Infecté par Gaelicum.A

Adrian -  
 adrian -
bonjour, voila mon probleme est le meme que pour beaucoup, j'ai des setup.exe qui sont infectés par Gaelicum.A.
Je vous post le rapport hijack this :

Logfile of HijackThis v1.99.1
Scan saved at 19:54:34, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
D:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
D:\Program Files\Sophos\AutoUpdate\ALsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
D:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\lclock.exe
D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Sophos\AutoUpdate\ALMon.exe
D:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\SpywareBot\SpywareBot.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://melanthios-ana.com/zcvisitor/1624d318-3614-11eb-87b9-12a1ab6c324d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=47f83760-f118-11ea-9bc8-0ac2bbf4ada7
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] D:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [PathNvidiaTV] D:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [spywarebot] D:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = D:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - D:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{121FB0E2-14AF-4F33-A926-5EC9DE376D2F}: NameServer = 169.254.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{32327822-CEFF-40C0-A0FA-02907B1C993E}: NameServer = 84.103.237.143 86.64.145.143
O17 - HKLM\System\CS1\Services\Tcpip\..\{121FB0E2-14AF-4F33-A926-5EC9DE376D2F}: NameServer = 169.254.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{121FB0E2-14AF-4F33-A926-5EC9DE376D2F}: NameServer = 169.254.0.0
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe

Merci de votre aide.

Adrian

11 réponses

  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.

    +

    Telecharge ceci
    https://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
  2. Adrian
     
    AC3Filter (remove only)
    Ad-Aware SE Personal
    Adobe Photoshop CS
    Adobe Reader 6.0
    Alcatel SpeedTouch USB Software
    Archiveur WinRAR
    AtomixMP3 v2.3 Trial
    AVG Free Edition
    Belkin Bluetooth Software
    BSPlayer
    CDex extraction audio
    Change Extension
    CleanUp!
    CloneDVD2
    Creative DVD Audio Plugin for Audigy Series
    Creative PC-CAM Center Lite
    Creative WebCam Monitor
    Creative WebCam NX Driver (1.02.01.0827)
    Disque de souvenirs HP
    DivX Pro Codec
    DVD Shrink 3.2
    EVEREST Home Edition v2.01
    Everest Poker (Remove Only)
    EvilLyrics
    ffdshow (remove only)
    FlashFXP
    FusionSoft DVD Player XP Version 5.0
    HijackThis 1.99.1
    hp psc 1200 series
    Huffyuv AVI lossless video codec (Remove Only)
    Ink
    InterActual Player
    InterVideo WinDVD 7
    iPod Update 2004-04-28
    iTunes
    K!TV
    Lecteur Windows Media 10
    L'Internet ADSL de Cegetel
    Macromedia Flash Player 8
    Messenger Plus! 3
    Michael Schumacher World Tour Kart 2004 Demo
    Microsoft Office 2000 Premium
    MilkDrop for Winamp 2x (remove only)
    MSN Messenger 7.5
    MSXML 4.0 SP2 Parser and SDK
    Nero 7 Demo
    NVIDIA Drivers
    Photo et imagerie HP 2.0 - All-in-One
    Photo et imagerie HP 2.0 - All-in-One Pilote
    Photo et imagerie HP 2.0 - hp psc 1200 series
    PowerDVD
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio
    Sophos Anti-Virus
    Sophos AutoUpdate
    Spybot - Search & Destroy 1.3
    SpywareBot 3.6.0.3
    StuffPlug-NG (Messenger Plus! Plugins)
    Vodafone 804SS USB driver Software
    Winamp (remove only)
    Windows Media Format 9 Series SDK
    Windows Media Format Runtime
    XviD Video Codec 24062003-1 (Koepi's developer build)

