A voir également:
- Infecté par Gaelicum.A
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Windows
- L'ordinateur de samantha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- Mon ordinateur a été infecté par un virus ou - Forum Virus
- Anti virus - Forum Antivirus
- Infection par : ONLYPC Flow.co.in ✓ - Forum Virus
11 réponses
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
27 juil. 2006 à 21:50
27 juil. 2006 à 21:50
Salut
HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.
+
Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
A+
HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.
+
Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
A+
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Photoshop CS
Adobe Reader 6.0
Alcatel SpeedTouch USB Software
Archiveur WinRAR
AtomixMP3 v2.3 Trial
AVG Free Edition
Belkin Bluetooth Software
BSPlayer
CDex extraction audio
Change Extension
CleanUp!
CloneDVD2
Creative DVD Audio Plugin for Audigy Series
Creative PC-CAM Center Lite
Creative WebCam Monitor
Creative WebCam NX Driver (1.02.01.0827)
Disque de souvenirs HP
DivX Pro Codec
DVD Shrink 3.2
EVEREST Home Edition v2.01
Everest Poker (Remove Only)
EvilLyrics
ffdshow (remove only)
FlashFXP
FusionSoft DVD Player XP Version 5.0
HijackThis 1.99.1
hp psc 1200 series
Huffyuv AVI lossless video codec (Remove Only)
Ink
InterActual Player
InterVideo WinDVD 7
iPod Update 2004-04-28
iTunes
K!TV
Lecteur Windows Media 10
L'Internet ADSL de Cegetel
Macromedia Flash Player 8
Messenger Plus! 3
Michael Schumacher World Tour Kart 2004 Demo
Microsoft Office 2000 Premium
MilkDrop for Winamp 2x (remove only)
MSN Messenger 7.5
MSXML 4.0 SP2 Parser and SDK
Nero 7 Demo
NVIDIA Drivers
Photo et imagerie HP 2.0 - All-in-One
Photo et imagerie HP 2.0 - All-in-One Pilote
Photo et imagerie HP 2.0 - hp psc 1200 series
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Sophos Anti-Virus
Sophos AutoUpdate
Spybot - Search & Destroy 1.3
SpywareBot 3.6.0.3
StuffPlug-NG (Messenger Plus! Plugins)
Vodafone 804SS USB driver Software
Winamp (remove only)
Windows Media Format 9 Series SDK
Windows Media Format Runtime
XviD Video Codec 24062003-1 (Koepi's developer build)
et
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"LClock" = "lclock.exe" [null data]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"MessengerPlus3" = ""D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"msnmsgr" = ""D:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NVRTCLK" = "D:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]
"PathNvidiaTV" = "D:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe" [file not found]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"MessengerPlus3" = ""D:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "D:\PROGRA~1\Grisoft\AVG Free\avgemc.exe" ["GRISOFT, s.r.o."]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SpeedTouch USB Diagnostics" = ""D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"]
"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k" [MS]
"spywarebot" = "D:\Program Files\SpywareBot\SpywareBot.exe -boot" ["SpywareBot Company"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{e0515e57-7dc3-11d3-8340-444553540000}" = "pmChangeExt"
-> {HKLM...CLSID} = "pmChangeExt"
\InProcServer32\(Default) = "d:\program files\change extension\pmchangeext.dll" ["Pierre-Marie DEVIGNE"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\Microsoft Office\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "D:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}" = "Sophos Anti-Virus Shell Extension"
-> {HKLM...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "Favoris Bluetooth"
\InProcServer32\(Default) = "D:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
pmChangeExt\(Default) = "{e0515e57-7dc3-11d3-8340-444553540000}"
-> {HKLM...CLSID} = "pmChangeExt"
\InProcServer32\(Default) = "d:\program files\change extension\pmchangeext.dll" ["Pierre-Marie DEVIGNE"]
SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
-> {HKLM...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
-> {HKLM...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
-> {HKLM...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Adriao.KOSVOCORE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\system32\logon.scr" [MS]
Startup items in "Adriao" & "All Users" startup folders:
--------------------------------------------------------
D:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"AutoUpdate Monitor" -> shortcut to: "D:\Program Files\Sophos\AutoUpdate\ALMon.exe" ["Sophos Plc"]
"BTTray" -> shortcut to: "D:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe" ["Broadcom Corporation."]
