verso6110
-
Compteur de contenus
26 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par verso6110
-
RE- j'ai regagné mes pénates et ne peux donc plus intervenir sur le micro de mon amie. Je continuerai lors de mon prochain séjour chez elle. Je te remercie pour ton aide.
-
Bonjour, Il s'agit de la désinstallation de combofix/uninstall - windows ne trouve pas le fichier, je l'ai probablement supprimé d'un clic droit . Quelle conséquence pour le micro de mon amie ? Merci
-
Pb - lorsque j'exécute la commande, windows ne trouve pas le dossier et pourtant, il figure toujours sur le c. Que faire ? Peut-être l'ai-je déja supprimé mais pas avec cette commande. Quelle conséquence ? Il s'agit bien de F-secure. A demain
-
RE La navigation est nettement plus rapide mais le micro "ronfle "un peu mais ce n'est pas le mien alors je ne saurais dire si tout est OK qq pb avec l'antivirus orange que je n'ai pas pu entièrement désinstallé. Encore un grand merci pour ton aide. nouveau rapport HijackThis ci-dessous Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:58:08, on 22/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\UStorSrv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Creative\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\lxcecoms.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\IZArc\IZArc.exe C:\DOCUME~1\jos\LOCALS~1\Temp\ARC4\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 8114 bytes
-
Après compression 1,43 Mo.
-
RE-ci-dessous le nouveau rapport ComboFix 09-11-19.05 - jos 20/11/2009 9:47.2.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.478.174 [GMT 1:00] Lancé depuis: c:\documents and settings\jos\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\jos\Bureau\CFscript.txt file zipped: c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Sukoku c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe c:\program files\Sukoku c:\program files\Sukoku\sukoku.dll c:\program files\Sukoku\sukoku.exe c:\program files\Sukoku\uninstall.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SUKOKU_SERVICE -------\Service_Sukoku Service ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-20 au 2009-11-20 )))))))))))))))))))))))))))))))))))) . 2009-11-19 09:40 . 2009-11-19 09:42 -------- d-----w- C:\rsit 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\jos\Application Data\Malwarebytes 2009-11-19 09:08 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-19 09:08 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-18 16:45 . 2009-11-18 16:45 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-20 09:00 . 2008-11-19 19:22 -------- d-----w- c:\documents and settings\jos\Application Data\Skype 2009-11-20 08:58 . 2005-05-20 13:29 -------- d-----w- c:\program files\Wanadoo 2009-11-20 08:57 . 2005-12-27 19:25 -------- d-----w- c:\program files\Lx_cats 2009-11-20 07:32 . 2008-11-19 19:24 -------- d-----w- c:\documents and settings\jos\Application Data\skypePM 2009-11-18 16:28 . 2005-06-20 19:43 -------- d-----w- c:\program files\IncrediMail 2009-11-18 16:21 . 2009-10-13 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-18 15:49 . 2008-02-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-25 09:30 . 2004-08-17 09:31 64052 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 09:30 . 2004-08-17 09:31 445672 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\program files\Lavasoft 2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-11 14:34 . 2004-08-05 08:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 15:37 . 2005-05-01 03:04 43600 ----a-w- c:\documents and settings\jos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-06 16:59 . 2008-11-19 16:39 304160 ----a-w- C:\PA207.DAT 2009-09-04 20:46 . 2004-08-05 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:28 . 2004-08-05 08:00 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:28 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:28 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:15 . 2004-08-05 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\Detector\CTDetect.exe" [2004-12-02 102400] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784] "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-18 98304] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438] "MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-01-10 32768] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424] c:\documents and settings\jos\Menu D‚marrer\Programmes\D‚marrage\ Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\dslmon.exe [2005-5-20 938055] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 13:30 508160] . Contenu du dossier 'Tâches planifiées' 2009-11-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-19 19:58] 2009-11-20 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDetect.exe [2005-12-15 12:39] 2009-11-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-Sukoku - c:\program files\Sukoku\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-20 09:57 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?6?5??????? ???B?????????????H<C? ?????? LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2568) c:\windows\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll c:\windows\system32\ntshrui.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\stobject.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\CTsvcCDA.EXE c:\windows\System32\FTRTSVC.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\UStorSrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\lxcecoms.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2009-11-20 10:03 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-20 09:03 ComboFix2.txt 2009-11-20 08:06 Avant-CF: 42 614 661 120 octets libres Après-CF: 42 516 414 464 octets libres - - End Of File - - DF956D4CAD3C448C7BB6F61B192B739F Alors ????Est-ce correct ?
