Aller au contenu

verso6110

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    26

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français

verso6110's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. verso6110
    RE- j'ai regagné mes pénates et ne peux donc plus intervenir sur le micro de mon amie. Je continuerai lors de mon prochain séjour chez elle. Je te remercie pour ton aide.
  2. verso6110
    Bonjour, Il s'agit de la désinstallation de combofix/uninstall - windows ne trouve pas le fichier, je l'ai probablement supprimé d'un clic droit . Quelle conséquence pour le micro de mon amie ? Merci
  3. verso6110
    Pb - lorsque j'exécute la commande, windows ne trouve pas le dossier et pourtant, il figure toujours sur le c. Que faire ? Peut-être l'ai-je déja supprimé mais pas avec cette commande. Quelle conséquence ? Il s'agit bien de F-secure. A demain
  4. verso6110
    RE La navigation est nettement plus rapide mais le micro "ronfle "un peu mais ce n'est pas le mien alors je ne saurais dire si tout est OK qq pb avec l'antivirus orange que je n'ai pas pu entièrement désinstallé. Encore un grand merci pour ton aide. nouveau rapport HijackThis ci-dessous Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:58:08, on 22/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\UStorSrv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Creative\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\lxcecoms.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\IZArc\IZArc.exe C:\DOCUME~1\jos\LOCALS~1\Temp\ARC4\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 8114 bytes
  5. verso6110
    Après compression 1,43 Mo.
  6. verso6110
    RE-ci-dessous le nouveau rapport ComboFix 09-11-19.05 - jos 20/11/2009 9:47.2.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.478.174 [GMT 1:00] Lancé depuis: c:\documents and settings\jos\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\jos\Bureau\CFscript.txt file zipped: c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Sukoku c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe c:\program files\Sukoku c:\program files\Sukoku\sukoku.dll c:\program files\Sukoku\sukoku.exe c:\program files\Sukoku\uninstall.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SUKOKU_SERVICE -------\Service_Sukoku Service ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-20 au 2009-11-20 )))))))))))))))))))))))))))))))))))) . 2009-11-19 09:40 . 2009-11-19 09:42 -------- d-----w- C:\rsit 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\jos\Application Data\Malwarebytes 2009-11-19 09:08 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-19 09:08 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-18 16:45 . 2009-11-18 16:45 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-20 09:00 . 2008-11-19 19:22 -------- d-----w- c:\documents and settings\jos\Application Data\Skype 2009-11-20 08:58 . 2005-05-20 13:29 -------- d-----w- c:\program files\Wanadoo 2009-11-20 08:57 . 2005-12-27 19:25 -------- d-----w- c:\program files\Lx_cats 2009-11-20 07:32 . 2008-11-19 19:24 -------- d-----w- c:\documents and settings\jos\Application Data\skypePM 2009-11-18 16:28 . 2005-06-20 19:43 -------- d-----w- c:\program files\IncrediMail 2009-11-18 16:21 . 2009-10-13 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-18 15:49 . 2008-02-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-25 09:30 . 2004-08-17 09:31 64052 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 09:30 . 2004-08-17 09:31 445672 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\program files\Lavasoft 2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-11 14:34 . 2004-08-05 08:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 15:37 . 2005-05-01 03:04 43600 ----a-w- c:\documents and settings\jos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-06 16:59 . 2008-11-19 16:39 304160 ----a-w- C:\PA207.DAT 2009-09-04 20:46 . 2004-08-05 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:28 . 2004-08-05 08:00 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:28 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:28 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:15 . 2004-08-05 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\Detector\CTDetect.exe" [2004-12-02 102400] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784] "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-18 98304] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438] "MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-01-10 32768] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424] c:\documents and settings\jos\Menu D‚marrer\Programmes\D‚marrage\ Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\dslmon.exe [2005-5-20 938055] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 13:30 508160] . Contenu du dossier 'Tâches planifiées' 2009-11-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-19 19:58] 2009-11-20 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDetect.exe [2005-12-15 12:39] 2009-11-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-Sukoku - c:\program files\Sukoku\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-20 09:57 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?6?5??????? ???B?????????????H<C? ?????? LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2568) c:\windows\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll c:\windows\system32\ntshrui.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\stobject.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\CTsvcCDA.EXE c:\windows\System32\FTRTSVC.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\UStorSrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\lxcecoms.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2009-11-20 10:03 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-20 09:03 ComboFix2.txt 2009-11-20 08:06 Avant-CF: 42 614 661 120 octets libres Après-CF: 42 516 414 464 octets libres - - End Of File - - DF956D4CAD3C448C7BB6F61B192B739F Alors ????Est-ce correct ?
