Votre question

[Résolu] Bluestreak, DoubleClick and Tradedoubler.

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Janvier 2010 02:28:58

Bonjour à tous et à toutes.

Alors, si je poste une demande d'aide aujourd'hui, c'est pour demander de l'aide contre trois spyware qui reviennent tous les jours:

Bluestreak; DoubleClick et Tradedoubler.

Depuis un moment, je n'arrive plus à utiliser pleinement certains programmes ou même jeux ( le pc freeze et seul un redémarrage forcé règle le problème ).

Du coup, tous les matins, voir même le soir, je dois refaire un scan Spybot pour les éliminer.

Pourquoi reviennent-ils ? Ont-ils pris source dans les racines ? Je navigue toujours sur Firerox dernière version, je n'ai qu'un seul module dont je me sert qui est "Click Youtube Video downloader" et aucune barre d'outils genre hotmail ou msn qui pourrirait l'interface.

Bref, en parlant de modules, j'ai deux modules Firefox qui me semble suspect dont je n'ai aucune idée de leur utilité ( et même mon ami Google n'a pas put me renseigner... ), leur noms:

ACE Helper Class

WSO Helper Class

Ayant peur que ce soit des trucs pas net, je les laisse désactiver. D'ailleurs, Firefox refuse de les supprimer. Sont-ils dont lié à Firefox lui-même ou ce sont des modules traitres ou que sais-je encore ?

Merci beaucoup d'avance,

Sarken,
HS.

Autres pages sur : resolu bluestreak doubleclick and tradedoubler

a c 295 8 Sécurité
7 Janvier 2010 03:59:52

Bonjour,

Nous allons regarder ça :

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    7 Janvier 2010 05:35:01

    Voici les deux rapports:

    log.txt:

    Citation :
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Dimitri at 2010-01-07 05:32:35
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 50 GB (49%) free of 102 GB
    Total RAM: 1279 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:32:36, on 7/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdpcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
    C:\Program Files\Lexmark Z2300 Series\ezprint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Dimitri\Desktop\RSIT.exe
    C:\Program Files\trend micro\Dimitri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kh-kingdom.1fr1.net/index.htm?sid=a07c9d5748347d...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
    O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Gameztar Toolbar - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
    O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 9254 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
    Automated Content Enhancer - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll [2009-12-15 217088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-30 329312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
    Content Management Wizard - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll [2009-12-15 1323008]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
    Textual Content Provider - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll [2009-12-09 376832]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
    MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
    {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - Gameztar Toolbar - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
    "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-03-26 794624]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
    "VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-30 198160]
    "lxdpmon.exe"=C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe [2008-03-27 656040]
    "EzPrint"=C:\Program Files\Lexmark Z2300 Series\ezprint.exe [2008-03-27 107176]
    "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
    "Internet Today Task"=C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
    "C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
    "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
    "C:\WINDOWS\system32\lxdpcoms.exe"="C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:p rinter Status Window Interface"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable"
    "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"="C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:p rinter Device Monitor"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
    "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Nexon\DFO\DFO.exe"="C:\Nexon\DFO\DFO.exe:*:Enabled:D ungeon Fighter Online"
    "C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
    "C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
    "D:\Electronic Arts\BattleForge\Bootstrapper.exe"="D:\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
    "D:\Electronic Arts\BattleForge\BattleForge.exe"="D:\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
    "C:\Ntreev\Grand Chase\main.exe"="C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway"
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
    shell\Open\command - H:\resycled\boot.com g:


    ======List of files/folders created in the last 1 months======

    2010-01-07 05:27:44 ----D---- C:\Program Files\trend micro
    2010-01-07 05:27:42 ----D---- C:\rsit
    2010-01-06 12:56:12 ----D---- C:\Program Files\GameTribe
    2009-12-24 05:34:29 ----D---- C:\Program Files\portalgraphics
    2009-12-17 22:16:27 ----D---- C:\Program Files\QuestService
    2009-12-17 22:16:27 ----D---- C:\Documents and Settings\All Users\Application Data\QuestService
    2009-12-17 22:15:51 ----D---- C:\Program Files\Textual Content Provider
    2009-12-17 22:15:45 ----D---- C:\Program Files\Content Management Wizard
    2009-12-17 22:15:37 ----D---- C:\Program Files\Internet Today
    2009-12-17 22:15:25 ----D---- C:\Program Files\Automated Content Enhancer
    2009-12-17 22:15:20 ----D---- C:\Program Files\Web Search Operator
    2009-12-16 15:42:29 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-12-16 15:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-15 19:42:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\skypePM
    2009-12-15 19:40:53 ----D---- C:\Documents and Settings\Dimitri\Application Data\Skype
    2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files\Skype
    2009-12-15 19:31:08 ----RD---- C:\Program Files\Skype
    2009-12-15 19:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-12-15 16:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
    2009-12-15 13:42:50 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
    2009-12-15 13:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard

    ======List of files/folders modified in the last 1 months======

    2010-01-07 05:31:53 ----D---- C:\Program Files\Mozilla Firefox
    2010-01-07 05:30:46 ----D---- C:\Program Files\Common Files\Akamai
    2010-01-07 05:30:32 ----D---- C:\WINDOWS\Temp
    2010-01-07 05:30:27 ----A---- C:\WINDOWS\RTacDbg.txt
    2010-01-07 05:30:20 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-01-07 05:30:18 ----D---- C:\WINDOWS
    2010-01-07 05:28:54 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-01-07 05:27:50 ----D---- C:\WINDOWS\Prefetch
    2010-01-07 05:27:44 ----D---- C:\Program Files
    2010-01-06 20:52:03 ----D---- C:\Program Files\Warcraft III
    2010-01-06 09:51:38 ----D---- C:\Program Files\Pando Networks
    2010-01-06 08:36:44 ----D---- C:\Documents and Settings\Dimitri\Application Data\gtk-2.0
    2010-01-06 06:44:58 ----D---- C:\WINDOWS\Minidump
    2010-01-06 03:01:24 ----D---- C:\WINDOWS\system32\drivers
    2009-12-30 23:57:13 ----D---- C:\WINDOWS\system32
    2009-12-29 22:42:09 ----D---- C:\Program Files\Free Video Converter
    2009-12-24 05:34:31 ----SHD---- C:\WINDOWS\Installer
    2009-12-24 05:34:31 ----SD---- C:\Documents and Settings\Dimitri\Application Data\Microsoft
    2009-12-22 21:56:57 ----D---- C:\Program Files\Common Files\Adobe
    2009-12-18 09:00:11 ----D---- C:\Program Files\RPG Maker VX
    2009-12-18 08:58:28 ----D---- C:\Program Files\RPG Maker 2003
    2009-12-18 08:58:17 ----D---- C:\Program Files\RMXP
    2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files
    2009-12-10 18:32:55 ----RSD---- C:\WINDOWS\Fonts

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-10-17 129888]
    R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-10-17 32048]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-23 21035]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
    R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-10 38144]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
    R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
    R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
    S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-21 235100]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-10-25 270720]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
    R2 lxdp_device;lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [2008-02-27 594600]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [2008-02-27 98984]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------


    info.txt:

    Citation :
    info.txt logfile of random's system information tool 1.06 2010-01-07 05:32:37

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
    Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
    Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    BattleForge™-->MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
    CloudNine-->"C:\Program Files\InstallShield Installation Information\{A0CD6AEA-A97A-4C0A-80A9-D623C358273F}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Combat Arms EU-->"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
    DFOLauncher-->C:\Nexon\DFO\DFOLauncher.exe -uninstall?DFO
    Dragonica(FR)-->C:\Program Files\gPotato.eu\Dragonica\uninst.exe
    Free FLV Converter V 6.6.3-->"C:\Program Files\Free FLV Converter\unins000.exe"
    Free Video Converter V 2.1-->"C:\Program Files\Free Video Converter\unins000.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
    GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    GKLauncher-->"C:\Program Files\InstallShield Installation Information\{961346DF-FE43-4392-99FC-47B1F5A882C3}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Grand Chase-->C:\Ntreev\Grand Chase\uninst.exe
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
    ijji REACTOR-->"C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
    Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
    League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
    Lexmark Z2300 Series-->C:\Program Files\Lexmark Z2300 Series\Install\x86\Uninst.exe
    LUNA Online v1.0.0-->C:\gPotato\Luna Online\uninst.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
    Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN Toolbar-->MsiExec.exe /I{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
    openCanvas3.03E Plus-->MsiExec.exe /X{7F03BDCD-E21B-4035-9FC6-9DF100006841}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Paragon Drive Backup™ 9 Personal-->MsiExec.exe /I{F8013DD1-574B-4921-A473-88A2F7A34D16}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
    REALTEK USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{BE686891-3C56-4714-AFEF-341A7867BA80}\Install.exe -uninst -l0x40C
    RPG Maker 2003-->C:\Program Files\RPG Maker 2003\Désinstaller.exe
    Rubber Ninjas Demo 1.0-->"C:\Program Files\Rubber Ninjas Demo\unins000.exe"
    S4 League_EU-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\Setup.exe" -l0x9
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
    Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Tales of Pirates Online-->"C:\Program Files\Tales of Pirates Online\unins000.exe"
    VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
    Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
    Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

    ======Security center information======

    AV: AntiVir Desktop

    ======System event log======

    Computer Name: DIMITRI_MAISON
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 5868
    Source Name: Tcpip
    Time Written: 20091124173329.000000+060
    Event Type: warning
    User:

    Computer Name: DIMITRI_MAISON
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 5867
    Source Name: Tcpip
    Time Written: 20091124170603.000000+060
    Event Type: warning
    User:

    Computer Name: DIMITRI_MAISON
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 5866
    Source Name: Tcpip
    Time Written: 20091124163625.000000+060
    Event Type: warning
    User:

    Computer Name: DIMITRI_MAISON
    Event Code: 7000
    Message: The lxdpCATSCustConnectService service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    Record Number: 5847
    Source Name: Service Control Manager
    Time Written: 20091124142115.000000+060
    Event Type: error
    User:

    Computer Name: DIMITRI_MAISON
    Event Code: 7009
    Message: Timeout (30000 milliseconds) waiting for the lxdpCATSCustConnectService service to connect.