    et

    "Silent Runners.vbs", revision 46, https://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
    "LClock" = "lclock.exe" [null data]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
    "MessengerPlus3" = ""D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
    "msnmsgr" = ""D:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "NVRTCLK" = "D:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]
    "PathNvidiaTV" = "D:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe" [file not found]
    "NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
    "MessengerPlus3" = ""D:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
    "AVG7_CC" = "D:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
    "AVG7_EMC" = "D:\PROGRA~1\Grisoft\AVG Free\avgemc.exe" ["GRISOFT, s.r.o."]
    "QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "TkBellExe" = ""D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "SpeedTouch USB Diagnostics" = ""D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"]
    "KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k" [MS]
    "spywarebot" = "D:\Program Files\SpywareBot\SpywareBot.exe -boot" ["SpywareBot Company"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {HKLM...CLSID} = "AVG7 Find Extension Class"
    \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{e0515e57-7dc3-11d3-8340-444553540000}" = "pmChangeExt"
    -> {HKLM...CLSID} = "pmChangeExt"
    \InProcServer32\(Default) = "d:\program files\change extension\pmchangeext.dll" ["Pierre-Marie DEVIGNE"]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "D:\PROGRA~1\Microsoft Office\Office\OLKFSTUB.DLL" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "D:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}" = "Sophos Anti-Virus Shell Extension"
    -> {HKLM...CLSID} = "ContextMenuHandler Class"
    \InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
    "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
    -> {HKLM...CLSID} = "Favoris Bluetooth"
    \InProcServer32\(Default) = "D:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
    -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
    \InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    pmChangeExt\(Default) = "{e0515e57-7dc3-11d3-8340-444553540000}"
    -> {HKLM...CLSID} = "pmChangeExt"
    \InProcServer32\(Default) = "d:\program files\change extension\pmchangeext.dll" ["Pierre-Marie DEVIGNE"]
    SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
    -> {HKLM...CLSID} = "ContextMenuHandler Class"
    \InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
    -> {HKLM...CLSID} = "ContextMenuHandler Class"
    \InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    SavShellExt\(Default) = "{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}"
    -> {HKLM...CLSID} = "ContextMenuHandler Class"
    \InProcServer32\(Default) = "D:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll" ["Sophos Plc"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "D:\Documents and Settings\Adriao.KOSVOCORE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "D:\WINDOWS\system32\logon.scr" [MS]

    Startup items in "Adriao" & "All Users" startup folders:
    --------------------------------------------------------

    D:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
    "Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "AutoUpdate Monitor" -> shortcut to: "D:\Program Files\Sophos\AutoUpdate\ALMon.exe" ["Sophos Plc"]
    "BTTray" -> shortcut to: "D:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe" ["Broadcom Corporation."]
    "hp psc 1000 series" -> shortcut to: "D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
    "InterVideo WinCinema Manager" -> shortcut to: "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
    "Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

    Enabled Scheduled Tasks:
    ------------------------

    "FRU Task #Hewlett-Packard#hp psc 1200 series#1139160749" -> launches: "D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1139160749"" [empty string]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Real.com"
    \InProcServer32\(Default) = "D:\WINDOWS\system32\Shdocvw.dll" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {CCA281CA-C863-46EF-9331-5C8D4460577F}\
    "ButtonText" = "@btrez.dll,-4015"
    "MenuText" = "@btrez.dll,-4017"
    "Script" = "D:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm" [null data]

    {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
    "ButtonText" = "Real.com"

    Miscellaneous IE Hijack Points
    ------------------------------

    D:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe" ["GRISOFT, s.r.o."]
    AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe" ["GRISOFT, s.r.o."]
    Bluetooth Service, btwdins, "D:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe" ["Broadcom Corporation."]
    Créateur de rapports d'état Sophos Anti-Virus, SAVAdminService, ""D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe"" ["Sophos Plc"]
    NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    Sophos Anti-Virus, SAVService, ""D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe"" ["Sophos Plc"]
    Sophos AutoUpdate Service, Sophos AutoUpdate Service, ""D:\Program Files\Sophos\AutoUpdate\ALsvc.exe"" ["Sophos Plc"]
    Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
    Port imprimante Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 33 seconds, including 18 seconds for message boxes)