  7. verso6110
    Bonjour, Un grand merci pour ton aide ; l'ordi de mon amie était bien infecté par un tas de "cochonneries". Je te joins le rapport généré par combofix. Très bonne journée et j'espère que cette fois ça va être clean. ComboFix 09-11-19.05 - jos 20/11/2009 8:50.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.478.225 [GMT 1:00] Lancé depuis: c:\documents and settings\jos\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\jos\Mes documents\ZbThumbnail.info C:\MS32DLL.dll.vbs c:\recycler\NPROTECT c:\recycler\S-1-5-21-3070571815-876093731-1674132383-1003 c:\recycler\S-1-5-21-823518204-1958367476-725345543-1003 c:\windows\MS32DLL.dll.vbs . ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-20 au 2009-11-20 )))))))))))))))))))))))))))))))))))) . 2009-11-19 09:40 . 2009-11-19 09:42 -------- d-----w- C:\rsit 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\jos\Application Data\Malwarebytes 2009-11-19 09:08 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-19 09:08 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-18 16:45 . 2009-11-18 16:45 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-20 08:02 . 2008-11-19 19:22 -------- d-----w- c:\documents and settings\jos\Application Data\Skype 2009-11-20 07:38 . 2005-12-27 19:25 -------- d-----w- c:\program files\Lx_cats 2009-11-20 07:32 . 2005-05-20 13:29 -------- d-----w- c:\program files\Wanadoo 2009-11-20 07:32 . 2008-11-19 19:24 -------- d-----w- c:\documents and settings\jos\Application Data\skypePM 2009-11-18 16:28 . 2005-06-20 19:43 -------- d-----w- c:\program files\IncrediMail 2009-11-18 16:21 . 2009-10-13 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-18 15:49 . 2008-02-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-25 09:30 . 2004-08-17 09:31 64052 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 09:30 . 2004-08-17 09:31 445672 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\program files\Lavasoft 2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-29 15:31 . 2009-09-03 13:01 -------- d-----w- c:\program files\Sukoku 2009-09-29 11:35 . 2009-09-03 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sukoku 2009-09-22 21:28 . 2009-09-29 11:35 54760 ----a-w- c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe 2009-09-11 14:34 . 2004-08-05 08:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 15:37 . 2005-05-01 03:04 43600 ----a-w- c:\documents and settings\jos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-06 16:59 . 2008-11-19 16:39 304160 ----a-w- C:\PA207.DAT 2009-09-04 20:46 . 2004-08-05 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:28 . 2004-08-05 08:00 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:28 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:28 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:15 . 2004-08-05 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\Detector\CTDetect.exe" [2004-12-02 102400] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784] "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-18 98304] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438] "MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-01-10 32768] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424] c:\documents and settings\jos\Menu D‚marrer\Programmes\D‚marrage\ Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\dslmon.exe [2005-5-20 938055] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 13:30 508160] S4 Sukoku Service;Sukoku Service;c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe [29/09/2009 12:35 54760] . Contenu du dossier 'Tâches planifiées' 2009-11-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-19 19:58] 2009-11-20 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDetect.exe [2005-12-15 12:39] 2009-11-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 . - - - - ORPHELINS SUPPRIMES - - - - Notify-WgaLogon - (no file) AddRemove-HijackThis - c:\docume~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-20 09:02 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?6?5??????? ???B?????????????H<C? ?????? LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-11-20 09:06 ComboFix-quarantined-files.txt 2009-11-20 08:06 Avant-CF: 42 586 165 248 octets libres Après-CF: 42 628 218 880 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 8A254E0CE4EAC15B0EBE89EFBC28A5C4
  8. verso6110
    RE- j'ai suivi tes instructions Logfile of random's system information tool 1.06 (written by random/random) Run by jos at 2009-11-19 10:40:24 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 40 GB (71%) free of 57 GB Total RAM: 478 MB (20% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40:33, on 19/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\lxcecoms.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Documents and Settings\jos\Local Settings\Temporary Internet Files\Content.IE5\HRD16ZKY\RSIT[1].exe C:\DOCUME~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\jos.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 6859 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-06-17 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-06-17 118784] "UpdateManager"=C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2003-08-19 110592] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-05 98394] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-05 688218] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-02-18 98304] "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-09-17 290816] "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-10-13 229438] "MessagerStarter Wanadoo"=C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-01-10 32768] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344] "lxcemon.exe"=C:\Program Files\Lexmark 4300 Series\lxcemon.exe [2005-08-02 192512] "EzPrint"=C:\Program Files\Lexmark 4300 Series\ezprint.exe [2005-07-26 94208] "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008] "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480] "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "LXCECATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 [] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360] "Creative Detector"=C:\Program Files\Creative\Detector\CTDetect.exe [2004-12-02 102400] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\Documents and Settings\jos\Menu Démarrer\Programmes\Démarrage Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-06-17 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa2f330-e018-11d9-89d1-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c71b190-3f63-11dd-8b85-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f76c7e3-3c76-11dd-8b80-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5bf8894-2b1d-11de-8c59-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6192896-9a9f-11dc-8b0b-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs ======List of files/folders created in the last 1 months====== 2009-11-19 10:40:24 ----D---- C:\rsit 2009-11-19 10:08:56 ----D---- C:\Documents and Settings\jos\Application Data\Malwarebytes 2009-11-19 10:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-11-19 10:08:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-19 07:49:07 ----A---- C:\WINDOWS\imsins.BAK 2009-11-19 07:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2009-11-18 17:45:13 ----D---- C:\Program Files\CCleaner 2009-11-18 17:31:18 ----SHD---- C:\Config.Msi ======List of files/folders modified in the last 1 months====== 2009-11-19 10:40:33 ----D---- C:\WINDOWS\Prefetch 2009-11-19 10:39:42 ----D---- C:\Program Files\Lx_cats 2009-11-19 10:39:10 ----D---- C:\WINDOWS\Temp 2009-11-19 10:27:08 ----D---- C:\Program Files\Wanadoo 2009-11-19 10:25:38 ----D---- C:\Documents and Settings\jos\Application Data\Skype 2009-11-19 10:24:00 ----SD---- C:\WINDOWS\Tasks 2009-11-19 10:23:44 ----D---- C:\WINDOWS 2009-11-19 10:23:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-19 10:20:43 ----RD---- C:\Program Files 2009-11-19 10:19:36 ----RASH---- C:\MS32DLL.dll.vbs 2009-11-19 10:08:46 ----D---- C:\WINDOWS\system32\drivers 2009-11-19 08:03:38 ----D---- C:\Documents and Settings\jos\Application Data\skypePM 2009-11-19 07:52:09 ----D---- C:\WINDOWS\system32 2009-11-19 07:49:25 ----HD---- C:\WINDOWS\inf 2009-11-19 07:49:24 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-11-19 07:47:18 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-18 18:01:21 ----D---- C:\WINDOWS\Minidump 2009-11-18 18:01:21 ----D---- C:\WINDOWS\Debug 2009-11-18 17:31:25 ----SHD---- C:\WINDOWS\Installer 2009-11-18 17:28:54 ----D---- C:\Program Files\IncrediMail 2009-11-18 17:28:51 ----RSD---- C:\WINDOWS\Fonts 2009-11-18 17:24:07 ----A---- C:\WINDOWS\win.ini 2009-11-18 17:23:47 ----D---- C:\Program Files\Fichiers communs 2009-11-18 17:21:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-11-18 17:11:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-11-18 17:01:06 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-18 16:49:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-10-29 15:52:13 ----D---- C:\WINDOWS\Help 2009-10-25 10:30:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-21 05:07:57 ----A---- C:\WINDOWS\system32\mshtml.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys [] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800] R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-10-14 292864] R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-10-14 276480] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-05 13872] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-10 1041536] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-10 200064] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-06-17 708989] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824] R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-05 185824] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-11-08 85504] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-09-20 3210496] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-10 684800] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2002-07-23 32535] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2002-09-06 122073] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PAC207;PC Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 508160] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] R2 UStorage Server Service;UStorage Server Service; C:\WINDOWS\system32\UStorSrv.exe [2004-07-14 139264] R3 lxce_device;lxce_device; C:\WINDOWS\system32\lxcecoms.exe [2005-07-06 471040] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304] S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-08 401408] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 Sukoku Service;Sukoku Service; C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku119.exe [2009-09-22 54760] -----------------EOF-----------------