"hp psc 1000 series" -> shortcut to: "D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
"InterVideo WinCinema Manager" -> shortcut to: "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#hp psc 1200 series#1139160749" -> launches: "D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1139160749"" [empty string]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "D:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm" [null data]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
Miscellaneous IE Hijack Points
------------------------------
D:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe" ["GRISOFT, s.r.o."]
Bluetooth Service, btwdins, "D:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe" ["Broadcom Corporation."]
Créateur de rapports d'état Sophos Anti-Virus, SAVAdminService, ""D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe"" ["Sophos Plc"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Sophos Anti-Virus, SAVService, ""D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe"" ["Sophos Plc"]
Sophos AutoUpdate Service, Sophos AutoUpdate Service, ""D:\Program Files\Sophos\AutoUpdate\ALsvc.exe"" ["Sophos Plc"]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
Port imprimante Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 33 seconds, including 18 seconds for message boxes)
Merci beaucoup de ton aide
Ad-Aware SE Personal
Adobe Photoshop CS
Adobe Reader 6.0
Alcatel SpeedTouch USB Software
Archiveur WinRAR
AtomixMP3 v2.3 Trial
AVG Free Edition
Belkin Bluetooth Software
BSPlayer
CDex extraction audio
Change Extension
CleanUp!
CloneDVD2
Creative DVD Audio Plugin for Audigy Series
Creative PC-CAM Center Lite
Creative WebCam Monitor
Creative WebCam NX Driver (1.02.01.0827)
Disque de souvenirs HP
DivX Pro Codec
DVD Shrink 3.2
EVEREST Home Edition v2.01
Everest Poker (Remove Only)
EvilLyrics
ffdshow (remove only)
FlashFXP
FusionSoft DVD Player XP Version 5.0
HijackThis 1.99.1
hp psc 1200 series
Huffyuv AVI lossless video codec (Remove Only)
Ink
InterActual Player
InterVideo WinDVD 7
iPod Update 2004-04-28
iTunes
K!TV
Lecteur Windows Media 10
L'Internet ADSL de Cegetel
Macromedia Flash Player 8
Messenger Plus! 3
Michael Schumacher World Tour Kart 2004 Demo
Microsoft Office 2000 Premium
MilkDrop for Winamp 2x (remove only)
MSN Messenger 7.5
MSXML 4.0 SP2 Parser and SDK
Nero 7 Demo
NVIDIA Drivers
Photo et imagerie HP 2.0 - All-in-One
Photo et imagerie HP 2.0 - All-in-One Pilote
Photo et imagerie HP 2.0 - hp psc 1200 series
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Sophos Anti-Virus
Sophos AutoUpdate
Spybot - Search & Destroy 1.3
SpywareBot 3.6.0.3
StuffPlug-NG (Messenger Plus! Plugins)
Vodafone 804SS USB driver Software
Winamp (remove only)
Windows Media Format 9 Series SDK
Windows Media Format Runtime
XviD Video Codec 24062003-1 (Koepi's developer build)
et
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"LClock" = "lclock.exe" [null data]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"MessengerPlus3" = ""D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"msnmsgr" = ""D:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NVRTCLK" = "D:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]
"PathNvidiaTV" = "D:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe" [file not found]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"MessengerPlus3" = ""D:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "D:\PROGRA~1\Grisoft\AVG Free\avgemc.exe" ["GRISOFT, s.r.o."]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SpeedTouch USB Diagnostics" = ""D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"]
"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k" [MS]
"spywarebot" = "D:\Program Files\SpywareBot\SpywareBot.exe -boot" ["SpywareBot Company"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{e0515e57-7dc3-11d3-8340-444553540000}" = "pmChangeExt"
-> {HKLM...CLSID} = "pmChangeExt"
\InProcServer32\(Default) = "d:\program files\change extension\pmchangeext.dll" ["Pierre-Marie DEVIGNE"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\Microsoft Office\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "D:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}" = "Sophos Anti-Virus Shell Extension"