    Merci beaucoup de ton aide
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    desinstalle ceci
    Spybot - Search & Destroy 1.3
    SpywareBot 3.6.0.3

    Installe la version recente de spybot

    Spybot S&D 1.4
    https://www.safer-networking.org/

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06
    https://www.adaware.com/
    -Une aide:
    http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    3/ Ewido:

    http://perso.orange.fr/entraide-hijackthis/Ewido/

    Installation puis mises à jour.

    Scan ton pc avec les 3.

    Par contre, je vois sophos et avg, tu as 2antivirus?

    a+
    0
  4. Adrian
     
    j'avais 2 antivirus oui, je viens de vire sophos qui n'arrivait pas à faire les maj.

    merci de ton aide je test tout ça
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok

    a+
    0
  7. Adrian
     
    bon j'ai essayé tout ce que tu m'as dis, mais j'ai tjs des setup.exe qui se créent avec le virus Gaelicum.A

    que dois-je faire maintenant ?

    merci
    0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    salut

    tu as un rapport a me donner?

    a+
    0
  9. Adrian
     
    dis moi un rapport de quoi et jte donne ça pas de probleme :)

    merci de ton aide
    0
  10. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re

    Spybot, ad aware et ewido, je peux avoir les 3? lol
    0
  11. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    EWIDO ==> no action taken ==> n'a pas fonctionné

    D – Ewido
    https://www.malekal.com/tutorial-et-guide-ewido-v4/
    règle ton ewido sur delete ou remove
    Copie/colle le rapport

    A++
    0
  12. adrian
     
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 14:34:28 30/07/2006

    + Scan result:

    D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
    D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
    D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
    D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@estat[1].txt -> TrackingCookie.Estat : No action taken.
    D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
    D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
    D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.

    ::Report end

    Ad-Aware SE Build 1.06r1
    Logfile Created on:dimanche 30 juillet 2006 14:37:05
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R115 18.07.2006
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    MRU List(TAC index:0):5 total references
    Tracking Cookie(TAC index:3):7 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    30-07-2006 14:37:05 - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : D:\Documents and Settings\Adriao.KOSVOCORE\recent
    Description : list of recently opened documents

    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw

    MRU List Object Recognized!
    Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent skins in realplayer

    MRU List Object Recognized!
    Location: : S-1-5-21-823518204-1563985344-725345543-1003\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent clips in realplayer

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 640
    ThreadCreationTime : 30-07-2006 09:53:24
    BasePriority : Normal

    #:2 [csrss.exe]
    FilePath : \??\D:\WINDOWS\system32\
    ProcessID : 688
    ThreadCreationTime : 30-07-2006 09:53:27
    BasePriority : Normal

    #:3 [winlogon.exe]
    FilePath : \??\D:\WINDOWS\system32\
    ProcessID : 712
    ThreadCreationTime : 30-07-2006 09:53:29
    BasePriority : High

    #:4 [services.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 756
    ThreadCreationTime : 30-07-2006 09:53:30
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Applications Services et Contrôleur
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 768
    ThreadCreationTime : 30-07-2006 09:53:30
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 920
    ThreadCreationTime : 30-07-2006 09:53:32
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 968
    ThreadCreationTime : 30-07-2006 09:53:32
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : D:\WINDOWS\System32\
    ProcessID : 1056
    ThreadCreationTime : 30-07-2006 09:53:33
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 1088
    ThreadCreationTime : 30-07-2006 09:53:33
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [spoolsv.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 1228
    ThreadCreationTime : 30-07-2006 09:53:33
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:11 [explorer.exe]
    FilePath : D:\WINDOWS\
    ProcessID : 1440
    ThreadCreationTime : 30-07-2006 09:53:36
    BasePriority : Normal
    FileVersion : 6.00.2900.2527 (xpsp.040919-1030)
    ProductVersion : 6.00.2900.2527
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Explorateur Windows
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : EXPLORER.EXE

