Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Infection virulente, besoin de votre aide.

LuceLi

Par LuceLi
dans Analyses et éradication malwares

 Partager

Messages recommandés

LuceLi Junior Member

LuceLi

Posté(e)
Posté(e) (modifié)

Alors même que j'écris mon curseur de souris est quant à lui occupé à endiguer l'afflux constant d'icons dans la barre des tâches. Depuis ce matin aux environ de six heure et demie, je reçois des messages d'alerte "Antivirus software alert" qui me dit que j'ai le chois entre rester non sécurisée ou acheter son produit. Sachant que c'est un antivirus, chose utile qu'avant ou après une infection. En tout cas ces nombreux messages ont une part de vérité, effectivement je suis infectée.

 

Symptômes précis :

 

- Messages d'alerte intempestifs en anglais et sans aucun sens.

- "Security Warning" message apparaissant à chaque fois qu'on bloque le lancement de la plus part de mes logiciels, en particulier les logiciels de protection et de nettoyage, et qui bloque également le gestionnaire des tâches. Ce message prétend bloquer du fait que les logiciels en question sont infectés... Très drôle.

- Apparition continue, bruyante et stressante d'icon d'alerte windows dans la barre des tâches. Présence d'un icon suspicieux du fameux antivirus software.

- Ouverture intempestive de pages Internet Explorer. (Je préfères Mozilla normalement) Sur des sites de viagra, porno et autres insanités insupportables.

- Antivirus Bit Defender, endigué et rendu inutile de toute évidence.

 

Je crois que j'ai rien oublié. Donc comment c'est déclenché la situation vous allez me demander... Je n'en sais rien. Je rentrais de soirée vers six heure du matin, j'ai voulue me mettre une playslist sur winamp... Et alors que j'écoutais la musique en faisant le tour de mes forums, pour voir les derniers messages postés. Les symptômes décrits ont commencés à apparaître. Après ça j'ai bataillé quatre longues heures, la seule chose qui m'a apporté un semblant de résultat c'est de passer en mode sans échec pour lancer un scan avec Trojan Remove. Ça m'a laissé suffisamment de répit pour le lancer au démarrage avant qu'il ne soit bloquer la fois suivante. Je l'ai ensuite utilisé pour scanner tout l'ordinateur. Il a détecté et supprimé une quarantaine d'éléments en tout entre ses deux scans. Ça a prit jusqu'à 17h car je ne pouvais pas toujours surveiller l'ordinateur et les afflux de pages IE et d'icons ont souvent fait laguer le système.

 

Suite à ça le redémarrage c'est mal passé... Trojan Remove m'a averti que toute l'opération de nettoyage n'avait pas pu aboutir et les problèmes ont recommencés, aussi virulents qu'au début. Je suis donc repassé en mode sans échec et cette fois j'ai lancé un scan via le logiciel MalwareBytes'Anti-Malware. Il a détecté 131 éléments infectés que je lui ai demandé de supprimer. Quant le redémarrage c'est effectué cette fois, j'ai vraiment eu la conviction pendant un instant que tout était redevenu à la normal. Puis ça a recommencé... Et me voilà maintenant ici, ne sachant plus quoi faire.

 

C'est la première fois qu'un antivirus ne suffit pas à me protéger, même bien souvent je désactive l'anti-virus. Je n'ai pas de comportement à risque sur internet, je navigue uniquement par firefox, et j'ai quelque système de filtrage rudimentaires. Je n'avais jamais eu de problème et je ne pensais pas en avoir de si tôt, cette nuit même on en parlait avec des amies. Sauf que là, mauvais coup du destin je prend très chère en désillusion. Je n'ai aucune idée de comment j'ai pu être infectée, je ne comprends pas. Et malgré tous ses beaux logiciels que j'ai sous la main, je ne peux rien faire.