-> {HKLM...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "Favoris Bluetooth"
\InProcServer32\(Default) = "D:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
pmChangeExt\(Default) = "{e0515e57-7dc3-11d3-8340-444553540000}"
-> {HKLM...CLSID} = "pmChangeExt"
\InProcServer32\(Default) = "d:\program files\change extension\pmchangeext.dll" ["Pierre-Marie DEVIGNE"]
SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
-> {HKLM...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
-> {HKLM...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
-> {HKLM...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Adriao.KOSVOCORE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\system32\logon.scr" [MS]
Startup items in "Adriao" & "All Users" startup folders:
--------------------------------------------------------
D:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"AutoUpdate Monitor" -> shortcut to: "D:\Program Files\Sophos\AutoUpdate\ALMon.exe" ["Sophos Plc"]
"BTTray" -> shortcut to: "D:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe" ["Broadcom Corporation."]
"hp psc 1000 series" -> shortcut to: "D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
"InterVideo WinCinema Manager" -> shortcut to: "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#hp psc 1200 series#1139160749" -> launches: "D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1139160749"" [empty string]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "D:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm" [null data]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
Miscellaneous IE Hijack Points
------------------------------
D:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe" ["GRISOFT, s.r.o."]
Bluetooth Service, btwdins, "D:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe" ["Broadcom Corporation."]
Créateur de rapports d'état Sophos Anti-Virus, SAVAdminService, ""D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe"" ["Sophos Plc"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Sophos Anti-Virus, SAVService, ""D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe"" ["Sophos Plc"]
Sophos AutoUpdate Service, Sophos AutoUpdate Service, ""D:\Program Files\Sophos\AutoUpdate\ALsvc.exe"" ["Sophos Plc"]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
Port imprimante Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 33 seconds, including 18 seconds for message boxes)
Merci beaucoup de ton aide
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
27 juil. 2006 à 23:25
27 juil. 2006 à 23:25
Salut
desinstalle ceci
Spybot - Search & Destroy 1.3
SpywareBot 3.6.0.3
Installe la version recente de spybot
Spybot S&D 1.4
https://www.safer-networking.org/
Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/
Ad-Aware SE 1.06
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/ Ewido:
http://perso.orange.fr/entraide-hijackthis/Ewido/
Installation puis mises à jour.
Scan ton pc avec les 3.
Par contre, je vois sophos et avg, tu as 2antivirus?
a+
desinstalle ceci
Spybot - Search & Destroy 1.3
SpywareBot 3.6.0.3
Installe la version recente de spybot
Spybot S&D 1.4
https://www.safer-networking.org/
Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/
Ad-Aware SE 1.06
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/ Ewido:
http://perso.orange.fr/entraide-hijackthis/Ewido/
Installation puis mises à jour.
Scan ton pc avec les 3.
Par contre, je vois sophos et avg, tu as 2antivirus?
a+
j'avais 2 antivirus oui, je viens de vire sophos qui n'arrivait pas à faire les maj.
merci de ton aide je test tout ça
merci de ton aide je test tout ça
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
28 juil. 2006 à 11:04
28 juil. 2006 à 11:04
ok
a+
a+
bon j'ai essayé tout ce que tu m'as dis, mais j'ai tjs des setup.exe qui se créent avec le virus Gaelicum.A
que dois-je faire maintenant ?
merci
que dois-je faire maintenant ?
merci
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
29 juil. 2006 à 14:22
29 juil. 2006 à 14:22
salut
tu as un rapport a me donner?
a+
tu as un rapport a me donner?