    Record Number: 5846
    Source Name: Service Control Manager
    Time Written: 20091124142115.000000+060
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: DIMITRI_MAISON
    Event Code: 1102
    Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


    Record Number: 199
    Source Name: .NET Runtime Optimization Service
    Time Written: 20090810031132.000000+120
    Event Type:
    User:

    Computer Name: DIMITRI_MAISON
    Event Code: 1102
    Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


    Record Number: 197
    Source Name: .NET Runtime Optimization Service
    Time Written: 20090810031130.000000+120
    Event Type:
    User:

    Computer Name: DIMITRI_MAISON
    Event Code: 1102
    Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


    Record Number: 195
    Source Name: .NET Runtime Optimization Service
    Time Written: 20090810031130.000000+120
    Event Type:
    User:

    Computer Name: DIMITRI_MAISON
    Event Code: 1102
    Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


    Record Number: 193
    Source Name: .NET Runtime Optimization Service
    Time Written: 20090810031128.000000+120
    Event Type:
    User:

    Computer Name: DIMITRI_MAISON
    Event Code: 1102
    Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


    Record Number: 191
    Source Name: .NET Runtime Optimization Service
    Time Written: 20090810031126.000000+120
    Event Type:
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2c02
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------



    Sarken,
    HS.
    Contenus similaires
    a c 295 8 Sécurité
    7 Janvier 2010 16:56:42

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option L.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    7 Janvier 2010 22:09:19

    Empêchement: le fichier suivant est manquant:

    http://image.netenviesdemariage.com/images/12628984831l66097.png

    De plus, il ne me propose pas de choisir la langue en lançant le programme, même si ça, je ne pense pas que ça soit grave.

    Le message apparait après le reboot de l'ordinateur, au moment de démarrer la session. Le fond d'écran apparait, et juste avant que le bureau ne vienne, il ne veut pas démarrer Ad-Remover.

    Sarken,
    HS.
    a c 295 8 Sécurité
    7 Janvier 2010 22:11:51

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    7 Janvier 2010 22:28:27

    Voici le rapport d'analyse:

    Citation :
    Malwarebytes' Anti-Malware 1.43
    Version de la base de données: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/01/2010 22:23:30
    mbam-log-2010-01-07 (22-23-30).txt

    Type de recherche: Examen rapide
    Eléments examinés: 113936
    Temps écoulé: 4 minute(s), 33 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 48
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 44
    Fichier(s) infecté(s): 158

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Adware.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\Data (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\data (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\Data (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290 (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290 (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960 (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810 (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator\4.1.0.2080 (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator\4.1.0.2080 (Adware.DoubleD) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_RSS.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Option_Menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS_Menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS_Menu.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\WSOpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\tcppx.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\LRI.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\QuestService\questservice110.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-221526.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-221636.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-224436.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-010516.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-035926.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-082251.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-084940.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-085446.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-091802.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-132526.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-145941.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-150818.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091227-002401.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091222-183508.431.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091222-183556.243.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091228-151653.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091228-152220.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091231-153335.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20100105-143421.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-221531.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-221636.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-224437.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-010516.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-035926.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-082253.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-084940.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-085446.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-091802.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-132526.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-145941.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_Data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_DomainExcludeList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_DomainInterval.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator\4.1.0.2080\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator\4.1.0.2080\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    a c 295 8 Sécurité
    7 Janvier 2010 22:39:20

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan RSIT et poste le rapport log.
    7 Janvier 2010 22:42:36

    Tiens, ça fait une sensation de fraicheur, mon pc semble plus rapide x). Bref, voici le rapport log.txt:

    Citation :
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Dimitri at 2010-01-07 22:40:46
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 50 GB (49%) free of 102 GB
    Total RAM: 1279 MB (69% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:40:50, on 7/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdpcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
    C:\Program Files\Lexmark Z2300 Series\ezprint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Dimitri\Desktop\RSIT.exe
    C:\Program Files\trend micro\Dimitri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kh-kingdom.1fr1.net/index.htm?sid=a07c9d5748347d...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
    O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 8435 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-30 329312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
    MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
    "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-03-26 794624]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
    "VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-30 198160]
    "lxdpmon.exe"=C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe [2008-03-27 656040]
    "EzPrint"=C:\Program Files\Lexmark Z2300 Series\ezprint.exe [2008-03-27 107176]
    "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
    "C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
    "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
    "C:\WINDOWS\system32\lxdpcoms.exe"="C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:p rinter Status Window Interface"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable"
    "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"="C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:p rinter Device Monitor"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
    "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Nexon\DFO\DFO.exe"="C:\Nexon\DFO\DFO.exe:*:Enabled:D ungeon Fighter Online"
    "C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
    "C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
    "D:\Electronic Arts\BattleForge\Bootstrapper.exe"="D:\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
    "D:\Electronic Arts\BattleForge\BattleForge.exe"="D:\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
    "C:\Ntreev\Grand Chase\main.exe"="C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway"
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
    shell\Open\command - H:\resycled\boot.com g:


    ======List of files/folders created in the last 1 months======

    2010-01-07 22:15:32 ----D---- C:\Documents and Settings\Dimitri\Application Data\Malwarebytes
    2010-01-07 22:15:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-01-07 22:15:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-01-07 05:27:44 ----D---- C:\Program Files\trend micro
    2010-01-07 05:27:42 ----D---- C:\rsit
    2010-01-06 12:56:12 ----D---- C:\Program Files\GameTribe
    2009-12-24 05:34:29 ----D---- C:\Program Files\portalgraphics
    2009-12-16 15:42:29 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-12-16 15:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-15 19:42:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\skypePM
    2009-12-15 19:40:53 ----D---- C:\Documents and Settings\Dimitri\Application Data\Skype
    2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files\Skype
    2009-12-15 19:31:08 ----RD---- C:\Program Files\Skype
    2009-12-15 19:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-12-15 16:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
    2009-12-15 13:42:50 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
    2009-12-15 13:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard

    ======List of files/folders modified in the last 1 months======

    2010-01-07 22:40:13 ----D---- C:\Program Files\Mozilla Firefox
    2010-01-07 22:26:27 ----D---- C:\Program Files\Common Files\Akamai
    2010-01-07 22:26:15 ----D---- C:\WINDOWS\Temp
    2010-01-07 22:26:05 ----A---- C:\WINDOWS\RTacDbg.txt
    2010-01-07 22:26:00 ----D---- C:\WINDOWS
    2010-01-07 22:25:56 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-01-07 22:25:30 ----D---- C:\WINDOWS\system32\drivers
    2010-01-07 22:24:25 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-01-07 22:24:13 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
    2010-01-07 22:23:29 ----D---- C:\Program Files
    2010-01-07 22:23:04 ----D---- C:\WINDOWS\Prefetch
    2010-01-07 22:06:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\gtk-2.0
    2010-01-07 20:21:25 ----D---- C:\Program Files\Warcraft III
    2010-01-06 09:51:38 ----D---- C:\Program Files\Pando Networks
    2010-01-06 06:44:58 ----D---- C:\WINDOWS\Minidump
    2009-12-30 23:57:13 ----D---- C:\WINDOWS\system32
    2009-12-29 22:42:09 ----D---- C:\Program Files\Free Video Converter
    2009-12-24 05:34:31 ----SHD---- C:\WINDOWS\Installer
    2009-12-24 05:34:31 ----SD---- C:\Documents and Settings\Dimitri\Application Data\Microsoft
    2009-12-22 21:56:57 ----D---- C:\Program Files\Common Files\Adobe
    2009-12-18 09:00:11 ----D---- C:\Program Files\RPG Maker VX
    2009-12-18 08:58:28 ----D---- C:\Program Files\RPG Maker 2003
    2009-12-18 08:58:17 ----D---- C:\Program Files\RMXP
    2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files
    2009-12-10 18:32:55 ----RSD---- C:\WINDOWS\Fonts

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-10-17 129888]
    R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-10-17 32048]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-23 21035]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
    R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-10 38144]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
    R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
    R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
    S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-21 235100]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-10-25 270720]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
    R2 lxdp_device;lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [2008-02-27 594600]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [2008-02-27 98984]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------


    Sarken,
    HS.
    a c 295 8 Sécurité
    7 Janvier 2010 23:26:24

  • Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix pour l'exécuter.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    7 Janvier 2010 23:37:40

    Voici le rapport UsbFix:

    Citation :

    ############################## | UsbFix V6.071 |

    User : Dimitri (Administrators) # DIMITRI_MAISON
    Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 11:32:25 PM | 1/7/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Sempron(tm) Processor 3400+
    Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> 3 1/2 Inch Floppy Drive
    C:\ -> Local Fixed Disk # 100 Go (49.3 Go free) [Windows] # NTFS
    D:\ -> Local Fixed Disk # 298.09 Go (260.89 Go free) [Sauvegarde ] # NTFS
    E:\ -> Local Fixed Disk # 54.88 Go (40.81 Go free) [AncienWin] # NTFS
    F:\ -> Local Fixed Disk # 143.21 Go (100.25 Go free) [Ecole Dim] # NTFS
    G:\ -> CD-ROM Disc
    H:\ -> Removable Disk # 963.7 Mo (859.7 Mo free) # FAT

