCreationTime : 19-03-2005 13:07:56
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Exécutable LSA et DLL serveur (version d'exportation)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [ibmpmsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 380
ThreadCreationTime : 19-03-2005 13:08:09
BasePriority : Normal
#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 444
ThreadCreationTime : 19-03-2005 13:08:14
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 492
ThreadCreationTime : 19-03-2005 13:08:21
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:9 [ccsetmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 552
ThreadCreationTime : 19-03-2005 13:08:22
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 576
ThreadCreationTime : 19-03-2005 13:08:25
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:11 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 672
ThreadCreationTime : 19-03-2005 13:08:26
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:12 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 700
ThreadCreationTime : 19-03-2005 13:08:27
BasePriority : Normal
#:13 [cusrvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 716
ThreadCreationTime : 19-03-2005 13:08:27
BasePriority : Normal
FileVersion : v4.90
ProductVersion : v4.90
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell Client Update Service
InternalName : CUSRVC
LegalCopyright : Copyright © 2003, by Novell, Inc. All rights reserved.
OriginalFilename : CUSRVC.EXE
#:14 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 736
ThreadCreationTime : 19-03-2005 13:08:27
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe
#:15 [ntmulti.exe]
FilePath : C:\Program Files\lotus\notes\
ProcessID : 768
ThreadCreationTime : 19-03-2005 13:08:30
BasePriority : Normal
#:16 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 948
ThreadCreationTime : 19-03-2005 13:08:42
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:17 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 964
ThreadCreationTime : 19-03-2005 13:08:46
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Planificateur de tâches Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Moteur du Planificateur de tâches
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:18 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1024
ThreadCreationTime : 19-03-2005 13:08:49
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Moniteur de périphériques d'images fixes
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE
#:19 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1044
ThreadCreationTime : 19-03-2005 13:08:50
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.
#:20 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 1064
ThreadCreationTime : 19-03-2005 13:08:52
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Infrastructure de gestion Windows
CompanyName : Microsoft Corporation
FileDescription : Infrastructure de gestion Windows
InternalName : WINMGMT
LegalCopyright : Copyright (C) Microsoft Corp. 1995-1999
#:21 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1160
ThreadCreationTime : 19-03-2005 13:09:14
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:22 [tp4mon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1448
ThreadCreationTime : 19-03-2005 13:09:55
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : IBM
FileDescription : IBM TrackPoint Application
InternalName : tp4mon
LegalCopyright : (C) IBM 1999 - All Rights Reserved
OriginalFilename : tp4mon.exe
#:23 [dpmw32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1480
ThreadCreationTime : 19-03-2005 13:09:59
BasePriority : Normal
#:24 [nwtray.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1484
ThreadCreationTime : 19-03-2005 13:10:00
BasePriority : Normal
FileVersion : v4.90
ProductVersion : v4.90
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell System Tray Icon
LegalCopyright : Copyright © 1992-2002 Novell, Inc.
OriginalFilename : NWTRAY.EXE
#:25 [agentnt.exe]
FilePath : C:\tbclient\BIN\
ProcessID : 1548
ThreadCreationTime : 19-03-2005 13:10:03
BasePriority : Normal
FileVersion : 3.1
ProductVersion : 3.1.0
ProductName : TrackBird
CompanyName : ISTRIA
FileDescription : Agent Collector for Windows NT
InternalName : agentnt
LegalCopyright : Copyright © D2M - ISTRIA 1997-2002
OriginalFilename : agentnt.exe
#:26 [ccapp.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1568
ThreadCreationTime : 19-03-2005 13:10:03
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:27 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 1620
ThreadCreationTime : 19-03-2005 13:10:05
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.
#:28 [agrsmmsg.exe]
FilePath : C:\WINNT\
ProcessID : 864
ThreadCreationTime : 19-03-2005 13:10:10
BasePriority : Normal
FileVersion : 2.1.31 2.1.31 06/27/2003 08:53:31
ProductVersion : 2.1.31 2.1.31 06/27/2003 08:53:31
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:29 [rundll32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1660
ThreadCreationTime : 19-03-2005 13:10:11
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Système d'exploitation Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE
#:30 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1684
ThreadCreationTime : 19-03-2005 13:10:14
BasePriority : Normal
#:31 [realsched.exe]
FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 1732
ThreadCreationTime : 19-03-2005 13:10:17
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:32 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1772
ThreadCreationTime : 19-03-2005 13:10:19
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:33 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1816
ThreadCreationTime : 19-03-2005 13:10:23
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:34 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1404
ThreadCreationTime : 19-03-2005 13:10:31
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:35 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1752
ThreadCreationTime : 19-03-2005 13:10:34
BasePriority : Normal
FileVersion : 7.0.0604
ProductVersion : 7.0.0604
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:36 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ProcessID : 928
ThreadCreationTime : 19-03-2005 13:10:44
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
#:37 [olfsnt40.exe]
FilePath : C:\Program Files\Microsoft Office\Office\1036\
ProcessID : 1856
ThreadCreationTime : 19-03-2005 13:10:48
BasePriority : Normal
FileVersion : 9.0.98.0105
ProductVersion : 9.0.98.0105
ProductName : Symantec Fax Starter Edition Printer Driver
CompanyName : Microsoft Corporation
FileDescription : Symantec Fax Starter Edition Port Launcher
InternalName : OLFSNT40.DLL
LegalCopyright : Copyright (C) Symantec Corp. 1990-1998
OriginalFilename : OLFSNT40.DLL
#:38 [msoffice.exe]
FilePath : C:\Program Files\Microsoft Office\Office\1036\
ProcessID : 1912
ThreadCreationTime : 19-03-2005 13:10:55
BasePriority : Normal
FileVersion : 9.0.2601
ProductVersion : 9.0.2601
ProductName : Microsoft Office 2000
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office 2000 component
InternalName : MSOFFICE
LegalCopyright : Copyright© 1994-1999 Microsoft Corporation. Tous droits réservés.