-
Bonjour, Un grand merci pour ton aide ; l'ordi de mon amie était bien infecté par un tas de "cochonneries". Je te joins le rapport généré par combofix. Très bonne journée et j'espère que cette fois ça va être clean. ComboFix 09-11-19.05 - jos 20/11/2009 8:50.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.478.225 [GMT 1:00] Lancé depuis: c:\documents and settings\jos\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\jos\Mes documents\ZbThumbnail.info C:\MS32DLL.dll.vbs c:\recycler\NPROTECT c:\recycler\S-1-5-21-3070571815-876093731-1674132383-1003 c:\recycler\S-1-5-21-823518204-1958367476-725345543-1003 c:\windows\MS32DLL.dll.vbs . ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-20 au 2009-11-20 )))))))))))))))))))))))))))))))))))) . 2009-11-19 09:40 . 2009-11-19 09:42 -------- d-----w- C:\rsit 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\jos\Application Data\Malwarebytes 2009-11-19 09:08 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-19 09:08 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-18 16:45 . 2009-11-18 16:45 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-20 08:02 . 2008-11-19 19:22 -------- d-----w- c:\documents and settings\jos\Application Data\Skype 2009-11-20 07:38 . 2005-12-27 19:25 -------- d-----w- c:\program files\Lx_cats 2009-11-20 07:32 . 2005-05-20 13:29 -------- d-----w- c:\program files\Wanadoo 2009-11-20 07:32 . 2008-11-19 19:24 -------- d-----w- c:\documents and settings\jos\Application Data\skypePM 2009-11-18 16:28 . 2005-06-20 19:43 -------- d-----w- c:\program files\IncrediMail 2009-11-18 16:21 . 2009-10-13 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-18 15:49 . 2008-02-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-25 09:30 . 2004-08-17 09:31 64052 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 09:30 . 2004-08-17 09:31 445672 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\program files\Lavasoft 2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-29 15:31 . 2009-09-03 13:01 -------- d-----w- c:\program files\Sukoku 2009-09-29 11:35 . 2009-09-03 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sukoku 2009-09-22 21:28 . 2009-09-29 11:35 54760 ----a-w- c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe 2009-09-11 14:34 . 2004-08-05 08:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 15:37 . 2005-05-01 03:04 43600 ----a-w- c:\documents and settings\jos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-06 16:59 . 2008-11-19 16:39 304160 ----a-w- C:\PA207.DAT 2009-09-04 20:46 . 2004-08-05 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:28 . 2004-08-05 08:00 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:28 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:28 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:15 . 2004-08-05 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\Detector\CTDetect.exe" [2004-12-02 102400] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784] "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-18 98304] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438] "MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-01-10 32768] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424] c:\documents and settings\jos\Menu D‚marrer\Programmes\D‚marrage\ Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\dslmon.exe [2005-5-20 938055] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 13:30 508160] S4 Sukoku Service;Sukoku Service;c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe [29/09/2009 12:35 54760] . Contenu du dossier 'Tâches planifiées' 2009-11-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-19 19:58] 2009-11-20 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDetect.exe [2005-12-15 12:39] 2009-11-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 . - - - - ORPHELINS SUPPRIMES - - - - Notify-WgaLogon - (no file) AddRemove-HijackThis - c:\docume~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-20 09:02 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?6?5??????? ???B?????????????H<C? ?????? LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-11-20 09:06 ComboFix-quarantined-files.txt 2009-11-20 08:06 Avant-CF: 42 586 165 248 octets libres Après-CF: 42 628 218 880 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 8A254E0CE4EAC15B0EBE89EFBC28A5C4
-
RE- j'ai suivi tes instructions Logfile of random's system information tool 1.06 (written by random/random) Run by jos at 2009-11-19 10:40:24 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 40 GB (71%) free of 57 GB Total RAM: 478 MB (20% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40:33, on 19/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\lxcecoms.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Documents and Settings\jos\Local Settings\Temporary Internet Files\Content.IE5\HRD16ZKY\RSIT[1].exe C:\DOCUME~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\jos.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 6859 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-06-17 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-06-17 118784] "UpdateManager"=C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2003-08-19 110592] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-05 98394] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-05 688218] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-02-18 98304] "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-09-17 290816] "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-10-13 229438] "MessagerStarter Wanadoo"=C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-01-10 32768] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344] "lxcemon.exe"=C:\Program Files\Lexmark 4300 Series\lxcemon.exe [2005-08-02 192512] "EzPrint"=C:\Program Files\Lexmark 4300 Series\ezprint.exe [2005-07-26 94208] "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008] "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480] "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "LXCECATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 [] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360] "Creative Detector"=C:\Program Files\Creative\Detector\CTDetect.exe [2004-12-02 102400] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\Documents and Settings\jos\Menu Démarrer\Programmes\Démarrage Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-06-17 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa2f330-e018-11d9-89d1-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c71b190-3f63-11dd-8b85-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f76c7e3-3c76-11dd-8b80-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5bf8894-2b1d-11de-8c59-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6192896-9a9f-11dc-8b0b-00c09f802d71}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs ======List of files/folders created in the last 1 months====== 2009-11-19 10:40:24 ----D---- C:\rsit 2009-11-19 10:08:56 ----D---- C:\Documents and Settings\jos\Application Data\Malwarebytes 2009-11-19 10:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-11-19 