 

Alors je vous le demande, s'il vous plaît aidez-moi, et le plus vite serait le mieux parce que j'ai beaucoup de travail en retard après toute cette journée de folie, et si c'est en plus pour devoir formater, je crois que demain au nouvel an chinois on va me retrouver ivre morte et déprimée. J'ai pas le must de la technologie mais j'aime mon ordi et ce qu'il me permet de faire, alors sauvez-le. Même si je sais que ça se fait pas en un coup de baguette magique.

 

Merci infiniment de votre attention, amicalement, Luce.

Modifié par LuceLi

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonsoir,

Téléchargez les logiciels suivants pour les lancer l'un après l'autre.

 

Télécharger load_tdsskiller de Loup Blanc sur le Bureau

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

  • Lancer load_tdsskiller en double-cliquant dessus :
    l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller et lancer le scan
  • Un message dans la fenêtre noire d'invite de commande vous demandera d'appuyer sur une touche pour continuer
  • Le rapport s'affichera automatiquement : copier-coller son contenu dans la prochaine réponse
    (le fichier est également présent ici : C:\tdsskiller\report.txt)
  • Redémarrer le PC

 

rkill.comTélécharger Rkill de Grinler sur le bureau,

double clic pour le lancer.

Sous Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur"

Une fenêtre (très rapide) indiquera que tout s'est bien déroulé.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

il y aura 'un rapport là: %SystemDrive%\rkill.log

donnant la liste de tous les processus arrêtés.

 

Téléchargez MBAM

 

Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Vous devez désactiver vos protections et ne savez pas comment faire

 

Sur Bleeping Computers en Anglais:

 

Sur PCA,En Français

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

mbam.jpg

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

LuceLi Junior Member

LuceLi

Posté(e)
  • Auteur
Posté(e) (modifié)

Tout d'abord merci infiniment de cette réponse rapide et claire, ainsi que du service que votre équipe offre.

 

Alors, j'ai dû faire les scans en mode sans échec avec connexion réseau puisque sinon le virus les bloques sous prétextes que ce sont des logiciels infectés.

 

Rapport de TDSSkiller

 

 

00:28:47:468 0936 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00

00:28:47:468 0936 ================================================================================

00:28:47:468 0936 SystemInfo:

 

00:28:47:468 0936 OS Version: 5.1.2600 ServicePack: 2.0

00:28:47:468 0936 Product type: Workstation

00:28:47:468 0936 ComputerName: 18736ST3

00:28:47:468 0936 UserName: station3

00:28:47:468 0936 Windows directory: C:\WINDOWS

00:28:47:468 0936 Processor architecture: Intel x86

00:28:47:468 0936 Number of processors: 1

00:28:47:468 0936 Page size: 0x1000

00:28:47:468 0936 Boot type: Safe boot with network

00:28:47:468 0936 ================================================================================

00:28:47:468 0936 UnloadDriverW: NtUnloadDriver error 2

00:28:47:468 0936 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

00:28:47:484 0936 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

00:28:47:484 0936 UtilityInit: KLMD drop and load success

00:28:47:484 0936 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

00:28:47:484 0936 KLMD_OpenDevice: CreateFileW(KLMD201010) error 2

00:28:47:484 0936 Driver load error!

00:28:47:484 0936 UnloadDriverW: NtUnloadDriver error 2

00:28:47:484 0936 KLMD_Unload: UnloadDriverW(klmd21) error 2

00:28:47:484 0936 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

00:28:47:484 0936 UtilityDeinit: KLMD(ARK) unloaded successfully

 

 

Rapport de Rkill

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as station3 on 14/02/2010 at 0:29:00.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\Documents and Settings\station3\Bureau\rkill.com

 

 

Rkill completed on 14/02/2010 at 0:29:01.

 

 

Rapport de MBAM

 

 

Eléments examinés: 232095

Temps écoulé: 55 minute(s), 25 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

Voici aussi le rapport de MBAM avant que je poste et lorsque j'avais lancé un scan exclusivement sur le disque dur principal.