OriginalFilename : MSOFFICE.EXE
#:39 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 1792
ThreadCreationTime : 19-03-2005 14:42:16
BasePriority : Normal
#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 340
ThreadCreationTime : 19-03-2005 15:08:18
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f65fcb-d130-11d8-ba48-8be0c49af370}
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f65fcb-d130-11d8-ba48-8be0c49af370}
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{28f65fbe-d130-11d8-ba48-8be0c49af370}
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.onclick.1
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.onclick.1
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.onclick
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.onclick
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cf70455e-edc1-4067-b824-cd0314bc3b2e}
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cf70455e-edc1-4067-b824-cd0314bc3b2e}
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : serch_hook.transurl.1
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : serch_hook.transurl.1
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : serch_hook.transurl
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : serch_hook.transurl
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c7edab2e-d7f9-11d8-ba48-c79b0c409d70}
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c7edab2e-d7f9-11d8-ba48-c79b0c409d70}
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c7edab21-d7f9-11d8-ba48-c79b0c409d70}
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05aae5e5-47a1-4f65-8c32-8913ead54dbf}
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05aae5e5-47a1-4f65-8c32-8913ead54dbf}
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12345678-0000-0010-8000-00aaff6d2ea4}
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a77bd0a1-a8fa-48c0-8fff-5a4ddcad4581}
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a77bd0a1-a8fa-48c0-8fff-5a4ddcad4581}
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c7edab2d-d7f9-11d8-ba48-c79b0c409d70}
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c7edab2d-d7f9-11d8-ba48-c79b0c409d70}
Value :
IEHijacker.Hotoffers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28f65fca-d130-11d8-ba48-8be0c49af370}
IEHijacker.Hotoffers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28f65fca-d130-11d8-ba48-8be0c49af370}
Value :
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.bl
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.bl
Value :
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.bl.1
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : popup_bl.bl.1
Value :
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-507921405-1343024091-1000\software\microsoft\internet explorer\main
Value : HOMEOldSP
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : HOMEOldSP
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 31
Objects found so far: 65
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 01A8CD05-956A-4FBA-97A2-A3CF40
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\00D3B821-C842-4E9C-8365-287E41\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : B7DF7F36-659B-4440-84E3-946BEB
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\00D3B821-C842-4E9C-8365-287E41\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 410575C1-3C8E-4BD1-A06A-0BA63A
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\73A9A4E3-B23F-43CF-8827-7E9103\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 99E1835A-F269-4477-B5CD-02FA51
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\73A9A4E3-B23F-43CF-8827-7E9103\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 3BE32A8B-5003-47A5-81F3-76B884
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\746F13DB-320B-47A7-83CB-BD19AE\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 6A8F5C29-ECAB-4316-B2FC-BF8824
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\746F13DB-320B-47A7-83CB-BD19AE\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 35193D22-4D4D-4D93-B662-C46661
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9F7072FE-22DA-4AB3-866B-D4E260\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 383C7833-249C-46D1-9B98-5A21AD
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9F7072FE-22DA-4AB3-866B-D4E260\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : D5C52F47-7E3C-439D-A13C-CB1312
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\B35BFB36-0D5E-4A11-918D-3EC3A6\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : E41C9C0D-9ECE-415F-B4CF-CBC95D
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\B35BFB36-0D5E-4A11-918D-3EC3A6\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : popup_bl Module
FileDescription : popup_bl Module
InternalName : popup_bl
LegalCopyright : Copyright 2004
OriginalFilename : popup_bl.DLL
IEHijacker.Hotoffers Object Recognized!
Type : File
Data : 8D1D8375-1D34-4655-A424-518A1F
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\B77A548D-A90E-4331-891A-ACDF54\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : serch_hook Module
FileDescription : serch_hook Module
InternalName : serch_hook
LegalCopyright : Copyright 2004
OriginalFilename : serch_hook.DLL
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 76
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 76
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain
Value : CLSID
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : UninstallString
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : conc
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\protocols\filter\text/html
Value : CLSID
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 91
16:30:52 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:08.831
Objects scanned:108890
Objects identified:57
Objects ignored:0
New critical objects:57