10:08:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-19 07:49:07 ----A---- C:\WINDOWS\imsins.BAK 2009-11-19 07:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2009-11-18 17:45:13 ----D---- C:\Program Files\CCleaner 2009-11-18 17:31:18 ----SHD---- C:\Config.Msi ======List of files/folders modified in the last 1 months====== 2009-11-19 10:40:33 ----D---- C:\WINDOWS\Prefetch 2009-11-19 10:39:42 ----D---- C:\Program Files\Lx_cats 2009-11-19 10:39:10 ----D---- C:\WINDOWS\Temp 2009-11-19 10:27:08 ----D---- C:\Program Files\Wanadoo 2009-11-19 10:25:38 ----D---- C:\Documents and Settings\jos\Application Data\Skype 2009-11-19 10:24:00 ----SD---- C:\WINDOWS\Tasks 2009-11-19 10:23:44 ----D---- C:\WINDOWS 2009-11-19 10:23:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-19 10:20:43 ----RD---- C:\Program Files 2009-11-19 10:19:36 ----RASH---- C:\MS32DLL.dll.vbs 2009-11-19 10:08:46 ----D---- C:\WINDOWS\system32\drivers 2009-11-19 08:03:38 ----D---- C:\Documents and Settings\jos\Application Data\skypePM 2009-11-19 07:52:09 ----D---- C:\WINDOWS\system32 2009-11-19 07:49:25 ----HD---- C:\WINDOWS\inf 2009-11-19 07:49:24 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-11-19 07:47:18 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-18 18:01:21 ----D---- C:\WINDOWS\Minidump 2009-11-18 18:01:21 ----D---- C:\WINDOWS\Debug 2009-11-18 17:31:25 ----SHD---- C:\WINDOWS\Installer 2009-11-18 17:28:54 ----D---- C:\Program Files\IncrediMail 2009-11-18 17:28:51 ----RSD---- C:\WINDOWS\Fonts 2009-11-18 17:24:07 ----A---- C:\WINDOWS\win.ini 2009-11-18 17:23:47 ----D---- C:\Program Files\Fichiers communs 2009-11-18 17:21:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-11-18 17:11:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-11-18 17:01:06 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-18 16:49:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-10-29 15:52:13 ----D---- C:\WINDOWS\Help 2009-10-25 10:30:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-21 05:07:57 ----A---- C:\WINDOWS\system32\mshtml.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys [] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800] R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-10-14 292864] R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-10-14 276480] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-05 13872] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-10 1041536] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-10 200064] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-06-17 708989] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824] R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-05 185824] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-11-08 85504] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-09-20 3210496] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-10 684800] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2002-07-23 32535] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2002-09-06 122073] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PAC207;PC Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 508160] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] R2 UStorage Server Service;UStorage Server Service; C:\WINDOWS\system32\UStorSrv.exe [2004-07-14 139264] R3 lxce_device;lxce_device; C:\WINDOWS\system32\lxcecoms.exe [2005-07-06 471040] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304] S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-08 401408] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 Sukoku Service;Sukoku Service; C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku119.exe [2009-09-22 54760] -----------------EOF-----------------
-
RE- merci pour ton aide, je te joins le rapport généré par MBAM Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3195 Windows 5.1.2600 Service Pack 2 19/11/2009 10:20:44 mbam-log-2009-11-19 (10-20-44).txt Type de recherche: Examen rapide Eléments examinés: 106176 Temps écoulé: 7 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 23 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 25 Fichier(s) infecté(s): 286 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms32dll (VBS.Godzilla) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (Hacked by Godzilla) Good: (Internet Explorer) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Internet Saving Optimizer\3.7.1.4630\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150205.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150546.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150719.750.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-151645.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-161743.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-162337.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-162544.140.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-164243.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-164530.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165227.546.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165448.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165602.609.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-171723.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-172028.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174107.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174157.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174305.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174357.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-180715.500.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-183713.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-075402.625.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-075536.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-082241.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090909-091222.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-154351.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-154457.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155005.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155147.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155149.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155314.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155314.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155726.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155914.859.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-160231.546.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-160557.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-161034.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-161355.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-091902.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-091902.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142106.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142419.671.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142617.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142839.