    #:12 [soundman.exe]
    FilePath : D:\WINDOWS\
    ProcessID : 1556
    ThreadCreationTime : 30-07-2006 09:53:37
    BasePriority : Normal
    FileVersion : 5.1.0.33
    ProductVersion : 5.1.0.33
    ProductName : Realtek Sound Manager
    CompanyName : Realtek Semiconductor Corp.
    FileDescription : Realtek Sound Manager
    InternalName : ALSMTray
    LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
    OriginalFilename : ALSMTray.exe
    Comments : Realtek AC97 Audio Sound Manager

    #:13 [rundll32.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 1592
    ThreadCreationTime : 30-07-2006 09:53:39
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Exécuter une DLL en tant qu'application
    InternalName : rundll
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : RUNDLL.EXE

    #:14 [msgplus.exe]
    FilePath : D:\Program Files\MessengerPlus! 3\
    ProcessID : 1600
    ThreadCreationTime : 30-07-2006 09:53:39
    BasePriority : Normal

    #:15 [avgcc.exe]
    FilePath : D:\PROGRA~1\Grisoft\AVG Free\
    ProcessID : 1608
    ThreadCreationTime : 30-07-2006 09:53:40
    BasePriority : Normal
    FileVersion : 7,1,0,381
    ProductVersion : 7.1.0.381
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC
    LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
    OriginalFilename : AvgCC.EXE

    #:16 [avgemc.exe]
    FilePath : D:\PROGRA~1\Grisoft\AVG Free\
    ProcessID : 1636
    ThreadCreationTime : 30-07-2006 09:53:40
    BasePriority : Normal
    FileVersion : 7,1,0,371
    ProductVersion : 7.1.0.371
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG E-Mail Scanner
    InternalName : avgemc
    LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename : avgemc.exe

    #:17 [qttask.exe]
    FilePath : D:\Program Files\QuickTime\
    ProcessID : 1648
    ThreadCreationTime : 30-07-2006 09:53:41
    BasePriority : Normal
    FileVersion : 6.5.1
    ProductVersion : QuickTime 6.5.1
    ProductName : QuickTime
    CompanyName : Apple Computer, Inc.
    InternalName : QuickTime Task
    LegalCopyright : © Apple Computer, Inc. 2001-2004
    OriginalFilename : QTTask.exe

    #:18 [avgamsvr.exe]
    FilePath : D:\PROGRA~1\Grisoft\AVG Free\
    ProcessID : 1660
    ThreadCreationTime : 30-07-2006 09:53:41
    BasePriority : Normal
    FileVersion : 7,1,0,365
    ProductVersion : 7.1.0.365
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Alert Manager
    InternalName : avgamsvr
    LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename : avgamsvr.EXE

    #:19 [realsched.exe]
    FilePath : D:\Program Files\Fichiers communs\Real\Update_OB\
    ProcessID : 1668
    ThreadCreationTime : 30-07-2006 09:53:41
    BasePriority : Normal
    FileVersion : 0.1.0.3510
    ProductVersion : 0.1.0.3510
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:20 [dragdiag.exe]
    FilePath : D:\Program Files\Alcatel\SpeedTouch USB\
    ProcessID : 1708
    ThreadCreationTime : 30-07-2006 09:53:42
    BasePriority : Normal
    FileVersion : 200.7.0.0
    ProductVersion : 200.7.0.0
    ProductName : SpeedTouch USB
    CompanyName : THOMSON multimedia
    FileDescription : SpeedTouch Statistics
    LegalCopyright : Copyright© THOMSON multimedia 1999-2002

