Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

Bonjour,

 

Je n'ai pas du poster sur le bon forum et n'ai pas donné de détails, aussi, je recommence.

 

Je suis chez une amie dont l'ordi est probablement infecté, impossibilité de mettre à jour son antivirus, sur internet figure"hacked by Godzilla, enfin ordi très lent.

Je vous joins le rapport hijackthis pour analyse et aide.

Un grand merci.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:19:41, on 18/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\PROGRA~1\MESSAG~1\StartMessager.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Lexmark 4300 Series\lxcemon.exe

C:\Program Files\Lexmark 4300 Series\ezprint.exe

C:\WINDOWS\System32\WScript.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Detector\CTDetect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\lxcecoms.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Global Startup: DSLMON.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

 

--

End of file - 6710 bytes

Posté(e)

Bonjour,

 

la machine est en effet infectée, et il est possible que tes clés USB et autres disques amovibles le soient.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. :P
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Posté(e)
Bonjour,

 

la machine est en effet infectée, et il est possible que tes clés USB et autres disques amovibles le soient.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
     
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. :P
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

RE- merci pour ton aide, je te joins le rapport généré par MBAM

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 3195

Windows 5.1.2600 Service Pack 2

 

19/11/2009 10:20:44

mbam-log-2009-11-19 (10-20-44).txt

 

Type de recherche: Examen rapide

Eléments examinés: 106176

Temps écoulé: 7 minute(s), 38 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 23

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 25

Fichier(s) infecté(s): 286

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms32dll (VBS.Godzilla) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (Hacked by Godzilla) Good: (Internet Explorer) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150205.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150546.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-150719.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090903-151645.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-161743.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-162337.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-162544.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-164243.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-164530.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165227.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165448.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-165602.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-171723.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-172028.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174107.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174157.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174305.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-174357.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-180715.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090907-183713.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-075402.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-075536.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090908-082241.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090909-091222.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-154351.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-154457.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155005.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155147.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155149.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155314.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155314.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155726.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-155914.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-160231.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-160557.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-161034.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090914-161355.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-091902.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-091902.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142106.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142419.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142617.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-142839.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143028.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143213.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143453.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143723.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-143818.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144144.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144305.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-144936.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145053.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145321.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145436.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145731.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145820.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-145907.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150226.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150430.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-150624.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151125.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151149.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151255.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151525.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-151639.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090915-152030.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090918-182258.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090918-183151.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-141456.124.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142833.452.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142918.077.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-142950.827.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143013.249.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143621.561.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143634.264.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-143749.530.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-173701.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090926-174136.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-133650.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-133650.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090929-173347.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091002-183234.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-144013.462.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-144142.493.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091003-152258.087.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091007-165352.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-181511.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-182226.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091010-182553.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-110456.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111214.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111421.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-111813.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112407.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112541.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-112803.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-114650.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-115024.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091011-120047.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115606.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115940.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091012-115941.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-212612.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-212703.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214159.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214236.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214644.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-214700.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-215019.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223023.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223257.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223439.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223724.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-223822.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-232509.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-234309.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-235448.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091013-235823.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-000044.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-192948.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091014-193401.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20091019-165413.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150111.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150205.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150546.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-150719.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090903-151645.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-161743.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-162337.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-162544.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-164243.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-164530.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165227.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165448.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-165602.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-171723.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-172028.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174107.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174157.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174305.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-174357.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-180715.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090907-183712.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-075402.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-075536.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090908-082240.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090909-091222.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-154351.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-154457.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155004.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155147.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155149.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155314.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155314.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155723.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155723.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-155914.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-160230.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-160557.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-161034.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090914-161354.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-091901.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142106.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142419.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142617.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-142839.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143028.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143212.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143453.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143723.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-143818.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144144.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144305.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-144936.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145053.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145321.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145436.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145731.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145820.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-145907.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150226.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150430.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-150624.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151125.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151148.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151255.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151525.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-151639.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090915-152030.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090918-182258.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090918-183150.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-141456.061.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142833.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142918.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-142950.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143013.217.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143621.530.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143634.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-143749.499.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-173701.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090926-174136.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-133649.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-133649.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090929-173347.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091002-183234.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-144013.415.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-144142.446.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091003-152258.056.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091007-165352.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-181511.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-181511.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-182226.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091010-182553.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-110456.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111214.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111421.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-111813.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112407.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112541.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-112803.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-114650.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-114650.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-115024.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-115024.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091011-120047.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115606.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115940.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091012-115941.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-212611.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-212702.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214159.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214236.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214644.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-214700.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-215019.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223022.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223256.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223439.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223724.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-223821.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-232509.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-234303.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-235448.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091013-235823.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-000044.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-192945.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091014-193400.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20091019-165406.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\jos\Local Settings\Application Data\Media Access Startup\1.6.0.940\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\WINDOWS\MS32DLL.dll.vbs (VBS.Godzilla) -> Delete on reboot.

