Webuser Forums: Adware Punisher problems

Hi,

I have big problems with this spyware, can you help me.

Logfile of HijackThis v1.99.1
Scan saved at 21:09:04, on 2006-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\shell386.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AvTask.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rds.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ouvrir Panda Titanium Antivirus 2004 (2).lnk = C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVLITE.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

Thank you to had take the time to answer my questions. I did what you tell me and there is the logs. I have another problem with adsmart.exe, my system tell me that this files is a virus...Sorry for my english I speak french regularly.

HJT new logs:

Logfile of HijackThis v1.99.1
Scan saved at 17:16:47, on 2006-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rds.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Win32.Exploit.A] C:\WINDOWS\system32\exa32.exe
O4 - HKLM\..\Run: [Win32.Virus.Smart32] C:\WINDOWS\system32\adsmart.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ouvrir Panda Titanium Antivirus 2004 (2).lnk = C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVLITE.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

-------------------------------

WinpFind.txt log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 2006-01-24 20:11:16 12292 C:\WINDOWS\loader138.exe

Checking %System% folder...
SAHAgent 2005-03-13 10:38:50 35 C:\WINDOWS\SYSTEM32\bln02nqv.ini
PEC2 2004-08-05 07:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc
SAHAgent 2005-03-29 21:55:12 3001 C:\WINDOWS\SYSTEM32\gah95on6.ini
PTech 2006-01-12 11:32:12 543496 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 2006-01-04 19:46:40 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2006-01-04 19:46:40 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2006-01-24 20:31:34 60928 C:\WINDOWS\SYSTEM32\mswinf32.dll
aspack 2006-01-24 20:31:34 60928 C:\WINDOWS\SYSTEM32\mswinf32.exe
aspack 2004-08-19 16:09:16 733184 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 2004-08-19 16:09:40 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 2004-08-05 07:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 2004-08-03 22:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2006-01-28 16:19:04 S 2048 C:\WINDOWS\bootstat.dat
2006-01-28 15:08:46 H 0 C:\WINDOWS\LastGood.Tmp\INF\codecs10.inf
2006-01-28 15:08:46 H 0 C:\WINDOWS\LastGood.Tmp\INF\codecs10.PNF
2006-01-28 15:08:42 H 0 C:\WINDOWS\LastGood.Tmp\INF\DRM10.inf
2006-01-28 15:08:42 H 0 C:\WINDOWS\LastGood.Tmp\INF\DRM10.PNF
2006-01-28 15:09:36 H 0 C:\WINDOWS\LastGood.Tmp\INF\MPCD10.inf
2006-01-28 15:09:36 H 0 C:\WINDOWS\LastGood.Tmp\INF\MPCD10.PNF
2006-01-28 15:08:24 H 0 C:\WINDOWS\LastGood.Tmp\INF\MPPRE10.inf
2006-01-28 15:08:24 H 0 C:\WINDOWS\LastGood.Tmp\INF\MPPRE10.PNF
2006-01-28 15:09:38 H 0 C:\WINDOWS\LastGood.Tmp\INF\MPSTUB10.inf
2006-01-28 15:09:38 H 0 C:\WINDOWS\LastGood.Tmp\INF\MPSTUB10.PNF
2006-01-28 15:08:56 H 0 C:\WINDOWS\LastGood.Tmp\INF\WMDM10.inf
2006-01-28 15:08:56 H 0 C:\WINDOWS\LastGood.Tmp\INF\WMDM10.PNF
2006-01-28 15:08:48 H 0 C:\WINDOWS\LastGood.Tmp\INF\WMFSDK10.inf
2006-01-28 15:08:48 H 0 C:\WINDOWS\LastGood.Tmp\INF\WMFSDK10.PNF
2006-01-28 15:09:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\WMP10.inf
2006-01-28 15:09:02 H 0 C:\WINDOWS\LastGood.Tmp\INF\WMP10.PNF
2006-01-28 15:09:40 H 0 C:\WINDOWS\LastGood.Tmp\INF\WMSET10.inf
2006-01-28 15:09:40 H 0 C:\WINDOWS\LastGood.Tmp\INF\WMSET10.PNF
2006-01-28 15:08:58 H 0 C:\WINDOWS\LastGood.Tmp\INF\WPD10.inf
2006-01-28 15:08:58 H 0 C:\WINDOWS\LastGood.Tmp\INF\WPD10.PNF
2006-01-28 15:08:58 H 0 C:\WINDOWS\LastGood.Tmp\INF\wpdmtp.inf
2006-01-28 15:08:58 H 0 C:\WINDOWS\LastGood.Tmp\INF\wpdmtp.PNF
2005-11-30 23:17:06 S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
2005-12-01 19:12:38 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
2006-01-02 18:09:26 S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
2006-01-28 16:18:52 H 8192 C:\WINDOWS\system32\config\default.LOG
2006-01-28 16:19:26 H 1024 C:\WINDOWS\system32\config\SAM.LOG
2006-01-28 16:19:06 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
2006-01-28 16:22:32 H 77824 C:\WINDOWS\system32\config\software.LOG
2006-01-28 16:19:14 H 872448 C:\WINDOWS\system32\config\system.LOG
2006-01-25 14:46:46 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
2005-12-17 09:36:28 S 18 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
2006-01-27 10:47:58 S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
2005-12-17 09:36:28 S 1370 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
2006-01-26 13:53:58 S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
2006-01-27 10:47:58 S 70226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
2005-12-17 09:36:28 S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
2006-01-27 10:47:58 S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
2005-12-17 09:36:28 S 194 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
2006-01-26 13:53:58 S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
2006-01-27 10:47:58 S 128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
2006-01-28 16:17:34 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 2004-08-19 16:10:06 71680 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 2004-09-20 17:20:44 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 2004-08-19 16:10:06 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 2004-08-19 16:10:06 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 2004-08-19 16:10:06 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 2004-08-19 16:10:06 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 2004-08-19 16:10:06 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 2004-08-19 16:10:06 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 2004-08-19 16:10:06 134144 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 2004-08-19 16:10:06 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 2004-08-19 16:10:06 70144 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2004-06-03 22:05:06 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 2004-08-05 07:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 2004-08-19 16:10:06 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 2004-08-05 07:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 2004-08-19 16:10:06 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 2004-08-19 16:10:06 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 2004-07-12 18:50:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 2004-08-19 16:10:06 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 2004-08-19 16:10:06 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 2004-09-23 17:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 2004-08-19 16:10:06 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 2004-08-05 07:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 2004-08-19 16:10:06 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 2004-08-19 16:10:06 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 2005-05-26 03:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 2004-08-05 07:00:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 2004-08-05 07:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 2004-08-05 07:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 2005-05-26 03:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2004-10-27 10:24:52 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
2005-01-13 22:26:10 779 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
2005-01-13 22:23:20 779 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
2006-01-14 16:11:26 1812 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
2005-03-30 11:12:38 991 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ouvrir Panda Titanium Antivirus 2004 (2).lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
2004-10-27 12:18:28 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
2005-01-13 22:26:04 357 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
2004-10-27 10:24:52 HS 84 C:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
2005-03-20 17:26:36 871 C:\Documents and Settings\utilisateur\Application Data\AdobeDLM.log
2004-10-27 12:18:28 HS 62 C:\Documents and Settings\utilisateur\Application Data\desktop.ini
2005-03-20 17:26:36 0 C:\Documents and Settings\utilisateur\Application Data\dm.ini
2005-08-21 11:56:10 20928 C:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fichiers hors connexion
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Panda Antivirus
{65756541-C65C-11CD-0000-4B656E696100} = C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Panda Antivirus
{65756541-C65C-11CD-0000-4B656E696100} = C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Fichiers hors connexion
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Astuce du jour = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan SOUNDMAN.EXE
SiSUSBRG C:\WINDOWS\SiSUSBrg.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HPDJ Taskbar Utility C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
Motive SmartBridge C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
APVXDWIN "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
TkBellExe "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
WinampAgent C:\Program Files\Winamp\winampa.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Win32.Exploit.A C:\WINDOWS\system32\exa32.exe
Win32.Virus.Smart32 C:\WINDOWS\system32\adsmart.exe
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
WMC_RebootCheck C:\WINDOWS\inf\unregmp2.exe /FixUps