    #:21 [avgupsvc.exe]
    FilePath : D:\PROGRA~1\Grisoft\AVG Free\
    ProcessID : 1816
    ThreadCreationTime : 30-07-2006 09:53:44
    BasePriority : Normal
    FileVersion : 7,1,0,349
    ProductVersion : 7.1.0.349
    ProductName : AVG 7.0 Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Update Service
    InternalName : avgupsvc
    LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename : avgupdsvc.EXE

    #:22 [btwdins.exe]
    FilePath : D:\Program Files\Belkin\Logiciel Bluetooth\bin\
    ProcessID : 1836
    ThreadCreationTime : 30-07-2006 09:53:44
    BasePriority : Normal
    FileVersion : 4.0.1.2401
    ProductVersion : 4.0.1.2401
    ProductName : Bluetooth Software 4.0.1.2401
    CompanyName : Broadcom Corporation.
    FileDescription : Bluetooth Support Server
    InternalName : BTWDIns
    LegalCopyright : Copyright 2000-2005, Broadcom Corporation.
    OriginalFilename : BTWDIns.EXE

    #:23 [ctfmon.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 1872
    ThreadCreationTime : 30-07-2006 09:53:45
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:24 [lclock.exe]
    FilePath : D:\WINDOWS\
    ProcessID : 1884
    ThreadCreationTime : 30-07-2006 09:53:45
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : LClock Application
    FileDescription : LClock Application
    InternalName : LClock
    LegalCopyright : Copyright (C) 2004
    OriginalFilename : LClock.exe

    #:25 [nmbgmonitor.exe]
    FilePath : D:\Program Files\Fichiers communs\Ahead\lib\
    ProcessID : 1904
    ThreadCreationTime : 30-07-2006 09:53:46
    BasePriority : Normal

    #:26 [msnmsgr.exe]
    FilePath : D:\Program Files\MSN Messenger\
    ProcessID : 1924
    ThreadCreationTime : 30-07-2006 09:53:46
    BasePriority : Normal
    FileVersion : 7.5.0322
    ProductVersion : 7.5.0322
    ProductName : MSN Messenger
    CompanyName : Microsoft Corporation
    FileDescription : MSN Messenger
    InternalName : msnmsgr
    LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
    LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msnmsgr.exe

    #:27 [nvsvc32.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 1952
    ThreadCreationTime : 30-07-2006 09:53:47
    BasePriority : Normal
    FileVersion : 6.14.10.7772
    ProductVersion : 6.14.10.7772
    ProductName : NVIDIA Driver Helper Service, Version 77.72
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 77.72
    InternalName : NVSVC
    LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename : nvsvc32.exe

    #:28 [svchost.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 1972
    ThreadCreationTime : 30-07-2006 09:53:48
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:29 [wdfmgr.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 176
    ThreadCreationTime : 30-07-2006 09:53:51
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:30 [bttray.exe]
    FilePath : D:\Program Files\Belkin\Logiciel Bluetooth\
    ProcessID : 428
    ThreadCreationTime : 30-07-2006 09:53:54
    BasePriority : Normal
    FileVersion : 4.0.1.2401
    ProductVersion : 4.0.1.2401
    ProductName : Bluetooth Software 4.0.1.2401
    CompanyName : Broadcom Corporation.
    FileDescription : Bluetooth Tray Application
    InternalName : BTTray
    LegalCopyright : Copyright 2000-2005, Broadcom Corporation.
    OriginalFilename : BTTray.exe

    #:31 [hpohmr08.exe]
    FilePath : D:\Program Files\Hewlett-Packard\Digital Imaging\bin\
    ProcessID : 500
    ThreadCreationTime : 30-07-2006 09:53:55
    BasePriority : Normal
    FileVersion : 4.2.0.020
    ProductVersion : 2.4.1.020
    ProductName : hp digital imaging - hp all-in-one series
    CompanyName : Hewlett-Packard Co.
    FileDescription : HP OfficeJet COM Device Objects
    InternalName : HPOHMR08
    LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
    OriginalFilename : HPOHMR08.EXE
    Comments : HP OfficeJet <Homer> Series COM Device Objects