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 556
    C:\WINDOWS\system32\csrss.exe 636
    C:\WINDOWS\system32\winlogon.exe 660
    C:\WINDOWS\system32\services.exe 704
    C:\WINDOWS\system32\lsass.exe 716
    C:\WINDOWS\system32\nvsvc32.exe 888
    C:\WINDOWS\system32\svchost.exe 932
    C:\WINDOWS\system32\svchost.exe 996
    C:\WINDOWS\System32\svchost.exe 1096
    C:\WINDOWS\system32\svchost.exe 1160
    C:\WINDOWS\system32\svchost.exe 1252
    C:\WINDOWS\system32\spoolsv.exe 1508
    C:\Program Files\Avira\AntiVir Desktop\sched.exe 1552
    C:\WINDOWS\System32\svchost.exe 1656
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1668
    C:\WINDOWS\System32\svchost.exe 1756
    C:\Program Files\Java\jre6\bin\jqs.exe 1784
    C:\WINDOWS\system32\lxdpcoms.exe 1908
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1920
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1952
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2008
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 188
    C:\WINDOWS\system32\svchost.exe 324
    C:\Program Files\Windows Media Player\WMPNetwk.exe 680
    C:\WINDOWS\Explorer.EXE 1432
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 452
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe 480
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 496
    C:\WINDOWS\vVX3000.exe 572
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe 596
    C:\Program Files\Lexmark Z2300 Series\ezprint.exe 612
    C:\WINDOWS\system32\RUNDLL32.EXE 120
    C:\Program Files\Java\jre6\bin\jusched.exe 840
    C:\WINDOWS\system32\ctfmon.exe 1036
    C:\WINDOWS\System32\alg.exe 2504
    C:\WINDOWS\system32\wuauclt.exe 2072
    C:\WINDOWS\system32\wscntfy.exe 752
    C:\Program Files\Mozilla Firefox\firefox.exe 2272
    C:\WINDOWS\system32\wbem\wmiprvse.exe 3336

    ################## | Elements infectieux |


    ################## | Registre |


    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
    Shell\Open\command =H:\resycled\boot.com g:

    ################## | Cracks > Keygens > Serials |


    ################## | ! Fin du rapport # UsbFix V6.071 ! |

    a c 295 8 Sécurité
    7 Janvier 2010 23:49:26

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix présent sur ton Bureau pour le lancer.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    8 Janvier 2010 00:00:59

    Nouveau rapport UsbFix.txt:

    Citation :

    ############################## | UsbFix V6.071 |

    User : Dimitri (Administrators) # DIMITRI_MAISON
    Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 11:51:54 PM | 1/7/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Sempron(tm) Processor 3400+
    Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    A:\ -> 3 1/2 Inch Floppy Drive
    C:\ -> Local Fixed Disk # 100 Go (49.26 Go free) [Windows] # NTFS
    D:\ -> Local Fixed Disk # 298.09 Go (260.89 Go free) [Sauvegarde ] # NTFS
    E:\ -> Local Fixed Disk # 54.88 Go (40.81 Go free) [AncienWin] # NTFS
    F:\ -> Local Fixed Disk # 143.21 Go (100.25 Go free) [Ecole Dim] # NTFS
    G:\ -> CD-ROM Disc
    H:\ -> Removable Disk # 963.7 Mo (859.7 Mo free) # FAT

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 552
    C:\WINDOWS\system32\csrss.exe 632
    C:\WINDOWS\system32\winlogon.exe 656
    C:\WINDOWS\system32\services.exe 700
    C:\WINDOWS\system32\lsass.exe 712
    C:\WINDOWS\system32\nvsvc32.exe 896
    C:\WINDOWS\system32\svchost.exe 928
    C:\WINDOWS\system32\svchost.exe 992
    C:\WINDOWS\System32\svchost.exe 1088
    C:\WINDOWS\system32\svchost.exe 1156
    C:\WINDOWS\system32\svchost.exe 1248
    C:\WINDOWS\system32\logonui.exe 1288
    C:\WINDOWS\system32\spoolsv.exe 1500
    C:\Program Files\Avira\AntiVir Desktop\sched.exe 1548
    C:\WINDOWS\System32\svchost.exe 1644
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1660
    C:\WINDOWS\System32\svchost.exe 1748
    C:\Program Files\Java\jre6\bin\jqs.exe 1784
    C:\WINDOWS\system32\lxdpcoms.exe 1900
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1912
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1944
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2000
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 184
    C:\WINDOWS\system32\svchost.exe 268
    C:\Program Files\Windows Media Player\WMPNetwk.exe 956
    C:\WINDOWS\System32\alg.exe 2156
    C:\WINDOWS\system32\userinit.exe 2404
    C:\WINDOWS\Explorer.EXE 2588
    C:\WINDOWS\system32\wbem\wmiprvse.exe 3156

    ################## | Elements infectieux |

    Supprimé ! C:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
    Supprimé ! D:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
    Supprimé ! D:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003
    Supprimé ! E:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
    Supprimé ! E:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003
    Supprimé ! F:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
    Supprimé ! F:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003