a+
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
29 juil. 2006 à 21:04
29 juil. 2006 à 21:04
Re
Spybot, ad aware et ewido, je peux avoir les 3? lol
Spybot, ad aware et ewido, je peux avoir les 3? lol
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
30 juil. 2006 à 15:08
30 juil. 2006 à 15:08
Salut,
EWIDO ==> no action taken ==> n'a pas fonctionné
D – Ewido
https://www.malekal.com/tutorial-et-guide-ewido-v4/
règle ton ewido sur delete ou remove
Copie/colle le rapport
A++
EWIDO ==> no action taken ==> n'a pas fonctionné
D – Ewido
https://www.malekal.com/tutorial-et-guide-ewido-v4/
règle ton ewido sur delete ou remove
Copie/colle le rapport
A++
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:34:28 30/07/2006
+ Scan result:
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@estat[1].txt -> TrackingCookie.Estat : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
::Report end
Ad-Aware SE Build 1.06r1
Logfile Created on:dimanche 30 juillet 2006 14:37:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R115 18.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):5 total references
Tracking Cookie(TAC index:3):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
30-07-2006 14:37:05 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : D:\Documents and Settings\Adriao.KOSVOCORE\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 640
ThreadCreationTime : 30-07-2006 09:53:24
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 30-07-2006 09:53:27
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 30-07-2006 09:53:29
BasePriority : High
#:4 [services.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 30-07-2006 09:53:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 768
ThreadCreationTime : 30-07-2006 09:53:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 30-07-2006 09:53:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 30-07-2006 09:53:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1056
ThreadCreationTime : 30-07-2006 09:53:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1088
ThreadCreationTime : 30-07-2006 09:53:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1228
ThreadCreationTime : 30-07-2006 09:53:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [explorer.exe]
FilePath : D:\WINDOWS\
ProcessID : 1440
ThreadCreationTime : 30-07-2006 09:53:36
BasePriority : Normal
FileVersion : 6.00.2900.2527 (xpsp.040919-1030)
ProductVersion : 6.00.2900.2527
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:12 [soundman.exe]
FilePath : D:\WINDOWS\
ProcessID : 1556
ThreadCreationTime : 30-07-2006 09:53:37
BasePriority : Normal
FileVersion : 5.1.0.33
ProductVersion : 5.1.0.33
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:13 [rundll32.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1592
ThreadCreationTime : 30-07-2006 09:53:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
#:14 [msgplus.exe]
FilePath : D:\Program Files\MessengerPlus! 3\
ProcessID : 1600
ThreadCreationTime : 30-07-2006 09:53:39
BasePriority : Normal
#:15 [avgcc.exe]
FilePath : D:\PROGRA~1\Grisoft\AVG Free\
ProcessID : 1608
ThreadCreationTime : 30-07-2006 09:53:40
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:16 [avgemc.exe]
FilePath : D:\PROGRA~1\Grisoft\AVG Free\
ProcessID : 1636
ThreadCreationTime : 30-07-2006 09:53:40
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:17 [qttask.exe]
FilePath : D:\Program Files\QuickTime\
ProcessID : 1648
ThreadCreationTime : 30-07-2006 09:53:41
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:18 [avgamsvr.exe]
FilePath : D:\PROGRA~1\Grisoft\AVG Free\
ProcessID : 1660
ThreadCreationTime : 30-07-2006 09:53:41
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:19 [realsched.exe]
FilePath : D:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 1668
ThreadCreationTime : 30-07-2006 09:53:41
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:20 [dragdiag.exe]
FilePath : D:\Program Files\Alcatel\SpeedTouch USB\
ProcessID : 1708
ThreadCreationTime : 30-07-2006 09:53:42
BasePriority : Normal
FileVersion : 200.7.0.0
ProductVersion : 200.7.0.0
ProductName : SpeedTouch USB
CompanyName : THOMSON multimedia
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON multimedia 1999-2002
#:21 [avgupsvc.exe]
FilePath : D:\PROGRA~1\Grisoft\AVG Free\
ProcessID : 1816
ThreadCreationTime : 30-07-2006 09:53:44
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:22 [btwdins.exe]
FilePath : D:\Program Files\Belkin\Logiciel Bluetooth\bin\
ProcessID : 1836
ThreadCreationTime : 30-07-2006 09:53:44
BasePriority : Normal
FileVersion : 4.0.1.2401
ProductVersion : 4.0.1.2401
ProductName : Bluetooth Software 4.0.1.2401
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright 2000-2005, Broadcom Corporation.