    #:32 [wincinemamgr.exe]
    FilePath : D:\Program Files\InterVideo\Common\Bin\
    ProcessID : 524
    ThreadCreationTime : 30-07-2006 09:53:56
    BasePriority : Normal
    FileVersion : 2.0.5
    ProductVersion : 2, 0, 5, 0
    ProductName : WinCinema Manager for InterVideo WinCinema products
    CompanyName : InterVideo Inc.
    FileDescription : WinCinema Manager
    InternalName : WinCinema Manager
    LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
    OriginalFilename : WinCinemaMgr.EXE

    #:33 [hpoevm08.exe]
    FilePath : D:\Program Files\Hewlett-Packard\Digital Imaging\bin\
    ProcessID : 1400
    ThreadCreationTime : 30-07-2006 09:54:01
    BasePriority : Normal
    FileVersion : 4.2.0.020
    ProductVersion : 2.4.1.020
    ProductName : hp digital imaging - hp all-in-one series
    CompanyName : Hewlett-Packard Co.
    FileDescription : HP OfficeJet COM Event Manager
    InternalName : HPOEVM08
    LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
    OriginalFilename : HPOEVM08.EXE
    Comments : HP OfficeJet COM Event Manager

    #:34 [alg.exe]
    FilePath : D:\WINDOWS\System32\
    ProcessID : 1760
    ThreadCreationTime : 30-07-2006 09:54:02
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:35 [wscntfy.exe]
    FilePath : D:\WINDOWS\system32\
    ProcessID : 1880
    ThreadCreationTime : 30-07-2006 09:54:03
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Security Center Notification App
    InternalName : wscntfy.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : wscntfy.exe

    #:36 [overnet.exe]
    FilePath : F:\Overnet\
    ProcessID : 3680
    ThreadCreationTime : 30-07-2006 10:01:03
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : Overnet Application
    FileDescription : Overnet Application
    InternalName : Overnet
    LegalCopyright : Copyright (C) 2002
    OriginalFilename : Overnet.EXE

    #:37 [ewido.exe]
    FilePath : D:\Program Files\ewido anti-spyware 4.0\
    ProcessID : 3520
    ThreadCreationTime : 30-07-2006 10:04:43
    BasePriority : Normal
    FileVersion : 4, 0, 0, 172
    ProductVersion : 4, 0, 0, 172
    ProductName : ewido anti-spyware
    CompanyName : Anti-Malware Development a.s.
    FileDescription : ewido anti-spyware
    InternalName : ewido anti-spyware
    LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
    OriginalFilename : ewido.exe

    #:38 [iexplore.exe]
    FilePath : D:\Program Files\Internet Explorer\
    ProcessID : 2392
    ThreadCreationTime : 30-07-2006 12:34:42
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : IEXPLORE.EXE

    #:39 [ad-aware.exe]
    FilePath : D:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 3872
    ThreadCreationTime : 30-07-2006 12:36:08
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 5

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 5

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 5

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : adriao@247realmedia[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@247realmedia[2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : adriao@adtech[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@adtech[1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : adriao@as1.falkag[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@as1.falkag[2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : adriao@bluestreak[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@bluestreak[1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : adriao@estat[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@estat[1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : adriao@tradedoubler[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@tradedoubler[2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : adriao@www.smartadserver[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : D:\Documents and Settings\Adriao.KOSVOCORE\Cookies\adriao@www.smartadserver[1].txt

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 7
    Objects found so far: 12

    Deep scanning and examining files (D:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for D:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 12

    Deep scanning and examining files (F:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for F:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 12

    Scanning Hosts file......
    Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 12

    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 12

    14:44:16 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:07:11.516
    Objects scanned:194321
    Objects identified:7
    Objects ignored:0
    New critical objects:7
    0