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143028.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143213.015.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143453.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143723.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143818.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144144.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144305.671.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144936.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145053.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145321.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145436.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145731.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145820.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145907.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150226.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150430.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150624.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151125.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151149.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151255.515.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151525.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151639.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-152030.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090918-182258.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090918-183151.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-141456.124.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142833.452.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142918.077.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142950.827.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143013.249.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143621.561.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143634.264.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143749.530.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-173701.593.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-174136.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-133650.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-133650.093.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-173347.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091002-183234.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-144013.462.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-144142.493.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-152258.087.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091007-165352.015.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-181511.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-182226.140.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-182553.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-110456.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111214.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111421.531.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111813.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112407.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112541.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112803.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-114650.437.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-115024.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-120047.796.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115606.796.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115940.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115941.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-212612.125.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-212703.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214159.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214236.750.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214644.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214700.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-215019.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223023.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223257.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223439.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223724.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223822.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-232509.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-234309.828.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-235448.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-235823.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-000044.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-192948.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-193401.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091019-165413.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150111.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150205.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150546.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150719.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-151645.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-161743.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-162337.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-162544.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-164243.796.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-164530.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165227.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165448.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165602.578.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-171723.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-172028.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174107.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174157.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174305.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174357.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-180715.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-183712.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-075402.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-075536.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-082240.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090909-091222.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-154351.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-154457.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155004.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155147.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155149.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155314.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155314.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155723.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155723.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155914.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-160230.