    ################## | Registre |


    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [05/08/2009 17:54|--a------|0] C:\AUTOEXEC.BAT
    [05/08/2009 17:27|---hs----|322] C:\boot.ini
    [05/08/2009 17:54|--a------|0] C:\CONFIG.SYS
    [04/12/2009 22:22|--a------|1164] C:\ijjiFFPlugin.log
    [16/12/2009 02:31|--a------|152088] C:\img2-001.raw
    [05/08/2009 17:54|-rahs----|0] C:\IO.SYS
    [05/08/2009 18:38|--a------|358] C:\LogEnbWinV.txt
    [05/08/2009 18:38|--a------|29] C:\LogProsType.txt
    [05/08/2009 17:54|-rahs----|0] C:\MSDOS.SYS
    [03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM
    [07/08/2009 20:02|-rahs----|250048] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [07/01/2010 23:55|--a------|3584] C:\UsbFix.txt
    [07/11/2007 07:00|--a------|17734] D:\eula.1028.txt
    [07/11/2007 07:00|--a------|17734] D:\eula.1031.txt
    [07/11/2007 07:00|--a------|10134] D:\eula.1033.txt
    [07/11/2007 07:00|--a------|17734] D:\eula.1036.txt
    [07/11/2007 07:00|--a------|17734] D:\eula.1040.txt
    [07/11/2007 07:00|--a------|118] D:\eula.1041.txt
    [07/11/2007 07:00|--a------|17734] D:\eula.1042.txt
    [07/11/2007 07:00|--a------|17734] D:\eula.2052.txt
    [07/11/2007 07:00|--a------|17734] D:\eula.3082.txt
    [07/05/2009 14:07|--a------|24252] D:\Fan fiction Nameless Story.rtf
    [07/11/2007 07:00|--a------|1110] D:\globdata.ini
    [07/11/2007 07:00|--a------|843] D:\install.ini
    [07/11/2007 07:03|--a------|76304] D:\install.res.1028.dll
    [07/11/2007 07:03|--a------|96272] D:\install.res.1031.dll
    [07/11/2007 07:03|--a------|91152] D:\install.res.1033.dll
    [07/11/2007 07:03|--a------|97296] D:\install.res.1036.dll
    [07/11/2007 07:03|--a------|95248] D:\install.res.1040.dll
    [07/11/2007 07:03|--a------|81424] D:\install.res.1041.dll
    [07/11/2007 07:03|--a------|79888] D:\install.res.1042.dll
    [07/11/2007 07:03|--a------|75792] D:\install.res.2052.dll
    [07/11/2007 07:03|--a------|96272] D:\install.res.3082.dll
    [10/09/2009 17:52|--a------|440879117] D:\top_setup_2.00_20090908.exe
    [07/11/2007 07:00|--a------|5686] D:\vcredist.bmp
    [07/11/2007 07:09|--a------|1442522] D:\VC_RED.cab
    [07/11/2007 07:12|--a------|232960] D:\VC_RED.MSI
    [05/07/2009 02:03|--a------|2] E:\-663425636
    [07/03/2009 11:05|--a------|0] E:\AUTOEXEC.BAT
    [04/08/2009 15:10|--a------|12376] E:\avenger.txt
    [04/08/2009 16:26|--a------|23095] E:\ComboFix.txt
    [07/03/2009 11:05|--a------|0] E:\CONFIG.SYS
    [21/07/2009 16:36|--a------|7776] E:\FindyKill.txt
    [07/03/2009 11:05|-rahs----|0] E:\IO.SYS
    [07/03/2009 11:05|-rahs----|0] E:\MSDOS.SYS
    [21/07/2009 16:32|--a------|5403] E:\UsbFix.txt
    [23/05/2008 14:39|--ah-----|4096] H:\._.Trashes
    [03/04/2007 05:30|--a------|138491] H:\Informations juridiques.pdf
    [24/07/1996 13:32|-ra------|43080] H:\CRESSID.TTF

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix.
    # D:\autorun.inf -> Dossier créé par UsbFix.
    # E:\autorun.inf -> Dossier créé par UsbFix.
    # F:\autorun.inf -> Dossier créé par UsbFix.
    # H:\autorun.inf -> Dossier créé par UsbFix.

    ################## | Crack > Keygen > Serial |


    ################## | Upload |

    Veuillez envoyer le fichier : C:\DOCUME~1\Dimitri\Desktop\UsbFix_Upload_Me_DIMITRI_MAISON.zip : http://chiquitine.changelog.fr/Sample/Upload.php
    Merci pour votre contribution .
    a c 295 8 Sécurité
    8 Janvier 2010 00:09:40

  • Relance UsbFix et choisis l'option 6 pour le désinstaller.

  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages puis valide.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    8 Janvier 2010 02:35:23

    Scan fini, voici le rapport:

    Citation :


    Avira AntiVir Personal
    Report file date: vendredi 8 janvier 2010 00:13

    Scanning for 1508687 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : DIMITRI_MAISON