 

Quelle galère !!!!! encore merci de venir à mon secours

Posté(e)

Tu as vu la quantité de saletés qu'il y avait ? Garde MBAM, il te servira, mais surtout fais attention à ce que tu installes et télécharges.

 

IL faut que tu redémarres la machine, si tu ne l'as pas fait après le scan de MBAM.

 

Après le rédémarrage, télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport. :P

Posté(e)
Tu as vu la quantité de saletés qu'il y avait ? Garde MBAM, il te servira, mais surtout fais attention à ce que tu installes et télécharges.

 

IL faut que tu redémarres la machine, si tu ne l'as pas fait après le scan de MBAM.

 

Après le rédémarrage, télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport. :P

 

RE- j'ai suivi tes instructions

Logfile of random's system information tool 1.06 (written by random/random)

Run by jos at 2009-11-19 10:40:24

Microsoft Windows XP Édition familiale Service Pack 2

System drive C: has 40 GB (71%) free of 57 GB

Total RAM: 478 MB (20% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:40:33, on 19/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\PROGRA~1\MESSAG~1\StartMessager.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Lexmark 4300 Series\lxcemon.exe

C:\Program Files\Lexmark 4300 Series\ezprint.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Detector\CTDetect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\lxcecoms.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Documents and Settings\jos\Local Settings\Temporary Internet Files\Content.IE5\HRD16ZKY\RSIT[1].exe

C:\DOCUME~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\jos.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Global Startup: DSLMON.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

 

--

End of file - 6859 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\Symantec NetDetect.job

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-06-17 155648]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-06-17 118784]

"UpdateManager"=C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-05 98394]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-05 688218]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-02-18 98304]

"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-09-17 290816]

"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-10-13 229438]

"MessagerStarter Wanadoo"=C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-01-10 32768]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

"lxcemon.exe"=C:\Program Files\Lexmark 4300 Series\lxcemon.exe [2005-08-02 192512]

"EzPrint"=C:\Program Files\Lexmark 4300 Series\ezprint.exe [2005-07-26 94208]

"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]

"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]

"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"LXCECATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 []

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

"Creative Detector"=C:\Program Files\Creative\Detector\CTDetect.exe [2004-12-02 102400]

"WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe

 

C:\Documents and Settings\jos\Menu Démarrer\Programmes\Démarrage

Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2004-06-17 344064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=95000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"

"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa2f330-e018-11d9-89d1-00c09f802d71}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c71b190-3f63-11dd-8b85-00c09f802d71}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f76c7e3-3c76-11dd-8b80-00c09f802d71}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5bf8894-2b1d-11de-8c59-00c09f802d71}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6192896-9a9f-11dc-8b0b-00c09f802d71}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

 

======List of files/folders created in the last 1 months======

 

2009-11-19 10:40:24 ----D---- C:\rsit

2009-11-19 10:08:56 ----D---- C:\Documents and Settings\jos\Application Data\Malwarebytes

2009-11-19 10:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-11-19 10:08:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-11-19 07:49:07 ----A---- C:\WINDOWS\imsins.BAK