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3510

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 7.0.5730.13

 

13/02/2010 19:22:32

mbam-log-2010-02-13 (19-22-32).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 194777

Temps écoulé: 34 minute(s), 47 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 40

Valeur(s) du Registre infectée(s): 6

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 36

Fichier(s) infecté(s): 246

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2e8e2100-98cb-4aac-9480-63a281acaff5} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{51b67a88-02d0-43cb-8d12-5ca3e2d4cf49} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d44cc2fb-77b8-48a5-a5dc-f961f2d258fb} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{872a1c39-df0b-4c8b-ad84-12ba24a3b781} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smileyapp (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\bin (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\System Volume Information\_restore{5D292647-98BA-430E-9316-F4F77B938718}\RP374\A0030898.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\~nsu.tmp\Au_.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.6.0.940\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\System Search Dispatcher\1.4.1.1010\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\baw.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_WebDropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_WebDropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_WebDropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_WebDropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_WebDropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_WebDropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\Module_WebDropdown_07.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_07.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\Module_WebDropdown_07.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.4.23050\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090904-022855.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090904-024739.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090904-103017.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090906-151324.368.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090906-151325.337.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090906-152301.493.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090906-152302.275.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090906-152733.087.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090906-152733.853.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\NP_20090909-141934.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Internet Saving Optimizer\3.7.1.4630\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090904-022826.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090904-022855.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090904-024739.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090904-103017.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090906-151324.353.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090906-151325.337.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090906-152301.478.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090906-152302.259.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090906-152733.072.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090906-152733.837.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Application Data\Media Access Startup\1.6.0.940\HJHP_20090909-141934.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\station3\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

 

 

Voilà, je redémarre à présent mode classique et j'édite le message pour indiquer les actions de l'infection.

 

Edition 01:51

 

Donc, tout d'abord windows indique que l'ordinateur coure un risque et que l'antivirus doit être périmé ou désactivé. Ce n'est pas le cas.

 

Ensuite j'ai lancé MBAM avant que Antivirus software alert ne se lance donc je vais pouvoir mettre en place un scan complet en mode classique.

 

Windows Security alert s'active et lance des messages en anglais.

 

Une fenêtre security warning s'ouvre : "Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?"

 

Une fenêtre antivirus software alert s'ouvre également.

"Infiltration Alert, Virus Attack."

 

"Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or similar."

 

"Details

 

Attack from : 98.149.177.94, port 18221

Attacked port : 5833

Threat : BankerFox.A

 

Do you want to block this attack ?"

 

Ensuite des icons apparaissent en petit nombre dans la barre des tâches "Nouvelles mises à jour windows"

 

Une fenêtre antivirus software alert plus pressante apparaît, je suis obligée de la fermer pour continuer à écrire ici.

 

Des pages IE non appréciables s'ouvrent intempestivement.

 

01:59 : Pas encore de trace des véritables icons intempestif même si les "nouvelles mises à jour windows" apparaissent toujours.

 

Je vais lancer le scan complet de MBAM sur l'ensemble des disques.

 

Edition 02:04

 

Les icons intempestifs de la barre des tâches apparaissent, si je ne laisse pas le curseur dessus, ils envahissent toute la barre de navigation.

Modifié par LuceLi
Le sioux Full Patch Member

Le sioux

Posté(e)
Posté(e)

Bonjour LuceLi

 

Je te vois en bas de page :P

 

En attendant Pear, peux tu reposter les rapports de TDSSKiller et de rkill, ils sont illisibles .

 

Bonne continuation à vous deux .

LuceLi Junior Member

LuceLi

Posté(e)
  • Auteur
Posté(e)

Illisible ? C'est étrange.