OriginalFilename : BTWDIns.EXE
#:23 [ctfmon.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1872
ThreadCreationTime : 30-07-2006 09:53:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:24 [lclock.exe]
FilePath : D:\WINDOWS\
ProcessID : 1884
ThreadCreationTime : 30-07-2006 09:53:45
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LClock Application
FileDescription : LClock Application
InternalName : LClock
LegalCopyright : Copyright (C) 2004
OriginalFilename : LClock.exe
#:25 [nmbgmonitor.exe]
FilePath : D:\Program Files\Fichiers communs\Ahead\lib\
ProcessID : 1904
ThreadCreationTime : 30-07-2006 09:53:46
BasePriority : Normal
#:26 [msnmsgr.exe]
FilePath : D:\Program Files\MSN Messenger\
ProcessID : 1924
ThreadCreationTime : 30-07-2006 09:53:46
BasePriority : Normal
FileVersion : 7.5.0322
ProductVersion : 7.5.0322
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:27 [nvsvc32.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1952
ThreadCreationTime : 30-07-2006 09:53:47
BasePriority : Normal
FileVersion : 6.14.10.7772
ProductVersion : 6.14.10.7772
ProductName : NVIDIA Driver Helper Service, Version 77.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 77.72
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:28 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1972
ThreadCreationTime : 30-07-2006 09:53:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:29 [wdfmgr.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 176
ThreadCreationTime : 30-07-2006 09:53:51
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:30 [bttray.exe]
FilePath : D:\Program Files\Belkin\Logiciel Bluetooth\
ProcessID : 428
ThreadCreationTime : 30-07-2006 09:53:54
BasePriority : Normal
FileVersion : 4.0.1.2401
ProductVersion : 4.0.1.2401
ProductName : Bluetooth Software 4.0.1.2401
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright 2000-2005, Broadcom Corporation.
OriginalFilename : BTTray.exe
#:31 [hpohmr08.exe]
FilePath : D:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 500
ThreadCreationTime : 30-07-2006 09:53:55
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOHMR08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOHMR08.EXE
Comments : HP OfficeJet <Homer> Series COM Device Objects
#:32 [wincinemamgr.exe]
FilePath : D:\Program Files\InterVideo\Common\Bin\
ProcessID : 524
ThreadCreationTime : 30-07-2006 09:53:56
BasePriority : Normal
FileVersion : 2.0.5
ProductVersion : 2, 0, 5, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE
#:33 [hpoevm08.exe]
FilePath : D:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1400
ThreadCreationTime : 30-07-2006 09:54:01
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager
#:34 [alg.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1760
ThreadCreationTime : 30-07-2006 09:54:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:35 [wscntfy.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1880
ThreadCreationTime : 30-07-2006 09:54:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
#:36 [overnet.exe]
FilePath : F:\Overnet\
ProcessID : 3680
ThreadCreationTime : 30-07-2006 10:01:03
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Overnet Application
FileDescription : Overnet Application
InternalName : Overnet
LegalCopyright : Copyright (C) 2002
OriginalFilename : Overnet.EXE
#:37 [ewido.exe]
FilePath : D:\Program Files\ewido anti-spyware 4.0\
ProcessID : 3520
ThreadCreationTime : 30-07-2006 10:04:43
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe
#:38 [iexplore.exe]
FilePath : D:\Program Files\Internet Explorer\
ProcessID : 2392
ThreadCreationTime : 30-07-2006 12:34:42
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE
#:39 [ad-aware.exe]
FilePath : D:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3872
ThreadCreationTime : 30-07-2006 12:36:08
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@247realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@247realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@adtech[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@adtech[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@as1.falkag[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@estat[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@tradedoubler[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@www.smartadserver[1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 12