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
MPlayer2_FixUp C:\WINDOWS\inf\unregmp2.exe /Fixups

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key -‚jÂŽM•7û†¼¿ï2
FileName0 C:\WINDOWS\system32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v 0
s 0
n 0
l 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2006-01-28 17:08:25

---------------------------

Ewido Scan -

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 17:01:15, 2006-01-28
+ Somme de contrôle: D689D132

+ Résultats du scan:

:mozilla.10:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.11:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
:mozilla.31:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.32:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.33:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.34:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.35:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.36:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
:mozilla.44:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Burstnet : Nettoyer et sauvegarder
:mozilla.45:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Burstnet : Nettoyer et sauvegarder
:mozilla.46:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder
:mozilla.47:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder
:mozilla.48:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder
:mozilla.60:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.61:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.62:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.69:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
:mozilla.70:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.78:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.80:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
:mozilla.81:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.82:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.83:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.84:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.85:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.113:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.114:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.115:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.119:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
:mozilla.120:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
:mozilla.122:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
:mozilla.126:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
:mozilla.127:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
:mozilla.128:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
:mozilla.129:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
:mozilla.138:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.139:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.140:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
:mozilla.141:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
:mozilla.147:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.148:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.149:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.150:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.151:C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\84cmt6px.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\RECYCLER\S-1-5-21-2913609638-1696499360-2375218846-1005\Dc7.exe -> Downloader.VB.vb : Nettoyer et sauvegarder
C:\RECYCLER\S-1-5-21-2913609638-1696499360-2375218846-1005\Dc9.exe -> Downloader.Adload.l : Nettoyer et sauvegarder
C:\WINDOWS\system32\intxt.exe -> Adware.CashDeluxe : Nettoyer et sauvegarder
C:\WINDOWS\system32\mswinb32.dll -> Adware.CashDeluxe : Nettoyer et sauvegarder
C:\WINDOWS\system32\mswinb32.exe -> Adware.CashDeluxe : Nettoyer et sauvegarder
C:\WINDOWS\temp.000.exe -> Adware.CashDeluxe : Nettoyer et sauvegarder

::Fin du rapport

Navigation

Webuser.co.uk

Web User Alerts

Web User Network

Site Policies

Magazine Subscription

Contacts

Search