2009-11-19 07:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

2009-11-18 17:45:13 ----D---- C:\Program Files\CCleaner

2009-11-18 17:31:18 ----SHD---- C:\Config.Msi

 

======List of files/folders modified in the last 1 months======

 

2009-11-19 10:40:33 ----D---- C:\WINDOWS\Prefetch

2009-11-19 10:39:42 ----D---- C:\Program Files\Lx_cats

2009-11-19 10:39:10 ----D---- C:\WINDOWS\Temp

2009-11-19 10:27:08 ----D---- C:\Program Files\Wanadoo

2009-11-19 10:25:38 ----D---- C:\Documents and Settings\jos\Application Data\Skype

2009-11-19 10:24:00 ----SD---- C:\WINDOWS\Tasks

2009-11-19 10:23:44 ----D---- C:\WINDOWS

2009-11-19 10:23:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-11-19 10:20:43 ----RD---- C:\Program Files

2009-11-19 10:19:36 ----RASH---- C:\MS32DLL.dll.vbs

2009-11-19 10:08:46 ----D---- C:\WINDOWS\system32\drivers

2009-11-19 08:03:38 ----D---- C:\Documents and Settings\jos\Application Data\skypePM

2009-11-19 07:52:09 ----D---- C:\WINDOWS\system32

2009-11-19 07:49:25 ----HD---- C:\WINDOWS\inf

2009-11-19 07:49:24 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-11-19 07:47:18 ----D---- C:\WINDOWS\system32\CatRoot2

2009-11-18 18:01:21 ----D---- C:\WINDOWS\Minidump

2009-11-18 18:01:21 ----D---- C:\WINDOWS\Debug

2009-11-18 17:31:25 ----SHD---- C:\WINDOWS\Installer

2009-11-18 17:28:54 ----D---- C:\Program Files\IncrediMail

2009-11-18 17:28:51 ----RSD---- C:\WINDOWS\Fonts

2009-11-18 17:24:07 ----A---- C:\WINDOWS\win.ini

2009-11-18 17:23:47 ----D---- C:\Program Files\Fichiers communs

2009-11-18 17:21:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-11-18 17:11:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-11-18 17:01:06 ----HD---- C:\WINDOWS\$hf_mig$

2009-11-18 16:49:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-10-29 15:52:13 ----D---- C:\WINDOWS\Help

2009-10-25 10:30:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-21 05:07:57 ----A---- C:\WINDOWS\system32\mshtml.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]

R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-10-14 292864]

R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-10-14 276480]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]

R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]

R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-05 13872]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-10 1041536]

R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-10 200064]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-06-17 708989]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]

R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-05 185824]

R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-11-08 85504]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-09-20 3210496]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-10 684800]

S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2002-07-23 32535]

S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2002-09-06 122073]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 PAC207;PC Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 508160]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys []

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]

R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

R2 UStorage Server Service;UStorage Server Service; C:\WINDOWS\system32\UStorSrv.exe [2004-07-14 139264]

R3 lxce_device;lxce_device; C:\WINDOWS\system32\lxcecoms.exe [2005-07-06 471040]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]

S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-08 401408]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 Sukoku Service;Sukoku Service; C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku119.exe [2009-09-22 54760]

 

-----------------EOF-----------------

Posté(e)

Branche tes clés USB et autres supports amovibles (disques durs externes, etc) avant ce qui suit, et laisse-les branchés pendant toute la durée des opérations.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Posté(e)

Bonjour,

Un grand merci pour ton aide ; l'ordi de mon amie était bien infecté par un tas de "cochonneries".

Je te joins le rapport généré par combofix.

Très bonne journée et j'espère que cette fois ça va être clean.

 

ComboFix 09-11-19.05 - jos 20/11/2009 8:50.1.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.478.225 [GMT 1:00]

Lancé depuis: c:\documents and settings\jos\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

c:\documents and settings\jos\Mes documents\ZbThumbnail.info

C:\MS32DLL.dll.vbs

c:\recycler\NPROTECT

c:\recycler\S-1-5-21-3070571815-876093731-1674132383-1003

c:\recycler\S-1-5-21-823518204-1958367476-725345543-1003

c:\windows\MS32DLL.dll.vbs

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-20 au 2009-11-20 ))))))))))))))))))))))))))))))))))))

.