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-160557.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-161034.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-161354.609.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-091901.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142106.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142419.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142617.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142839.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143028.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143212.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143453.046.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143723.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143818.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144144.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144305.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144936.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145053.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145321.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145436.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145731.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145820.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145907.859.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150226.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150430.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150624.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151125.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151148.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151255.500.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151525.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151639.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-152030.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090918-182258.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090918-183150.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-141456.061.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142833.421.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142918.046.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142950.796.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143013.217.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143621.530.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143634.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143749.499.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-173701.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-174136.437.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-133649.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-133649.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-173347.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091002-183234.546.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-144013.415.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-144142.446.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-152258.056.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091007-165352.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-181511.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-181511.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-182226.093.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-182553.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-110456.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111214.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111421.500.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111813.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112407.687.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112541.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112803.515.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-114650.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-114650.046.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-115024.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-115024.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-120047.671.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115606.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115940.593.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115941.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-212611.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-212702.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214159.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214236.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214644.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214700.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-215019.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223022.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223256.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223439.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223724.406.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223821.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-232509.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-234303.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-235448.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-235823.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-000044.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-192945.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-193400.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091019-165406.531.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\WINDOWS\MS32DLL.dll.vbs (VBS.Godzilla) -> Delete on reboot. Quelle galère !!!!! encore merci de venir à mon secours
-
Bonjour, Je n'ai pas du poster sur le bon forum et n'ai pas donné de détails, aussi, je recommence. Je suis chez une amie dont l'ordi est probablement infecté, impossibilité de mettre à jour son antivirus, sur internet figure"hacked by Godzilla, enfin ordi très lent. Je vous joins le rapport hijackthis pour analyse et aide. Un grand merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19:41, on 18/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Detector\CTDetect.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 6710 bytes
-
Merci pour ton aide , morron2, tout est rentré dans l'ordre.
-
Bonjour à tous, Qui peut me dépanner ? j'ai perdu l'icône "nouveau contact" dans le carnet d'adresses windows mail. Merci pour votre aide.
-
Bonjour, Qui pourrait me guider pour changer un inverter sur un micro portable HP compaq nx 7010 ???? est- ce compliqué ? Merci pour votre aide.
-
[Résolu] Demande d'analyse rapport HijackThis
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
Re, J' ai suivi à la lettre toutes tes consignes et tout fonctionne bien alors je te remercie encore pour ton aide. @+ -
[Résolu] Demande d'analyse rapport HijackThis
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