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
14:44:16 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:11.516
Objects scanned:194321
Objects identified:7
Objects ignored:0
New critical objects:7
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:34:28 30/07/2006
+ Scan result:
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@estat[1].txt -> TrackingCookie.Estat : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
::Report end
Ad-Aware SE Build 1.06r1
Logfile Created on:dimanche 30 juillet 2006 14:37:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R115 18.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):5 total references
Tracking Cookie(TAC index:3):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
30-07-2006 14:37:05 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : D:\Documents and Settings\Adriao.KOSVOCORE\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 640
ThreadCreationTime : 30-07-2006 09:53:24
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 30-07-2006 09:53:27
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 30-07-2006 09:53:29
BasePriority : High
#:4 [services.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 30-07-2006 09:53:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 768
ThreadCreationTime : 30-07-2006 09:53:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 30-07-2006 09:53:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 30-07-2006 09:53:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1056
ThreadCreationTime : 30-07-2006 09:53:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1088
ThreadCreationTime : 30-07-2006 09:53:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1228
ThreadCreationTime : 30-07-2006 09:53:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [explorer.exe]
FilePath : D:\WINDOWS\
ProcessID : 1440
ThreadCreationTime : 30-07-2006 09:53:36
BasePriority : Normal
FileVersion : 6.00.2900.2527 (xpsp.040919-1030)
ProductVersion : 6.00.2900.2527
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE
#:12 [soundman.exe]
FilePath : D:\WINDOWS\
ProcessID : 1556
ThreadCreationTime : 30-07-2006 09:53:37
BasePriority : Normal
FileVersion : 5.1.0.33
ProductVersion : 5.1.0.33
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:13 [rundll32.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1592
ThreadCreationTime : 30-07-2006 09:53:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE
#:14 [msgplus.exe]
FilePath : D:\Program Files\MessengerPlus! 3\
ProcessID : 1600
ThreadCreationTime : 30-07-2006 09:53:39
BasePriority : Normal
#:15 [avgcc.exe]
FilePath : D:\PROGRA~1\Grisoft\AVG Free\
ProcessID : 1608
ThreadCreationTime : 30-07-2006 09:53:40
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:16 [avgemc.exe]
FilePath : D:\PROGRA~1\Grisoft\AVG Free\
ProcessID : 1636
ThreadCreationTime : 30-07-2006 09:53:40
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:17 [qttask.exe]
FilePath : D:\Program Files\QuickTime\
ProcessID : 1648
ThreadCreationTime : 30-07-2006 09:53:41
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:18 [avgamsvr.exe]
FilePath : D:\PROGRA~1\Grisoft\AVG Free\
ProcessID : 1660
ThreadCreationTime : 30-07-2006 09:53:41
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:19 [realsched.exe]
FilePath : D:\Program Files\Fichiers communs\Real\Update_OB\
ProcessID : 1668
ThreadCreationTime : 30-07-2006 09:53:41
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:20 [dragdiag.exe]
FilePath : D:\Program Files\Alcatel\SpeedTouch USB\
ProcessID : 1708
ThreadCreationTime : 30-07-2006 09:53:42
BasePriority : Normal
FileVersion : 200.7.0.0
ProductVersion : 200.7.0.0
ProductName : SpeedTouch USB
CompanyName : THOMSON multimedia
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON multimedia 1999-2002
#:21 [avgupsvc.exe]
FilePath : D:\PROGRA~1\Grisoft\AVG Free\
ProcessID : 1816
ThreadCreationTime : 30-07-2006 09:53:44
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:22 [btwdins.exe]
FilePath : D:\Program Files\Belkin\Logiciel Bluetooth\bin\
ProcessID : 1836
ThreadCreationTime : 30-07-2006 09:53:44
BasePriority : Normal
FileVersion : 4.0.1.2401
ProductVersion : 4.0.1.2401
ProductName : Bluetooth Software 4.0.1.2401
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright 2000-2005, Broadcom Corporation.