 

2009-11-19 09:40 . 2009-11-19 09:42 -------- d-----w- C:\rsit

2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\jos\Application Data\Malwarebytes

2009-11-19 09:08 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-19 09:08 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-18 16:45 . 2009-11-18 16:45 -------- d-----w- c:\program files\CCleaner

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-20 08:02 . 2008-11-19 19:22 -------- d-----w- c:\documents and settings\jos\Application Data\Skype

2009-11-20 07:38 . 2005-12-27 19:25 -------- d-----w- c:\program files\Lx_cats

2009-11-20 07:32 . 2005-05-20 13:29 -------- d-----w- c:\program files\Wanadoo

2009-11-20 07:32 . 2008-11-19 19:24 -------- d-----w- c:\documents and settings\jos\Application Data\skypePM

2009-11-18 16:28 . 2005-06-20 19:43 -------- d-----w- c:\program files\IncrediMail

2009-11-18 16:21 . 2009-10-13 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-11-18 15:49 . 2008-02-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-10-25 09:30 . 2004-08-17 09:31 64052 ----a-w- c:\windows\system32\perfc00C.dat

2009-10-25 09:30 . 2004-08-17 09:31 445672 ----a-w- c:\windows\system32\perfh00C.dat

2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\program files\Lavasoft

2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-09-29 15:31 . 2009-09-03 13:01 -------- d-----w- c:\program files\Sukoku

2009-09-29 11:35 . 2009-09-03 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sukoku

2009-09-22 21:28 . 2009-09-29 11:35 54760 ----a-w- c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe

2009-09-11 14:34 . 2004-08-05 08:00 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-07 15:37 . 2005-05-01 03:04 43600 ----a-w- c:\documents and settings\jos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-06 16:59 . 2008-11-19 16:39 304160 ----a-w- C:\PA207.DAT

2009-09-04 20:46 . 2004-08-05 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:28 . 2004-08-05 08:00 832512 ----a-w- c:\windows\system32\wininet.dll

2009-08-29 07:28 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:28 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll

2009-08-26 08:15 . 2004-08-05 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="c:\program files\Creative\Detector\CTDetect.exe" [2004-12-02 102400]

"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]

"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-18 98304]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438]

"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-01-10 32768]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]

"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]

"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]

"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424]

 

c:\documents and settings\jos\Menu D‚marrer\Programmes\D‚marrage\

Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\dslmon.exe [2005-5-20 938055]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 13:30 508160]

S4 Sukoku Service;Sukoku Service;c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe [29/09/2009 12:35 54760]

.

Contenu du dossier 'Tâches planifiées'

 

2009-11-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-19 19:58]

 

2009-11-20 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDetect.exe [2005-12-15 12:39]

 

2009-11-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.orange.fr/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Notify-WgaLogon - (no file)

AddRemove-HijackThis - c:\docume~1\jos\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-20 09:02

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?6?5??????? ???B?????????????H<C? ??????

LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2009-11-20 09:06

ComboFix-quarantined-files.txt 2009-11-20 08:06

 

Avant-CF: 42 586 165 248 octets libres

Après-CF: 42 628 218 880 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

- - End Of File - - 8A254E0CE4EAC15B0EBE89EFBC28A5C4

Posté(e)

Sukoku est aussi une de ces saletés. On va le supprimer.

Un zip avec un fichier infecté va être créé aussi, il faudra me le faire parvenir après (je te dirai comment).

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/bbed7d
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Posté(e)
Sukoku est aussi une de ces saletés. On va le supprimer.

Un zip avec un fichier infecté va être créé aussi, il faudra me le faire parvenir après (je te dirai comment).