  9. verso6110
    RE- merci pour ton aide, je te joins le rapport généré par MBAM Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3195 Windows 5.1.2600 Service Pack 2 19/11/2009 10:20:44 mbam-log-2009-11-19 (10-20-44).txt Type de recherche: Examen rapide Eléments examinés: 106176 Temps écoulé: 7 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 23 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 25 Fichier(s) infecté(s): 286 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms32dll (VBS.Godzilla) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (Hacked by Godzilla) Good: (Internet Explorer) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Internet Saving Optimizer\3.7.1.4630\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150205.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150546.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150719.750.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-151645.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-161743.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-162337.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-162544.140.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-164243.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-164530.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165227.546.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165448.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165602.609.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-171723.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-172028.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174107.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174157.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174305.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174357.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-180715.500.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-183713.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-075402.625.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-075536.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-082241.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090909-091222.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-154351.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-154457.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155005.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155147.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155149.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155314.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155314.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155726.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155914.859.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-160231.546.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-160557.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-161034.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-161355.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-091902.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-091902.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142106.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142419.671.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142617.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142839.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143028.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143213.015.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143453.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143723.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143818.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144144.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144305.671.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144936.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145053.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145321.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145436.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145731.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145820.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145907.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150226.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150430.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150624.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151125.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151149.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151255.515.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151525.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151639.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-152030.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090918-182258.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090918-183151.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-141456.124.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142833.452.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142918.077.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142950.827.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143013.249.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143621.561.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143634.264.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143749.530.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-173701.593.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-174136.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-133650.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-133650.093.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-173347.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091002-183234.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-144013.462.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-144142.493.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-152258.087.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091007-165352.015.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-181511.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-182226.140.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-182553.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-110456.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111214.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111421.531.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111813.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112407.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112541.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112803.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-114650.437.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-115024.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-120047.796.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115606.796.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115940.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115941.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-212612.125.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-212703.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214159.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214236.750.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214644.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214700.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-215019.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223023.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223257.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223439.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223724.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223822.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-232509.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-234309.828.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-235448.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-235823.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-000044.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-192948.