OriginalFilename : BTWDIns.EXE
#:23 [ctfmon.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1872
ThreadCreationTime : 30-07-2006 09:53:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:24 [lclock.exe]
FilePath : D:\WINDOWS\
ProcessID : 1884
ThreadCreationTime : 30-07-2006 09:53:45
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LClock Application
FileDescription : LClock Application
InternalName : LClock
LegalCopyright : Copyright (C) 2004
OriginalFilename : LClock.exe
#:25 [nmbgmonitor.exe]
FilePath : D:\Program Files\Fichiers communs\Ahead\lib\
ProcessID : 1904
ThreadCreationTime : 30-07-2006 09:53:46
BasePriority : Normal
#:26 [msnmsgr.exe]
FilePath : D:\Program Files\MSN Messenger\
ProcessID : 1924
ThreadCreationTime : 30-07-2006 09:53:46
BasePriority : Normal
FileVersion : 7.5.0322
ProductVersion : 7.5.0322
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:27 [nvsvc32.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1952
ThreadCreationTime : 30-07-2006 09:53:47
BasePriority : Normal
FileVersion : 6.14.10.7772
ProductVersion : 6.14.10.7772
ProductName : NVIDIA Driver Helper Service, Version 77.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 77.72
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:28 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1972
ThreadCreationTime : 30-07-2006 09:53:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:29 [wdfmgr.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 176
ThreadCreationTime : 30-07-2006 09:53:51
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:30 [bttray.exe]
FilePath : D:\Program Files\Belkin\Logiciel Bluetooth\
ProcessID : 428
ThreadCreationTime : 30-07-2006 09:53:54
BasePriority : Normal
FileVersion : 4.0.1.2401
ProductVersion : 4.0.1.2401
ProductName : Bluetooth Software 4.0.1.2401
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright 2000-2005, Broadcom Corporation.
OriginalFilename : BTTray.exe
#:31 [hpohmr08.exe]
FilePath : D:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 500
ThreadCreationTime : 30-07-2006 09:53:55
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOHMR08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOHMR08.EXE
Comments : HP OfficeJet <Homer> Series COM Device Objects
#:32 [wincinemamgr.exe]
FilePath : D:\Program Files\InterVideo\Common\Bin\
ProcessID : 524
ThreadCreationTime : 30-07-2006 09:53:56
BasePriority : Normal
FileVersion : 2.0.5
ProductVersion : 2, 0, 5, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE
#:33 [hpoevm08.exe]
FilePath : D:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1400
ThreadCreationTime : 30-07-2006 09:54:01
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager
#:34 [alg.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1760
ThreadCreationTime : 30-07-2006 09:54:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:35 [wscntfy.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1880
ThreadCreationTime : 30-07-2006 09:54:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
#:36 [overnet.exe]
FilePath : F:\Overnet\
ProcessID : 3680
ThreadCreationTime : 30-07-2006 10:01:03
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Overnet Application
FileDescription : Overnet Application
InternalName : Overnet
LegalCopyright : Copyright (C) 2002
OriginalFilename : Overnet.EXE
#:37 [ewido.exe]
FilePath : D:\Program Files\ewido anti-spyware 4.0\
ProcessID : 3520
ThreadCreationTime : 30-07-2006 10:04:43
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe
#:38 [iexplore.exe]
FilePath : D:\Program Files\Internet Explorer\
ProcessID : 2392
ThreadCreationTime : 30-07-2006 12:34:42
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE
#:39 [ad-aware.exe]
FilePath : D:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3872
ThreadCreationTime : 30-07-2006 12:36:08
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@247realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@247realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@adtech[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@adtech[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@as1.falkag[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@estat[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@tradedoubler[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : adriao@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@www.smartadserver[1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 12
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
14:44:16 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:11.516
Objects scanned:194321
Objects identified:7
Objects ignored:0
New critical objects:7