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/bbed7d
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

RE-ci-dessous le nouveau rapport

ComboFix 09-11-19.05 - jos 20/11/2009 9:47.2.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.478.174 [GMT 1:00]

Lancé depuis: c:\documents and settings\jos\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\jos\Bureau\CFscript.txt

 

file zipped: c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Sukoku

c:\documents and settings\All Users\Application Data\Sukoku\sukoku119.exe

c:\program files\Sukoku

c:\program files\Sukoku\sukoku.dll

c:\program files\Sukoku\sukoku.exe

c:\program files\Sukoku\uninstall.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SUKOKU_SERVICE

-------\Service_Sukoku Service

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-20 au 2009-11-20 ))))))))))))))))))))))))))))))))))))

.

 

2009-11-19 09:40 . 2009-11-19 09:42 -------- d-----w- C:\rsit

2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\jos\Application Data\Malwarebytes

2009-11-19 09:08 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-19 09:08 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-18 16:45 . 2009-11-18 16:45 -------- d-----w- c:\program files\CCleaner

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-20 09:00 . 2008-11-19 19:22 -------- d-----w- c:\documents and settings\jos\Application Data\Skype

2009-11-20 08:58 . 2005-05-20 13:29 -------- d-----w- c:\program files\Wanadoo

2009-11-20 08:57 . 2005-12-27 19:25 -------- d-----w- c:\program files\Lx_cats

2009-11-20 07:32 . 2008-11-19 19:24 -------- d-----w- c:\documents and settings\jos\Application Data\skypePM

2009-11-18 16:28 . 2005-06-20 19:43 -------- d-----w- c:\program files\IncrediMail

2009-11-18 16:21 . 2009-10-13 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-11-18 15:49 . 2008-02-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-10-25 09:30 . 2004-08-17 09:31 64052 ----a-w- c:\windows\system32\perfc00C.dat

2009-10-25 09:30 . 2004-08-17 09:31 445672 ----a-w- c:\windows\system32\perfh00C.dat

2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\program files\Lavasoft

2009-10-19 15:21 . 2009-10-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-09-11 14:34 . 2004-08-05 08:00 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-07 15:37 . 2005-05-01 03:04 43600 ----a-w- c:\documents and settings\jos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-06 16:59 . 2008-11-19 16:39 304160 ----a-w- C:\PA207.DAT

2009-09-04 20:46 . 2004-08-05 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:28 . 2004-08-05 08:00 832512 ------w- c:\windows\system32\wininet.dll

2009-08-29 07:28 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:28 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll

2009-08-26 08:15 . 2004-08-05 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="c:\program files\Creative\Detector\CTDetect.exe" [2004-12-02 102400]

"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]

"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-18 98304]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438]

"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-01-10 32768]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]

"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]

"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]

"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424]

 

c:\documents and settings\jos\Menu D‚marrer\Programmes\D‚marrage\

Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\dslmon.exe [2005-5-20 938055]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 13:30 508160]

.

Contenu du dossier 'Tâches planifiées'

 

2009-11-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-19 19:58]

 

2009-11-20 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDetect.exe [2005-12-15 12:39]

 

2009-11-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.orange.fr/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

.

- - - - ORPHELINS SUPPRIMES - - - -

 

AddRemove-Sukoku - c:\program files\Sukoku\uninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-20 09:57

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?6?5??????? ???B?????????????H<C? ??????

LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(2568)

c:\windows\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\stobject.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\CTsvcCDA.EXE

c:\windows\System32\FTRTSVC.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\UStorSrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\lxcecoms.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Heure de fin: 2009-11-20 10:03 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-11-20 09:03

ComboFix2.txt 2009-11-20 08:06

 

Avant-CF: 42 614 661 120 octets libres

Après-CF: 42 516 414 464 octets libres

 

- - End Of File - - DF956D4CAD3C448C7BB6F61B192B739F

Alors ????Est-ce correct ?

Posté(e)
Alors ????Est-ce correct ?
On y travaille, ça va déjà beaucoup mieux. :P

On a presque terminé. :P

 

Peux-tu faire un fichier zip (ou rar) du dossier c:\qoobox ? Dis moi combien il pèse après, je vais avoir besoin d'analyser des fichiers d'infections.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...