Bonjour Apollo-01 Je suis à nouveau sur l'ordi de mon neveu et te poste le nouveau rapport demandé. je n'ai pas trouvé dans ajout/suppression de prog les askbar et autres ... BTFix 1.055 (par bibi26) - 29/10/2007 15:02:43 - Analyse Lancé depuis C:\Documents and Settings\FlorianForm\Bureau\BTFix\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés ---> Analyse terminée Je te remercie pour ton aide. -
[Résolu] Demande d'analyse rapport HijackThis
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
Re, Voici les 2 rapports demandés. Alors est-ce que c'est clean maintenant ???? Clean Navipromo version 3.3.2 commencé le 25/10/2007 à 16:10:01,20 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 22.10.2007 à 19h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Mode suppression automatique *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" Copie C:\WINDOWS\system32\dwdffxgtd.dat réalisé avec succès ! Copie C:\WINDOWS\system32\dwdffxgtd.exe réalisé avec succès ! Copie C:\WINDOWS\system32\dwdffxgtd_nav.dat réalisé avec succès ! Copie C:\WINDOWS\system32\dwdffxgtd_navps.dat réalisé avec succès ! *** Suppression des fichiers trouvés avec Catchme *** C:\WINDOWS\system32\dwdffxgtd.dat supprimé ! C:\WINDOWS\system32\dwdffxgtd.exe supprimé ! C:\WINDOWS\system32\dwdffxgtd_nav.dat supprimé ! C:\WINDOWS\system32\dwdffxgtd_navps.dat supprimé ! ** 2ème passage avec résultats Catchme ** C:\WINDOWS\prefetch\dwdffxgtd*.pf trouvé ! Copie C:\WINDOWS\prefetch\dwdffxgtd*.pf réalisé avec succès ! C:\WINDOWS\prefetch\dwdffxgtd*.pf supprimé ! *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * * Suppression dans C:\DOCUME~1\FLORIA~1\LOCALS~1\APPLIC~1 * *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\FlorianForm\Application Data *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\FlorianForm\Local Settings\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche, création sauvegardes et suppression Heuristique : *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisé avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! *** Nettoyage terminé le 25/10/2007 à 16:16:09,37 *** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:23:50, on 25/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\NOTEPAD.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SlimFTPd - Unknown owner - C:\Documents and Settings\PRINCE\Bureau\slimftpd\SlimFTPd.exe (file missing) -- End of file - 7446 bytes Un grand merci -
[Résolu] Demande d'analyse rapport HijackThis
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
Bonjour, Merci Apollo.01 pour ton aide, voici le rapport demandé Search Navipromo version 3.3.2 commencé le 25/10/2007 à 15:19:15,18 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 22.10.2007 à 19h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\FlorianForm\Application Data *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Fichier(s) caché(s) : C:\WINDOWS\system32\dwdffxgtd.dat C:\WINDOWS\system32\dwdffxgtd.exe C:\WINDOWS\system32\dwdffxgtd_nav.dat C:\WINDOWS\system32\dwdffxgtd_navps.dat Processus caché(s) : C:\WINDOWS\system32\dwdffxgtd.exe *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans C:\DOCUME~1\FLORIA~1\LOCALS~1\APPLIC~1 * *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : C:\WINDOWS\system32\dwdffxgtd.dat trouvé ! 3)Recherche Certificats : Certificat Egroup trouvé ! *** Analyse terminée le 25/10/2007 à 15:20:10,28 *** A bientôt -
[Résolu] Demande d'analyse rapport HijackThis
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
Merci pour ta réponse rapide mais peux-tu m'expliquer la procédure plus en détail pour éradiquer ces pb, par ailleurs l'antivirus Nod32 précise qu'i y a wvimhovk.exe soit une ariante de win32/adware.Navi promo alors que faire ? -
[Résolu] Demande d'analyse rapport HijackThis
verso6110 a posté un sujet dans Analyses et éradication malwares
Bonjour, Je souhaite dépanner mon petit neveu qui a des pb sur son ordi. Je vous joins le rapport hijackThis pour que vous me donniez la marche à suivre pour la désinfection Je vous remercie pour l'aide. Logfile of HijackThis v1.99.1 Scan saved at 15:41:17, on 24/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\DOCUME~1\FLORIA~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SlimFTPd - Unknown owner - C:\Documents and Settings\PRINCE\Bureau\slimftpd\SlimFTPd.exe" -service (file missing) -
[résolu] problème avec internet redirection sur d'autres sites
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
Bonjour, Je n'ai plus de pb pour mes recherches mais l'autre question concerne le disque dur externe - dois-je appliquer la même procédure ? 1 grand merci pour ton aide bruce lee -
[résolu] problème avec internet redirection sur d'autres sites
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
Salut Bruce lee Tu l'as le rapport AVG, juste à la fin du message mais il est très court car il n'y a rien à signaler, je l'ai fait en mode sans echec. Merci de t'occuper de mon cas @+ -
[résolu] problème avec internet redirection sur d'autres sites
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
-
[résolu] problème avec internet redirection sur d'autres sites
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
-
[résolu] problème avec internet redirection sur d'autres sites
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares
Fixwareout Last edited 6/20/2007 Post this report in the forums please ... »»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdgwy.exe" Cache de résolution DNS vidé. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other C:\WINDOWS\Temp\kdgwy.ren 66455 19/08/2004 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" "ATIModeChange"="Ati2mdxx.exe" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe" "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe" "MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\"" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe" "HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphupd05.exe" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe" "Device Detector"="DevDetect.exe -autorun" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "Symantec PIF AlertEng"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Fichiers communs\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\"" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "WOOKIT"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe EspaceWanadoo.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Logfile of HijackThis v1.99.1 Scan saved at 10:30:46, on 21/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Fichiers communs\Ahead\lib\NMIndexStoreSvr.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Documents and Settings\LUDWIG\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Premium\menuRegister.html O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing) O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168357569549 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168357560286 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe Merci pour ton aide,j'espère que ça va marcher, explique moi bien ce qui se passe. -
[résolu] problème avec internet redirection sur d'autres sites
verso6110 a répondu à un(e) sujet de verso6110 dans Analyses et éradication malwares