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-193401.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091019-165413.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150111.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150205.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150546.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150719.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-151645.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-161743.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-162337.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-162544.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-164243.796.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-164530.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165227.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165448.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165602.578.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-171723.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-172028.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174107.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174157.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174305.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174357.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-180715.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-183712.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-075402.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-075536.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-082240.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090909-091222.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-154351.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-154457.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155004.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155147.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155149.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155314.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155314.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155723.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155723.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155914.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-160230.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-160557.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-161034.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-161354.609.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-091901.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142106.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142419.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142617.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142839.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143028.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143212.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143453.046.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143723.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143818.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144144.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144305.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144936.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145053.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145321.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145436.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145731.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145820.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145907.859.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150226.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150430.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150624.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151125.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151148.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151255.500.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151525.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151639.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-152030.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090918-182258.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090918-183150.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-141456.061.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142833.421.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142918.046.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142950.796.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143013.217.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143621.530.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143634.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143749.499.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-173701.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-174136.437.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-133649.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-133649.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-173347.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091002-183234.546.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-144013.415.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-144142.446.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-152258.056.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091007-165352.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-181511.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-181511.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-182226.093.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-182553.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-110456.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111214.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111421.500.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111813.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112407.687.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112541.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112803.515.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-114650.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-114650.046.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-115024.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-115024.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-120047.671.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115606.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115940.593.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115941.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-212611.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-212702.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214159.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214236.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214644.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214700.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-215019.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223022.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223256.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223439.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223724.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223821.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-232509.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-234303.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-235448.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-235823.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-000044.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-192945.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-193400.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091019-165406.531.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\WINDOWS\MS32DLL.dll.vbs (VBS.Godzilla) -> Delete on reboot. Quelle galère !!!!! encore merci de venir à mon secours
  10. verso6110
    Bonjour, Je n'ai pas du poster sur le bon forum et n'ai pas donné de détails, aussi, je recommence. Je suis chez une amie dont l'ordi est probablement infecté, impossibilité de mettre à jour son antivirus, sur internet figure"hacked by Godzilla, enfin ordi très lent. Je vous joins le rapport hijackthis pour analyse et aide. Un grand merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19:41, on 18/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 6710 bytes
  11. verso6110
    Merci pour ton aide , morron2, tout est rentré dans l'ordre.
  12. verso6110
    Bonjour à tous, Qui peut me dépanner ? j'ai perdu l'icône "nouveau contact" dans le carnet d'adresses windows mail. Merci pour votre aide.
  13. verso6110
    Bonjour, Qui pourrait me guider pour changer un inverter sur un micro portable HP compaq nx 7010 ???? est- ce compliqué ? Merci pour votre aide.
  14. verso6110
    Re, J' ai suivi à la lettre toutes tes consignes et tout fonctionne bien alors je te remercie encore pour ton aide. @+
  15. verso6110
    Bonjour Apollo-01 Je suis à nouveau sur l'ordi de mon neveu et te poste le nouveau rapport demandé. je n'ai pas trouvé dans ajout/suppression de prog les askbar et autres ... BTFix 1.055 (par bibi26) - 29/10/2007 15:02:43 - Analyse Lancé depuis C:\Documents and Settings\FlorianForm\Bureau\BTFix\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés ---> Analyse terminée Je te remercie pour ton aide.
×
×
  • Créer...