 

Rapport de TDSSkiller

 

00:28:47:468 0936 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00

00:28:47:468 0936 ================================================================================

00:28:47:468 0936 SystemInfo:

 

00:28:47:468 0936 OS Version: 5.1.2600 ServicePack: 2.0

00:28:47:468 0936 Product type: Workstation

00:28:47:468 0936 ComputerName: 18736ST3

00:28:47:468 0936 UserName: station3

00:28:47:468 0936 Windows directory: C:\WINDOWS

00:28:47:468 0936 Processor architecture: Intel x86

00:28:47:468 0936 Number of processors: 1

00:28:47:468 0936 Page size: 0x1000

00:28:47:468 0936 Boot type: Safe boot with network

00:28:47:468 0936 ================================================================================

00:28:47:468 0936 UnloadDriverW: NtUnloadDriver error 2

00:28:47:468 0936 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

00:28:47:484 0936 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

00:28:47:484 0936 UtilityInit: KLMD drop and load success

00:28:47:484 0936 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

00:28:47:484 0936 KLMD_OpenDevice: CreateFileW(KLMD201010) error 2

00:28:47:484 0936 Driver load error!

00:28:47:484 0936 UnloadDriverW: NtUnloadDriver error 2

00:28:47:484 0936 KLMD_Unload: UnloadDriverW(klmd21) error 2

00:28:47:484 0936 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

00:28:47:484 0936 UtilityDeinit: KLMD(ARK) unloaded successfully

 

Rapport de Rkill

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as station3 on 14/02/2010 at 0:29:00.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\Documents and Settings\station3\Bureau\rkill.com

 

 

Rkill completed on 14/02/2010 at 0:29:01.

Le sioux Full Patch Member

Le sioux

Posté(e)
Posté(e) (modifié)

Hello LuceLi

Illisible ? C'est étrange.

 

C'est bon ce coup la :P

 

Mais le message précèdent, ils n'étaient pas interprétables : http://forum.zebulon.fr/index.php?s=&s...t&p=1464715

 

Salut.

Modifié par Le sioux
LuceLi Junior Member

LuceLi

Posté(e)
  • Auteur
Posté(e) (modifié)

L'infection est devenue plus virulente, je ne peu même plus ouvrir l'exploreur windows ou un fichier bloc note.

 

Edit : Je redémarre en mode sans echec avec connexion réseau pour éviter que ça continue.

Modifié par LuceLi
pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Vous allez télécharger Combofix.

Ce logiciel est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous allez charger sera obsolète dans quelques jours.

 

Télécharger combofix.exe de sUBs

 

Vous devriez avoir une fenêtre vous avertissant que vous téléchargez Combofix depuis un site non-autorisé.

N'en tenez pas compte

 

Lancez Combofix en double cliquant

 

Tout d'abord, Combofix vérifie si la Console de récupération est installée et vous propose de le faire dans le cas contraire.

Certaines infections comme braviax empêcheront son installation.

Les utilisateurs de Windows Vista peuvent utiliser leur CD Windows pour démarrer en mode Vista Recovery Environment (Environnement de réparation Vista)

La Console de récupération Windows vous permettra de démarrer dans un mode spécial de récupération (réparation).

Elle peut être nécessaire si votre ordinateur rencontre un problème après une tentative de nettoyage.

C'est une procédure simple, qui ne vous prendra que peu de temps et pourra peut-être un jour vous sauver la mis

Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

D'importantes procédures que Combofix est susceptible de lancer ne fonctionneront qu'à la condition que la console de récupération(Sous Xp) soit installée

C'est pourquoi il vous est vivement conseillé d' installer d'abord la Console de Récupération sur le pc .

 

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

* Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

* Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe

 

animation2ko5.gif

 

* Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

Après installation,vous devriez voir ce message:

The Recovery Console was successfully installed.

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil

Vous devez désactiver vos protections et ne savez pas comment faire

 

Sur Bleeping Computers en Anglais:

 

Sur PCA,En Français

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

Connecter tous les disques amovibles (disque dur externe, clé USB).

*Double cliquer sur combofix.exe pour le lancer.

 

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

 

* Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur,(sous Vista désactivez UAC) lancez Combofix

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

* Le scan pourrait prendre un certain temps:

Patientez au moins 30 minutes pendant l'analyse.

Si le programme gèle (+ de 30 minutes), fermez le en cliquant le "X" au haut à droite de la fenêtre.

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...