    Version information:
    BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 12/8/2009 20:23:41
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 09:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 09:58:52
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 20:53:09
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 20:54:40
    VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 20:54:40
    VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 20:54:41
    VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 20:54:41
    VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 20:54:41
    VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 20:54:41
    VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 20:54:41
    VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 20:54:42
    VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 20:54:42
    VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 20:54:42
    VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 20:54:42
    VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 20:54:42
    VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 20:20:40
    VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 20:20:57
    VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 20:21:20
    VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 20:21:53
    VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 20:21:57
    VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 20:22:32
    VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 20:22:53
    VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 20:22:59
    VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 18:33:21
    VBASE022.VDF : 7.10.2.132 2048 Bytes 1/7/2010 18:33:21
    VBASE023.VDF : 7.10.2.133 2048 Bytes 1/7/2010 18:33:21
    VBASE024.VDF : 7.10.2.134 2048 Bytes 1/7/2010 18:33:21
    VBASE025.VDF : 7.10.2.135 2048 Bytes 1/7/2010 18:33:21
    VBASE026.VDF : 7.10.2.136 2048 Bytes 1/7/2010 18:33:21
    VBASE027.VDF : 7.10.2.137 2048 Bytes 1/7/2010 18:33:22
    VBASE028.VDF : 7.10.2.138 2048 Bytes 1/7/2010 18:33:22
    VBASE029.VDF : 7.10.2.139 2048 Bytes 1/7/2010 18:33:22
    VBASE030.VDF : 7.10.2.140 2048 Bytes 1/7/2010 18:33:22
    VBASE031.VDF : 7.10.2.144 98816 Bytes 1/7/2010 18:33:23
    Engineversion : 8.2.1.130
    AEVDF.DLL : 8.1.1.2 106867 Bytes 9/16/2009 05:13:38
    AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/5/2010 18:34:03
    AESCN.DLL : 8.1.3.0 127348 Bytes 12/10/2009 20:22:12
    AESBX.DLL : 8.1.1.1 246132 Bytes 11/24/2009 20:55:10
    AERDL.DLL : 8.1.3.4 479605 Bytes 12/1/2009 20:21:01
    AEPACK.DLL : 8.2.0.4 422263 Bytes 1/5/2010 18:33:54
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 08:59:39
    AEHEUR.DLL : 8.1.0.192 2195833 Bytes 1/5/2010 18:33:47
    AEHELP.DLL : 8.1.9.0 237943 Bytes 12/16/2009 20:22:01
    AEGEN.DLL : 8.1.1.83 369014 Bytes 1/5/2010 18:33:30
    AEEMU.DLL : 8.1.1.0 393587 Bytes 10/7/2009 14:52:49
    AECORE.DLL : 8.1.9.1 180598 Bytes 12/10/2009 20:22:12
    AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 13:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
    AVPREF.DLL : 9.0.3.0 44289 Bytes 12/8/2009 20:23:41
    AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 09:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 14:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 09:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 14:39:58
    RCTEXT.DLL : 9.0.73.0 86785 Bytes 12/8/2009 20:23:41

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, E:, F:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: vendredi 8 janvier 2010 00:13

    Starting search for hidden objects.
    '42621' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
    Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'lxdpcoms.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    C:\WINDOWS\system32\wini.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan

    The registry was scanned ( '58' files ).


    Starting the file scan:

    Begin scan in 'C:\' <Windows>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\39\6cfeb967-3bca1bab
    [0] Archive type: ZIP
    --> myf/y/PayloadX.class
    [DETECTION] Contains recognition pattern of the JAVA/OpenStream.AD Java virus
    C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\63\74c64fbf-79077aca
    [0] Archive type: ZIP
    --> Inicio.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.D Java virus
    C:\Documents and Settings\Dimitri\Desktop\AD-R.exe
    [0] Archive type: NSIS
    --> ProgramFilesDir/List.dat
    [DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Mozilla\Firefox\Profiles\funp17i4.default\Cache\3238B50Fd01
    [0] Archive type: NSIS
    --> ProgramFilesDir/List.dat
    [DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
    C:\Documents and Settings\Dimitri\My Documents\rmxp_1.01_fr_Bodom_RaBBi.rar
    [0] Archive type: RAR
    --> rmxp_1.0.0.1_fr_Bodom_RaBBi.exe
    [DETECTION] Contains recognition pattern of the DR/Genome.esg dropper
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040635.exe
    [DETECTION] Is the TR/Copiet.B.1 Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040645.exe
    [0] Archive type: CAB SFX (self extracting)
    --> Graphics\Animations\002-Action02.png
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040702.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040704.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040714.rbf
    [DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040715.rbf
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040716.rbf
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040717.rbf
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040719.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040721.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040722.exe
    [DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040724.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040738.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040754.exe
    [DETECTION] Is the TR/Dldr.Agent.cxyf.1 Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP70\A0042053.exe
    [DETECTION] Is the TR/Dldr.Agent.cxyf.15 Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050692.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050693.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050694.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050696.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050698.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050699.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050700.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050701.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050702.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050703.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050704.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050705.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050707.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050708.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050709.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050710.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050711.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050712.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050713.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050715.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050716.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050717.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050718.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050719.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050720.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\WINDOWS\system32\wini.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    Begin scan in 'D:\' <Sauvegarde >
    Begin scan in 'E:\' <AncienWin>
    E:\_OTM\MovedFiles\08042009_153111\Documents and Settings\All Users\Application Data\19471254\19471254.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    E:\_OTM\MovedFiles\08042009_153111\WINDOWS\TEMP\hrevftbnnb.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    Begin scan in 'F:\' <Ecole Dim>

    Beginning disinfection:
    C:\WINDOWS\system32\wini.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '4bb48ac8.qua'!
    C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\39\6cfeb967-3bca1bab
    [NOTE] The file was moved to '4bac8ac2.qua'!
    C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\63\74c64fbf-79077aca
    [NOTE] The file was moved to '4ba98a93.qua'!
    C:\Documents and Settings\Dimitri\Desktop\AD-R.exe
    [NOTE] The file was moved to '4b738aa3.qua'!
    C:\Documents and Settings\Dimitri\Local Settings\Application Data\Mozilla\Firefox\Profiles\funp17i4.default\Cache\3238B50Fd01
    [NOTE] The file was moved to '4b798a91.qua'!
    C:\Documents and Settings\Dimitri\My Documents\rmxp_1.01_fr_Bodom_RaBBi.rar
    [NOTE] The file was moved to '4bbe8acd.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040635.exe
    [DETECTION] Is the TR/Copiet.B.1 Trojan
    [NOTE] The file was moved to '4b768a90.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040702.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '4808be91.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040704.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '48f6c901.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040714.rbf
    [DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
    [NOTE] The file was moved to '480d9639.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040715.rbf
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '480ba6a9.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040716.rbf
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '4af51959.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040717.rbf
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '4af6f6e1.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040719.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '4809b159.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040721.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '4b768a91.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040722.exe
    [DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
    [NOTE] The file was moved to '48f4c1f2.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040724.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '48f5d9ba.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040738.exe
    [DETECTION] Is the TR/Dldr.Agent.cxye Trojan
    [NOTE] The file was moved to '4b768a92.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040754.exe
    [DETECTION] Is the TR/Dldr.Agent.cxyf.1 Trojan
    [NOTE] The file was moved to '48f3e82b.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP70\A0042053.exe
    [DETECTION] Is the TR/Dldr.Agent.cxyf.15 Trojan
    [NOTE] The file was moved to '48f0e013.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050692.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48f1f8db.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050693.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '4b768a93.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050694.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48ff0b4c.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050696.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48fc0334.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050698.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48fd1bfc.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050699.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48fa13a4.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050700.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48fb2a6c.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050701.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48f82254.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050702.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48f93a1c.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050703.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e632c4.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050704.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e74a8c.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050705.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e44d74.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050707.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e5453c.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050708.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e25de4.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050709.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e355ac.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050710.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e06d94.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050711.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e1645c.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050712.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48ee7c04.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050713.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48ef74cc.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050715.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48ed8cb4.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050716.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48ea877c.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050717.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48eb9f24.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050718.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e897ec.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050719.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e9afd4.qua'!
    C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050720.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48d6a79c.qua'!
    C:\WINDOWS\system32\wini.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
    [WARNING] The source file could not be found.
    [NOTE] Attempting to perform action using the ARK library.
    [WARNING] Error in ARK library
    [NOTE] The file is scheduled for deleting after reboot.
    E:\_OTM\MovedFiles\08042009_153111\Documents and Settings\All Users\Application Data\19471254\19471254.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4b7a8ab5.qua'!
    E:\_OTM\MovedFiles\08042009_153111\WINDOWS\TEMP\hrevftbnnb.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4bab8aef.qua'!


    End of the scan: vendredi 8 janvier 2010 02:29
    Used time: 2:15:42 Hour(s)

    The scan has been done completely.

    16598 Scanned directories
    737931 Files were scanned
    48 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    47 Files were moved to quarantine
    0 Files were renamed
    1 Files cannot be scanned
    737882 Files not concerned
    7846 Archives were scanned
    4 Warnings
    49 Notes
    42621 Objects were scanned with rootkit scan
    0 Hidden objects were found

    a c 295 8 Sécurité
    8 Janvier 2010 02:59:55

    AntiVir Personal existe en français.

    Plus de souci ?
    8 Janvier 2010 03:02:57

    Merci, mais mon système d'exploitation est en anglais et je préfère donc laisser comme tel, histoire de m'habituer. Et j'ai une très bonne compréhension à la lecture anglophone, donc ça ne me pose aucun soucis.

    Quant au problème en lui-même, étant donné que le truc était qu'il revienne à chaque fois, je vais attendre 24h avant de juger si c'est réglé.

    merci encore et donc à dans 24h.

    ( ps: les deux modules Firefox suspects sont déjà partis, c'est déjà ça de fait. Pour les trois spy/malware, voyons s'ils reviennent ).

    Normalement, je pense que si à 22h, le problème n'est plus là, ça devrait être bon.

    Donc, à tout l'heure ^^.

    Encore merci ( je sais, je me répète ),

    Sarken,
    HS.
    a c 295 8 Sécurité
    8 Janvier 2010 03:57:59

    A tout à l'heure ;) 
    11 Janvier 2010 06:21:00

    Je viens annoncer avec un léger retard ( quoi ? pas tant que ça si ? ô_O okay, je sors ) que tout a l'air de fonctionner correctement ^~^

    Du moins, j'ai plus aucun freeze surprise ou autres embêtements du genre.

    Merci beaucoup de la prise en main ;]

    Sarken,
    HS.
    a c 295 8 Sécurité
    11 Janvier 2010 06:31:31

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Pour supprimer les popups d'AntiVir : Lien

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS