[Résolu] Bluestreak, DoubleClick and Tradedoubler.
Dernière réponse : dans Sécurité
Bonjour à tous et à toutes.
Alors, si je poste une demande d'aide aujourd'hui, c'est pour demander de l'aide contre trois spyware qui reviennent tous les jours:
Bluestreak; DoubleClick et Tradedoubler.
Depuis un moment, je n'arrive plus à utiliser pleinement certains programmes ou même jeux ( le pc freeze et seul un redémarrage forcé règle le problème ).
Du coup, tous les matins, voir même le soir, je dois refaire un scan Spybot pour les éliminer.
Pourquoi reviennent-ils ? Ont-ils pris source dans les racines ? Je navigue toujours sur Firerox dernière version, je n'ai qu'un seul module dont je me sert qui est "Click Youtube Video downloader" et aucune barre d'outils genre hotmail ou msn qui pourrirait l'interface.
Bref, en parlant de modules, j'ai deux modules Firefox qui me semble suspect dont je n'ai aucune idée de leur utilité ( et même mon ami Google n'a pas put me renseigner... ), leur noms:
ACE Helper Class
WSO Helper Class
Ayant peur que ce soit des trucs pas net, je les laisse désactiver. D'ailleurs, Firefox refuse de les supprimer. Sont-ils dont lié à Firefox lui-même ou ce sont des modules traitres ou que sais-je encore ?
Merci beaucoup d'avance,
Sarken,
HS.
Alors, si je poste une demande d'aide aujourd'hui, c'est pour demander de l'aide contre trois spyware qui reviennent tous les jours:
Bluestreak; DoubleClick et Tradedoubler.
Depuis un moment, je n'arrive plus à utiliser pleinement certains programmes ou même jeux ( le pc freeze et seul un redémarrage forcé règle le problème ).
Du coup, tous les matins, voir même le soir, je dois refaire un scan Spybot pour les éliminer.
Pourquoi reviennent-ils ? Ont-ils pris source dans les racines ? Je navigue toujours sur Firerox dernière version, je n'ai qu'un seul module dont je me sert qui est "Click Youtube Video downloader" et aucune barre d'outils genre hotmail ou msn qui pourrirait l'interface.
Bref, en parlant de modules, j'ai deux modules Firefox qui me semble suspect dont je n'ai aucune idée de leur utilité ( et même mon ami Google n'a pas put me renseigner... ), leur noms:
ACE Helper Class
WSO Helper Class
Ayant peur que ce soit des trucs pas net, je les laisse désactiver. D'ailleurs, Firefox refuse de les supprimer. Sont-ils dont lié à Firefox lui-même ou ce sont des modules traitres ou que sais-je encore ?
Merci beaucoup d'avance,
Sarken,
HS.
Autres pages sur : resolu bluestreak doubleclick and tradedoubler
Lassé par la pub ? Créez un compte
Bonjour,
Nous allons regarder ça :
Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
Clique sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
Nous allons regarder ça :
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
Voici les deux rapports:
log.txt:
Run by Dimitri at 2010-01-07 05:32:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (49%) free of 102 GB
Total RAM: 1279 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:36, on 7/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
C:\Program Files\Lexmark Z2300 Series\ezprint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dimitri\Desktop\RSIT.exe
C:\Program Files\trend micro\Dimitri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kh-kingdom.1fr1.net/index.htm?sid=a07c9d5748347d...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Gameztar Toolbar - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9254 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
Automated Content Enhancer - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll [2009-12-15 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-30 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
Content Management Wizard - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll [2009-12-15 1323008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
Textual Content Provider - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll [2009-12-09 376832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - Gameztar Toolbar - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-03-26 794624]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-30 198160]
"lxdpmon.exe"=C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe [2008-03-27 656040]
"EzPrint"=C:\Program Files\Lexmark Z2300 Series\ezprint.exe [2008-03-27 107176]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Internet Today Task"=C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\system32\lxdpcoms.exe"="C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled![:p]( ":p")
rinter Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"="C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled![:p]( ":p")
rinter Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Nexon\DFO\DFO.exe"="C:\Nexon\DFO\DFO.exe:*:Enabled![:D]( ":D")
ungeon Fighter Online"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Electronic Arts\BattleForge\Bootstrapper.exe"="D:\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
"D:\Electronic Arts\BattleForge\BattleForge.exe"="D:\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
"C:\Ntreev\Grand Chase\main.exe"="C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
shell\Open\command - H:\resycled\boot.com g:
======List of files/folders created in the last 1 months======
2010-01-07 05:27:44 ----D---- C:\Program Files\trend micro
2010-01-07 05:27:42 ----D---- C:\rsit
2010-01-06 12:56:12 ----D---- C:\Program Files\GameTribe
2009-12-24 05:34:29 ----D---- C:\Program Files\portalgraphics
2009-12-17 22:16:27 ----D---- C:\Program Files\QuestService
2009-12-17 22:16:27 ----D---- C:\Documents and Settings\All Users\Application Data\QuestService
2009-12-17 22:15:51 ----D---- C:\Program Files\Textual Content Provider
2009-12-17 22:15:45 ----D---- C:\Program Files\Content Management Wizard
2009-12-17 22:15:37 ----D---- C:\Program Files\Internet Today
2009-12-17 22:15:25 ----D---- C:\Program Files\Automated Content Enhancer
2009-12-17 22:15:20 ----D---- C:\Program Files\Web Search Operator
2009-12-16 15:42:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-16 15:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 19:42:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\skypePM
2009-12-15 19:40:53 ----D---- C:\Documents and Settings\Dimitri\Application Data\Skype
2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files\Skype
2009-12-15 19:31:08 ----RD---- C:\Program Files\Skype
2009-12-15 19:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-15 16:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-12-15 13:42:50 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-12-15 13:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
======List of files/folders modified in the last 1 months======
2010-01-07 05:31:53 ----D---- C:\Program Files\Mozilla Firefox
2010-01-07 05:30:46 ----D---- C:\Program Files\Common Files\Akamai
2010-01-07 05:30:32 ----D---- C:\WINDOWS\Temp
2010-01-07 05:30:27 ----A---- C:\WINDOWS\RTacDbg.txt
2010-01-07 05:30:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-07 05:30:18 ----D---- C:\WINDOWS
2010-01-07 05:28:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-07 05:27:50 ----D---- C:\WINDOWS\Prefetch
2010-01-07 05:27:44 ----D---- C:\Program Files
2010-01-06 20:52:03 ----D---- C:\Program Files\Warcraft III
2010-01-06 09:51:38 ----D---- C:\Program Files\Pando Networks
2010-01-06 08:36:44 ----D---- C:\Documents and Settings\Dimitri\Application Data\gtk-2.0
2010-01-06 06:44:58 ----D---- C:\WINDOWS\Minidump
2010-01-06 03:01:24 ----D---- C:\WINDOWS\system32\drivers
2009-12-30 23:57:13 ----D---- C:\WINDOWS\system32
2009-12-29 22:42:09 ----D---- C:\Program Files\Free Video Converter
2009-12-24 05:34:31 ----SHD---- C:\WINDOWS\Installer
2009-12-24 05:34:31 ----SD---- C:\Documents and Settings\Dimitri\Application Data\Microsoft
2009-12-22 21:56:57 ----D---- C:\Program Files\Common Files\Adobe
2009-12-18 09:00:11 ----D---- C:\Program Files\RPG Maker VX
2009-12-18 08:58:28 ----D---- C:\Program Files\RPG Maker 2003
2009-12-18 08:58:17 ----D---- C:\Program Files\RMXP
2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files
2009-12-10 18:32:55 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-10-17 129888]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-10-17 32048]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-23 21035]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-10 38144]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-21 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-10-25 270720]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 lxdp_device;lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [2008-02-27 594600]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [2008-02-27 98984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
info.txt:
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BattleForge™-->MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
CloudNine-->"C:\Program Files\InstallShield Installation Information\{A0CD6AEA-A97A-4C0A-80A9-D623C358273F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Combat Arms EU-->"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
DFOLauncher-->C:\Nexon\DFO\DFOLauncher.exe -uninstall?DFO
Dragonica(FR)-->C:\Program Files\gPotato.eu\Dragonica\uninst.exe
Free FLV Converter V 6.6.3-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free Video Converter V 2.1-->"C:\Program Files\Free Video Converter\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GKLauncher-->"C:\Program Files\InstallShield Installation Information\{961346DF-FE43-4392-99FC-47B1F5A882C3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Grand Chase-->C:\Ntreev\Grand Chase\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
ijji REACTOR-->"C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Lexmark Z2300 Series-->C:\Program Files\Lexmark Z2300 Series\Install\x86\Uninst.exe
LUNA Online v1.0.0-->C:\gPotato\Luna Online\uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
openCanvas3.03E Plus-->MsiExec.exe /X{7F03BDCD-E21B-4035-9FC6-9DF100006841}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Paragon Drive Backup™ 9 Personal-->MsiExec.exe /I{F8013DD1-574B-4921-A473-88A2F7A34D16}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{BE686891-3C56-4714-AFEF-341A7867BA80}\Install.exe -uninst -l0x40C
RPG Maker 2003-->C:\Program Files\RPG Maker 2003\Désinstaller.exe
Rubber Ninjas Demo 1.0-->"C:\Program Files\Rubber Ninjas Demo\unins000.exe"
S4 League_EU-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\Setup.exe" -l0x9
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tales of Pirates Online-->"C:\Program Files\Tales of Pirates Online\unins000.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: DIMITRI_MAISON
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 5868
Source Name: Tcpip
Time Written: 20091124173329.000000+060
Event Type: warning
User:
Computer Name: DIMITRI_MAISON
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 5867
Source Name: Tcpip
Time Written: 20091124170603.000000+060
Event Type: warning
User:
Computer Name: DIMITRI_MAISON
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 5866
Source Name: Tcpip
Time Written: 20091124163625.000000+060
Event Type: warning
User:
Computer Name: DIMITRI_MAISON
Event Code: 7000
Message: The lxdpCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 5847
Source Name: Service Control Manager
Time Written: 20091124142115.000000+060
Event Type: error
User:
Computer Name: DIMITRI_MAISON
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the lxdpCATSCustConnectService service to connect.
Record Number: 5846
Source Name: Service Control Manager
Time Written: 20091124142115.000000+060
Event Type: error
User:
=====Application event log=====
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 199
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031132.000000+120
Event Type:
User:
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 197
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031130.000000+120
Event Type:
User:
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 195
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031130.000000+120
Event Type:
User:
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 193
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031128.000000+120
Event Type:
User:
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 191
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031126.000000+120
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Sarken,
HS.
log.txt:
Citation :
Logfile of random's system information tool 1.06 (written by random/random)Run by Dimitri at 2010-01-07 05:32:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (49%) free of 102 GB
Total RAM: 1279 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:36, on 7/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
C:\Program Files\Lexmark Z2300 Series\ezprint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dimitri\Desktop\RSIT.exe
C:\Program Files\trend micro\Dimitri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kh-kingdom.1fr1.net/index.htm?sid=a07c9d5748347d...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Gameztar Toolbar - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9254 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
Automated Content Enhancer - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll [2009-12-15 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-30 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
Content Management Wizard - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll [2009-12-15 1323008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
Textual Content Provider - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll [2009-12-09 376832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - Gameztar Toolbar - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-03-26 794624]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-30 198160]
"lxdpmon.exe"=C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe [2008-03-27 656040]
"EzPrint"=C:\Program Files\Lexmark Z2300 Series\ezprint.exe [2008-03-27 107176]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Internet Today Task"=C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\system32\lxdpcoms.exe"="C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled
rinter Status Window Interface""C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"="C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled
rinter Device Monitor""C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Nexon\DFO\DFO.exe"="C:\Nexon\DFO\DFO.exe:*:Enabled
ungeon Fighter Online""C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Electronic Arts\BattleForge\Bootstrapper.exe"="D:\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
"D:\Electronic Arts\BattleForge\BattleForge.exe"="D:\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
"C:\Ntreev\Grand Chase\main.exe"="C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
shell\Open\command - H:\resycled\boot.com g:
======List of files/folders created in the last 1 months======
2010-01-07 05:27:44 ----D---- C:\Program Files\trend micro
2010-01-07 05:27:42 ----D---- C:\rsit
2010-01-06 12:56:12 ----D---- C:\Program Files\GameTribe
2009-12-24 05:34:29 ----D---- C:\Program Files\portalgraphics
2009-12-17 22:16:27 ----D---- C:\Program Files\QuestService
2009-12-17 22:16:27 ----D---- C:\Documents and Settings\All Users\Application Data\QuestService
2009-12-17 22:15:51 ----D---- C:\Program Files\Textual Content Provider
2009-12-17 22:15:45 ----D---- C:\Program Files\Content Management Wizard
2009-12-17 22:15:37 ----D---- C:\Program Files\Internet Today
2009-12-17 22:15:25 ----D---- C:\Program Files\Automated Content Enhancer
2009-12-17 22:15:20 ----D---- C:\Program Files\Web Search Operator
2009-12-16 15:42:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-16 15:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 19:42:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\skypePM
2009-12-15 19:40:53 ----D---- C:\Documents and Settings\Dimitri\Application Data\Skype
2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files\Skype
2009-12-15 19:31:08 ----RD---- C:\Program Files\Skype
2009-12-15 19:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-15 16:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-12-15 13:42:50 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-12-15 13:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
======List of files/folders modified in the last 1 months======
2010-01-07 05:31:53 ----D---- C:\Program Files\Mozilla Firefox
2010-01-07 05:30:46 ----D---- C:\Program Files\Common Files\Akamai
2010-01-07 05:30:32 ----D---- C:\WINDOWS\Temp
2010-01-07 05:30:27 ----A---- C:\WINDOWS\RTacDbg.txt
2010-01-07 05:30:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-07 05:30:18 ----D---- C:\WINDOWS
2010-01-07 05:28:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-07 05:27:50 ----D---- C:\WINDOWS\Prefetch
2010-01-07 05:27:44 ----D---- C:\Program Files
2010-01-06 20:52:03 ----D---- C:\Program Files\Warcraft III
2010-01-06 09:51:38 ----D---- C:\Program Files\Pando Networks
2010-01-06 08:36:44 ----D---- C:\Documents and Settings\Dimitri\Application Data\gtk-2.0
2010-01-06 06:44:58 ----D---- C:\WINDOWS\Minidump
2010-01-06 03:01:24 ----D---- C:\WINDOWS\system32\drivers
2009-12-30 23:57:13 ----D---- C:\WINDOWS\system32
2009-12-29 22:42:09 ----D---- C:\Program Files\Free Video Converter
2009-12-24 05:34:31 ----SHD---- C:\WINDOWS\Installer
2009-12-24 05:34:31 ----SD---- C:\Documents and Settings\Dimitri\Application Data\Microsoft
2009-12-22 21:56:57 ----D---- C:\Program Files\Common Files\Adobe
2009-12-18 09:00:11 ----D---- C:\Program Files\RPG Maker VX
2009-12-18 08:58:28 ----D---- C:\Program Files\RPG Maker 2003
2009-12-18 08:58:17 ----D---- C:\Program Files\RMXP
2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files
2009-12-10 18:32:55 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-10-17 129888]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-10-17 32048]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-23 21035]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-10 38144]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-21 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-10-25 270720]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 lxdp_device;lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [2008-02-27 594600]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [2008-02-27 98984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
info.txt:
Citation :
info.txt logfile of random's system information tool 1.06 2010-01-07 05:32:37======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BattleForge™-->MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
CloudNine-->"C:\Program Files\InstallShield Installation Information\{A0CD6AEA-A97A-4C0A-80A9-D623C358273F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Combat Arms EU-->"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
DFOLauncher-->C:\Nexon\DFO\DFOLauncher.exe -uninstall?DFO
Dragonica(FR)-->C:\Program Files\gPotato.eu\Dragonica\uninst.exe
Free FLV Converter V 6.6.3-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free Video Converter V 2.1-->"C:\Program Files\Free Video Converter\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GKLauncher-->"C:\Program Files\InstallShield Installation Information\{961346DF-FE43-4392-99FC-47B1F5A882C3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Grand Chase-->C:\Ntreev\Grand Chase\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
ijji REACTOR-->"C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Lexmark Z2300 Series-->C:\Program Files\Lexmark Z2300 Series\Install\x86\Uninst.exe
LUNA Online v1.0.0-->C:\gPotato\Luna Online\uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
openCanvas3.03E Plus-->MsiExec.exe /X{7F03BDCD-E21B-4035-9FC6-9DF100006841}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Paragon Drive Backup™ 9 Personal-->MsiExec.exe /I{F8013DD1-574B-4921-A473-88A2F7A34D16}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{BE686891-3C56-4714-AFEF-341A7867BA80}\Install.exe -uninst -l0x40C
RPG Maker 2003-->C:\Program Files\RPG Maker 2003\Désinstaller.exe
Rubber Ninjas Demo 1.0-->"C:\Program Files\Rubber Ninjas Demo\unins000.exe"
S4 League_EU-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\Setup.exe" -l0x9
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tales of Pirates Online-->"C:\Program Files\Tales of Pirates Online\unins000.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: DIMITRI_MAISON
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 5868
Source Name: Tcpip
Time Written: 20091124173329.000000+060
Event Type: warning
User:
Computer Name: DIMITRI_MAISON
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 5867
Source Name: Tcpip
Time Written: 20091124170603.000000+060
Event Type: warning
User:
Computer Name: DIMITRI_MAISON
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 5866
Source Name: Tcpip
Time Written: 20091124163625.000000+060
Event Type: warning
User:
Computer Name: DIMITRI_MAISON
Event Code: 7000
Message: The lxdpCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 5847
Source Name: Service Control Manager
Time Written: 20091124142115.000000+060
Event Type: error
User:
Computer Name: DIMITRI_MAISON
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the lxdpCATSCustConnectService service to connect.
Record Number: 5846
Source Name: Service Control Manager
Time Written: 20091124142115.000000+060
Event Type: error
User:
=====Application event log=====
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 199
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031132.000000+120
Event Type:
User:
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 197
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031130.000000+120
Event Type:
User:
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 195
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031130.000000+120
Event Type:
User:
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 193
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031128.000000+120
Event Type:
User:
Computer Name: DIMITRI_MAISON
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 191
Source Name: .NET Runtime Optimization Service
Time Written: 20090810031126.000000+120
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Sarken,
HS.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
/!\ Laisse travailler l'outil /!\
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Empêchement: le fichier suivant est manquant:
http://image.netenviesdemariage.com/images/12628984831l66097.png
De plus, il ne me propose pas de choisir la langue en lançant le programme, même si ça, je ne pense pas que ça soit grave.
Le message apparait après le reboot de l'ordinateur, au moment de démarrer la session. Le fond d'écran apparait, et juste avant que le bureau ne vienne, il ne veut pas démarrer Ad-Remover.
Sarken,
HS.
http://image.netenviesdemariage.com/images/12628984831l66097.png
De plus, il ne me propose pas de choisir la langue en lançant le programme, même si ça, je ne pense pas que ça soit grave.
Le message apparait après le reboot de l'ordinateur, au moment de démarrer la session. Le fond d'écran apparait, et juste avant que le bureau ne vienne, il ne veut pas démarrer Ad-Remover.
Sarken,
HS.
Citation :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Voici le rapport d'analyse:
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/01/2010 22:23:30
mbam-log-2010-01-07 (22-23-30).txt
Type de recherche: Examen rapide
Eléments examinés: 113936
Temps écoulé: 4 minute(s), 33 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 48
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 44
Fichier(s) infecté(s): 158
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Adware.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator\4.1.0.2080 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator\4.1.0.2080 (Adware.DoubleD) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_RSS.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Option_Menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS_Menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS_Menu.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\WSOpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\tcppx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\LRI.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestService\questservice110.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-221526.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-221636.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-224436.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-010516.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-035926.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-082251.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-084940.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-085446.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-091802.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-132526.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-145941.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-150818.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091227-002401.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091222-183508.431.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091222-183556.243.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091228-151653.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091228-152220.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091231-153335.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20100105-143421.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-221531.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-221636.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-224437.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-010516.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-035926.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-082253.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-084940.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-085446.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-091802.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-132526.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-145941.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_Data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_DomainExcludeList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_DomainInterval.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator\4.1.0.2080\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator\4.1.0.2080\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
Citation :
Malwarebytes' Anti-Malware 1.43Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/01/2010 22:23:30
mbam-log-2010-01-07 (22-23-30).txt
Type de recherche: Examen rapide
Eléments examinés: 113936
Temps écoulé: 4 minute(s), 33 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 48
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 44
Fichier(s) infecté(s): 158
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Adware.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator\4.1.0.2080 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator\4.1.0.2080 (Adware.DoubleD) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_RSS.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Option_Menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS_Menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS_Menu.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\WSOpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\tcppx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\LRI.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestService\questservice110.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-221526.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-221636.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091217-224436.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-010516.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-035926.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-082251.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-084940.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-085446.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-091802.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-132526.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-145941.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091218-150818.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091227-002401.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091222-183508.431.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091222-183556.243.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091228-151653.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091228-152220.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20091231-153335.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5290\NP_20100105-143421.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-221531.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-221636.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091217-224437.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-010516.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-035926.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-082253.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-084940.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-085446.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-091802.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-132526.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Customized Platform Advancer\4.1.0.1960\HJHP_20091218-145941.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_Data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_DomainExcludeList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Textual Content Provider\1.1.0.1810\Data\TP_DomainInterval.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Web Search Operator\4.1.0.2080\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maman\Local Settings\Application Data\Web Search Operator\4.1.0.2080\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
Tiens, ça fait une sensation de fraicheur, mon pc semble plus rapide x). Bref, voici le rapport log.txt:
Run by Dimitri at 2010-01-07 22:40:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (49%) free of 102 GB
Total RAM: 1279 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:50, on 7/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
C:\Program Files\Lexmark Z2300 Series\ezprint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dimitri\Desktop\RSIT.exe
C:\Program Files\trend micro\Dimitri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kh-kingdom.1fr1.net/index.htm?sid=a07c9d5748347d...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8435 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-30 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-03-26 794624]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-30 198160]
"lxdpmon.exe"=C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe [2008-03-27 656040]
"EzPrint"=C:\Program Files\Lexmark Z2300 Series\ezprint.exe [2008-03-27 107176]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\system32\lxdpcoms.exe"="C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled![:p]( ":p")
rinter Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"="C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled![:p]( ":p")
rinter Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Nexon\DFO\DFO.exe"="C:\Nexon\DFO\DFO.exe:*:Enabled![:D]( ":D")
ungeon Fighter Online"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Electronic Arts\BattleForge\Bootstrapper.exe"="D:\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
"D:\Electronic Arts\BattleForge\BattleForge.exe"="D:\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
"C:\Ntreev\Grand Chase\main.exe"="C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
shell\Open\command - H:\resycled\boot.com g:
======List of files/folders created in the last 1 months======
2010-01-07 22:15:32 ----D---- C:\Documents and Settings\Dimitri\Application Data\Malwarebytes
2010-01-07 22:15:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 22:15:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-07 05:27:44 ----D---- C:\Program Files\trend micro
2010-01-07 05:27:42 ----D---- C:\rsit
2010-01-06 12:56:12 ----D---- C:\Program Files\GameTribe
2009-12-24 05:34:29 ----D---- C:\Program Files\portalgraphics
2009-12-16 15:42:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-16 15:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 19:42:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\skypePM
2009-12-15 19:40:53 ----D---- C:\Documents and Settings\Dimitri\Application Data\Skype
2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files\Skype
2009-12-15 19:31:08 ----RD---- C:\Program Files\Skype
2009-12-15 19:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-15 16:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-12-15 13:42:50 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-12-15 13:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
======List of files/folders modified in the last 1 months======
2010-01-07 22:40:13 ----D---- C:\Program Files\Mozilla Firefox
2010-01-07 22:26:27 ----D---- C:\Program Files\Common Files\Akamai
2010-01-07 22:26:15 ----D---- C:\WINDOWS\Temp
2010-01-07 22:26:05 ----A---- C:\WINDOWS\RTacDbg.txt
2010-01-07 22:26:00 ----D---- C:\WINDOWS
2010-01-07 22:25:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-07 22:25:30 ----D---- C:\WINDOWS\system32\drivers
2010-01-07 22:24:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-07 22:24:13 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-01-07 22:23:29 ----D---- C:\Program Files
2010-01-07 22:23:04 ----D---- C:\WINDOWS\Prefetch
2010-01-07 22:06:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\gtk-2.0
2010-01-07 20:21:25 ----D---- C:\Program Files\Warcraft III
2010-01-06 09:51:38 ----D---- C:\Program Files\Pando Networks
2010-01-06 06:44:58 ----D---- C:\WINDOWS\Minidump
2009-12-30 23:57:13 ----D---- C:\WINDOWS\system32
2009-12-29 22:42:09 ----D---- C:\Program Files\Free Video Converter
2009-12-24 05:34:31 ----SHD---- C:\WINDOWS\Installer
2009-12-24 05:34:31 ----SD---- C:\Documents and Settings\Dimitri\Application Data\Microsoft
2009-12-22 21:56:57 ----D---- C:\Program Files\Common Files\Adobe
2009-12-18 09:00:11 ----D---- C:\Program Files\RPG Maker VX
2009-12-18 08:58:28 ----D---- C:\Program Files\RPG Maker 2003
2009-12-18 08:58:17 ----D---- C:\Program Files\RMXP
2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files
2009-12-10 18:32:55 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-10-17 129888]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-10-17 32048]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-23 21035]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-10 38144]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-21 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-10-25 270720]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 lxdp_device;lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [2008-02-27 594600]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [2008-02-27 98984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Sarken,
HS.
Citation :
Logfile of random's system information tool 1.06 (written by random/random)Run by Dimitri at 2010-01-07 22:40:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (49%) free of 102 GB
Total RAM: 1279 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:50, on 7/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
C:\Program Files\Lexmark Z2300 Series\ezprint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dimitri\Desktop\RSIT.exe
C:\Program Files\trend micro\Dimitri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kh-kingdom.1fr1.net/index.htm?sid=a07c9d5748347d...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8435 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-30 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-03-26 794624]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-30 198160]
"lxdpmon.exe"=C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe [2008-03-27 656040]
"EzPrint"=C:\Program Files\Lexmark Z2300 Series\ezprint.exe [2008-03-27 107176]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\system32\lxdpcoms.exe"="C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled
rinter Status Window Interface""C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"="C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled
rinter Device Monitor""C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Nexon\DFO\DFO.exe"="C:\Nexon\DFO\DFO.exe:*:Enabled
ungeon Fighter Online""C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Electronic Arts\BattleForge\Bootstrapper.exe"="D:\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
"D:\Electronic Arts\BattleForge\BattleForge.exe"="D:\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
"C:\Ntreev\Grand Chase\main.exe"="C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
shell\Open\command - H:\resycled\boot.com g:
======List of files/folders created in the last 1 months======
2010-01-07 22:15:32 ----D---- C:\Documents and Settings\Dimitri\Application Data\Malwarebytes
2010-01-07 22:15:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 22:15:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-07 05:27:44 ----D---- C:\Program Files\trend micro
2010-01-07 05:27:42 ----D---- C:\rsit
2010-01-06 12:56:12 ----D---- C:\Program Files\GameTribe
2009-12-24 05:34:29 ----D---- C:\Program Files\portalgraphics
2009-12-16 15:42:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-16 15:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 19:42:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\skypePM
2009-12-15 19:40:53 ----D---- C:\Documents and Settings\Dimitri\Application Data\Skype
2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files\Skype
2009-12-15 19:31:08 ----RD---- C:\Program Files\Skype
2009-12-15 19:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-15 16:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-12-15 13:42:50 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-12-15 13:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
======List of files/folders modified in the last 1 months======
2010-01-07 22:40:13 ----D---- C:\Program Files\Mozilla Firefox
2010-01-07 22:26:27 ----D---- C:\Program Files\Common Files\Akamai
2010-01-07 22:26:15 ----D---- C:\WINDOWS\Temp
2010-01-07 22:26:05 ----A---- C:\WINDOWS\RTacDbg.txt
2010-01-07 22:26:00 ----D---- C:\WINDOWS
2010-01-07 22:25:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-07 22:25:30 ----D---- C:\WINDOWS\system32\drivers
2010-01-07 22:24:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-07 22:24:13 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-01-07 22:23:29 ----D---- C:\Program Files
2010-01-07 22:23:04 ----D---- C:\WINDOWS\Prefetch
2010-01-07 22:06:11 ----D---- C:\Documents and Settings\Dimitri\Application Data\gtk-2.0
2010-01-07 20:21:25 ----D---- C:\Program Files\Warcraft III
2010-01-06 09:51:38 ----D---- C:\Program Files\Pando Networks
2010-01-06 06:44:58 ----D---- C:\WINDOWS\Minidump
2009-12-30 23:57:13 ----D---- C:\WINDOWS\system32
2009-12-29 22:42:09 ----D---- C:\Program Files\Free Video Converter
2009-12-24 05:34:31 ----SHD---- C:\WINDOWS\Installer
2009-12-24 05:34:31 ----SD---- C:\Documents and Settings\Dimitri\Application Data\Microsoft
2009-12-22 21:56:57 ----D---- C:\Program Files\Common Files\Adobe
2009-12-18 09:00:11 ----D---- C:\Program Files\RPG Maker VX
2009-12-18 08:58:28 ----D---- C:\Program Files\RPG Maker 2003
2009-12-18 08:58:17 ----D---- C:\Program Files\RMXP
2009-12-15 19:31:11 ----D---- C:\Program Files\Common Files
2009-12-10 18:32:55 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-10-17 129888]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-10-17 32048]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-23 21035]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-10 38144]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-21 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-10-25 270720]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 lxdp_device;lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [2008-02-27 594600]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [2008-02-27 98984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Sarken,
HS.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Voici le rapport UsbFix:
############################## | UsbFix V6.071 |
User : Dimitri (Administrators) # DIMITRI_MAISON
Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:32:25 PM | 1/7/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Sempron(tm) Processor 3400+
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk # 100 Go (49.3 Go free) [Windows] # NTFS
D:\ -> Local Fixed Disk # 298.09 Go (260.89 Go free) [Sauvegarde ] # NTFS
E:\ -> Local Fixed Disk # 54.88 Go (40.81 Go free) [AncienWin] # NTFS
F:\ -> Local Fixed Disk # 143.21 Go (100.25 Go free) [Ecole Dim] # NTFS
G:\ -> CD-ROM Disc
H:\ -> Removable Disk # 963.7 Mo (859.7 Mo free) # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 556
C:\WINDOWS\system32\csrss.exe 636
C:\WINDOWS\system32\winlogon.exe 660
C:\WINDOWS\system32\services.exe 704
C:\WINDOWS\system32\lsass.exe 716
C:\WINDOWS\system32\nvsvc32.exe 888
C:\WINDOWS\system32\svchost.exe 932
C:\WINDOWS\system32\svchost.exe 996
C:\WINDOWS\System32\svchost.exe 1096
C:\WINDOWS\system32\svchost.exe 1160
C:\WINDOWS\system32\svchost.exe 1252
C:\WINDOWS\system32\spoolsv.exe 1508
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1552
C:\WINDOWS\System32\svchost.exe 1656
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1668
C:\WINDOWS\System32\svchost.exe 1756
C:\Program Files\Java\jre6\bin\jqs.exe 1784
C:\WINDOWS\system32\lxdpcoms.exe 1908
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1920
C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1952
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2008
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 188
C:\WINDOWS\system32\svchost.exe 324
C:\Program Files\Windows Media Player\WMPNetwk.exe 680
C:\WINDOWS\Explorer.EXE 1432
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 452
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe 480
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 496
C:\WINDOWS\vVX3000.exe 572
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 596
C:\Program Files\Lexmark Z2300 Series\ezprint.exe 612
C:\WINDOWS\system32\RUNDLL32.EXE 120
C:\Program Files\Java\jre6\bin\jusched.exe 840
C:\WINDOWS\system32\ctfmon.exe 1036
C:\WINDOWS\System32\alg.exe 2504
C:\WINDOWS\system32\wuauclt.exe 2072
C:\WINDOWS\system32\wscntfy.exe 752
C:\Program Files\Mozilla Firefox\firefox.exe 2272
C:\WINDOWS\system32\wbem\wmiprvse.exe 3336
################## | Elements infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
Shell\Open\command =H:\resycled\boot.com g:
################## | Cracks > Keygens > Serials |
################## | ! Fin du rapport # UsbFix V6.071 ! |
Citation :
############################## | UsbFix V6.071 |
User : Dimitri (Administrators) # DIMITRI_MAISON
Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:32:25 PM | 1/7/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Sempron(tm) Processor 3400+
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk # 100 Go (49.3 Go free) [Windows] # NTFS
D:\ -> Local Fixed Disk # 298.09 Go (260.89 Go free) [Sauvegarde ] # NTFS
E:\ -> Local Fixed Disk # 54.88 Go (40.81 Go free) [AncienWin] # NTFS
F:\ -> Local Fixed Disk # 143.21 Go (100.25 Go free) [Ecole Dim] # NTFS
G:\ -> CD-ROM Disc
H:\ -> Removable Disk # 963.7 Mo (859.7 Mo free) # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 556
C:\WINDOWS\system32\csrss.exe 636
C:\WINDOWS\system32\winlogon.exe 660
C:\WINDOWS\system32\services.exe 704
C:\WINDOWS\system32\lsass.exe 716
C:\WINDOWS\system32\nvsvc32.exe 888
C:\WINDOWS\system32\svchost.exe 932
C:\WINDOWS\system32\svchost.exe 996
C:\WINDOWS\System32\svchost.exe 1096
C:\WINDOWS\system32\svchost.exe 1160
C:\WINDOWS\system32\svchost.exe 1252
C:\WINDOWS\system32\spoolsv.exe 1508
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1552
C:\WINDOWS\System32\svchost.exe 1656
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1668
C:\WINDOWS\System32\svchost.exe 1756
C:\Program Files\Java\jre6\bin\jqs.exe 1784
C:\WINDOWS\system32\lxdpcoms.exe 1908
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1920
C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1952
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2008
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 188
C:\WINDOWS\system32\svchost.exe 324
C:\Program Files\Windows Media Player\WMPNetwk.exe 680
C:\WINDOWS\Explorer.EXE 1432
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 452
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe 480
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 496
C:\WINDOWS\vVX3000.exe 572
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 596
C:\Program Files\Lexmark Z2300 Series\ezprint.exe 612
C:\WINDOWS\system32\RUNDLL32.EXE 120
C:\Program Files\Java\jre6\bin\jusched.exe 840
C:\WINDOWS\system32\ctfmon.exe 1036
C:\WINDOWS\System32\alg.exe 2504
C:\WINDOWS\system32\wuauclt.exe 2072
C:\WINDOWS\system32\wscntfy.exe 752
C:\Program Files\Mozilla Firefox\firefox.exe 2272
C:\WINDOWS\system32\wbem\wmiprvse.exe 3336
################## | Elements infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
Shell\Open\command =H:\resycled\boot.com g:
################## | Cracks > Keygens > Serials |
################## | ! Fin du rapport # UsbFix V6.071 ! |
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
Nouveau rapport UsbFix.txt:
############################## | UsbFix V6.071 |
User : Dimitri (Administrators) # DIMITRI_MAISON
Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:51:54 PM | 1/7/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Sempron(tm) Processor 3400+
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk # 100 Go (49.26 Go free) [Windows] # NTFS
D:\ -> Local Fixed Disk # 298.09 Go (260.89 Go free) [Sauvegarde ] # NTFS
E:\ -> Local Fixed Disk # 54.88 Go (40.81 Go free) [AncienWin] # NTFS
F:\ -> Local Fixed Disk # 143.21 Go (100.25 Go free) [Ecole Dim] # NTFS
G:\ -> CD-ROM Disc
H:\ -> Removable Disk # 963.7 Mo (859.7 Mo free) # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 552
C:\WINDOWS\system32\csrss.exe 632
C:\WINDOWS\system32\winlogon.exe 656
C:\WINDOWS\system32\services.exe 700
C:\WINDOWS\system32\lsass.exe 712
C:\WINDOWS\system32\nvsvc32.exe 896
C:\WINDOWS\system32\svchost.exe 928
C:\WINDOWS\system32\svchost.exe 992
C:\WINDOWS\System32\svchost.exe 1088
C:\WINDOWS\system32\svchost.exe 1156
C:\WINDOWS\system32\svchost.exe 1248
C:\WINDOWS\system32\logonui.exe 1288
C:\WINDOWS\system32\spoolsv.exe 1500
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1548
C:\WINDOWS\System32\svchost.exe 1644
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1660
C:\WINDOWS\System32\svchost.exe 1748
C:\Program Files\Java\jre6\bin\jqs.exe 1784
C:\WINDOWS\system32\lxdpcoms.exe 1900
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1912
C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1944
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2000
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 184
C:\WINDOWS\system32\svchost.exe 268
C:\Program Files\Windows Media Player\WMPNetwk.exe 956
C:\WINDOWS\System32\alg.exe 2156
C:\WINDOWS\system32\userinit.exe 2404
C:\WINDOWS\Explorer.EXE 2588
C:\WINDOWS\system32\wbem\wmiprvse.exe 3156
################## | Elements infectieux |
Supprimé ! C:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003
Supprimé ! E:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
Supprimé ! E:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[05/08/2009 17:54|--a------|0] C:\AUTOEXEC.BAT
[05/08/2009 17:27|---hs----|322] C:\boot.ini
[05/08/2009 17:54|--a------|0] C:\CONFIG.SYS
[04/12/2009 22:22|--a------|1164] C:\ijjiFFPlugin.log
[16/12/2009 02:31|--a------|152088] C:\img2-001.raw
[05/08/2009 17:54|-rahs----|0] C:\IO.SYS
[05/08/2009 18:38|--a------|358] C:\LogEnbWinV.txt
[05/08/2009 18:38|--a------|29] C:\LogProsType.txt
[05/08/2009 17:54|-rahs----|0] C:\MSDOS.SYS
[03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM
[07/08/2009 20:02|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[07/01/2010 23:55|--a------|3584] C:\UsbFix.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1028.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1031.txt
[07/11/2007 07:00|--a------|10134] D:\eula.1033.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1036.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1040.txt
[07/11/2007 07:00|--a------|118] D:\eula.1041.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1042.txt
[07/11/2007 07:00|--a------|17734] D:\eula.2052.txt
[07/11/2007 07:00|--a------|17734] D:\eula.3082.txt
[07/05/2009 14:07|--a------|24252] D:\Fan fiction Nameless Story.rtf
[07/11/2007 07:00|--a------|1110] D:\globdata.ini
[07/11/2007 07:00|--a------|843] D:\install.ini
[07/11/2007 07:03|--a------|76304] D:\install.res.1028.dll
[07/11/2007 07:03|--a------|96272] D:\install.res.1031.dll
[07/11/2007 07:03|--a------|91152] D:\install.res.1033.dll
[07/11/2007 07:03|--a------|97296] D:\install.res.1036.dll
[07/11/2007 07:03|--a------|95248] D:\install.res.1040.dll
[07/11/2007 07:03|--a------|81424] D:\install.res.1041.dll
[07/11/2007 07:03|--a------|79888] D:\install.res.1042.dll
[07/11/2007 07:03|--a------|75792] D:\install.res.2052.dll
[07/11/2007 07:03|--a------|96272] D:\install.res.3082.dll
[10/09/2009 17:52|--a------|440879117] D:\top_setup_2.00_20090908.exe
[07/11/2007 07:00|--a------|5686] D:\vcredist.bmp
[07/11/2007 07:09|--a------|1442522] D:\VC_RED.cab
[07/11/2007 07:12|--a------|232960] D:\VC_RED.MSI
[05/07/2009 02:03|--a------|2] E:\-663425636
[07/03/2009 11:05|--a------|0] E:\AUTOEXEC.BAT
[04/08/2009 15:10|--a------|12376] E:\avenger.txt
[04/08/2009 16:26|--a------|23095] E:\ComboFix.txt
[07/03/2009 11:05|--a------|0] E:\CONFIG.SYS
[21/07/2009 16:36|--a------|7776] E:\FindyKill.txt
[07/03/2009 11:05|-rahs----|0] E:\IO.SYS
[07/03/2009 11:05|-rahs----|0] E:\MSDOS.SYS
[21/07/2009 16:32|--a------|5403] E:\UsbFix.txt
[23/05/2008 14:39|--ah-----|4096] H:\._.Trashes
[03/04/2007 05:30|--a------|138491] H:\Informations juridiques.pdf
[24/07/1996 13:32|-ra------|43080] H:\CRESSID.TTF
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
# F:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
################## | Crack > Keygen > Serial |
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\Dimitri\Desktop\UsbFix_Upload_Me_DIMITRI_MAISON.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .
Citation :
############################## | UsbFix V6.071 |
User : Dimitri (Administrators) # DIMITRI_MAISON
Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:51:54 PM | 1/7/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Sempron(tm) Processor 3400+
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk # 100 Go (49.26 Go free) [Windows] # NTFS
D:\ -> Local Fixed Disk # 298.09 Go (260.89 Go free) [Sauvegarde ] # NTFS
E:\ -> Local Fixed Disk # 54.88 Go (40.81 Go free) [AncienWin] # NTFS
F:\ -> Local Fixed Disk # 143.21 Go (100.25 Go free) [Ecole Dim] # NTFS
G:\ -> CD-ROM Disc
H:\ -> Removable Disk # 963.7 Mo (859.7 Mo free) # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 552
C:\WINDOWS\system32\csrss.exe 632
C:\WINDOWS\system32\winlogon.exe 656
C:\WINDOWS\system32\services.exe 700
C:\WINDOWS\system32\lsass.exe 712
C:\WINDOWS\system32\nvsvc32.exe 896
C:\WINDOWS\system32\svchost.exe 928
C:\WINDOWS\system32\svchost.exe 992
C:\WINDOWS\System32\svchost.exe 1088
C:\WINDOWS\system32\svchost.exe 1156
C:\WINDOWS\system32\svchost.exe 1248
C:\WINDOWS\system32\logonui.exe 1288
C:\WINDOWS\system32\spoolsv.exe 1500
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1548
C:\WINDOWS\System32\svchost.exe 1644
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1660
C:\WINDOWS\System32\svchost.exe 1748
C:\Program Files\Java\jre6\bin\jqs.exe 1784
C:\WINDOWS\system32\lxdpcoms.exe 1900
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1912
C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1944
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2000
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 184
C:\WINDOWS\system32\svchost.exe 268
C:\Program Files\Windows Media Player\WMPNetwk.exe 956
C:\WINDOWS\System32\alg.exe 2156
C:\WINDOWS\system32\userinit.exe 2404
C:\WINDOWS\Explorer.EXE 2588
C:\WINDOWS\system32\wbem\wmiprvse.exe 3156
################## | Elements infectieux |
Supprimé ! C:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003
Supprimé ! E:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
Supprimé ! E:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-1547161642-1417001333-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-1993962763-1390067357-725345543-1003
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{1f6a9767-9805-11de-80ea-0018f30ee94d}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[05/08/2009 17:54|--a------|0] C:\AUTOEXEC.BAT
[05/08/2009 17:27|---hs----|322] C:\boot.ini
[05/08/2009 17:54|--a------|0] C:\CONFIG.SYS
[04/12/2009 22:22|--a------|1164] C:\ijjiFFPlugin.log
[16/12/2009 02:31|--a------|152088] C:\img2-001.raw
[05/08/2009 17:54|-rahs----|0] C:\IO.SYS
[05/08/2009 18:38|--a------|358] C:\LogEnbWinV.txt
[05/08/2009 18:38|--a------|29] C:\LogProsType.txt
[05/08/2009 17:54|-rahs----|0] C:\MSDOS.SYS
[03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM
[07/08/2009 20:02|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[07/01/2010 23:55|--a------|3584] C:\UsbFix.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1028.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1031.txt
[07/11/2007 07:00|--a------|10134] D:\eula.1033.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1036.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1040.txt
[07/11/2007 07:00|--a------|118] D:\eula.1041.txt
[07/11/2007 07:00|--a------|17734] D:\eula.1042.txt
[07/11/2007 07:00|--a------|17734] D:\eula.2052.txt
[07/11/2007 07:00|--a------|17734] D:\eula.3082.txt
[07/05/2009 14:07|--a------|24252] D:\Fan fiction Nameless Story.rtf
[07/11/2007 07:00|--a------|1110] D:\globdata.ini
[07/11/2007 07:00|--a------|843] D:\install.ini
[07/11/2007 07:03|--a------|76304] D:\install.res.1028.dll
[07/11/2007 07:03|--a------|96272] D:\install.res.1031.dll
[07/11/2007 07:03|--a------|91152] D:\install.res.1033.dll
[07/11/2007 07:03|--a------|97296] D:\install.res.1036.dll
[07/11/2007 07:03|--a------|95248] D:\install.res.1040.dll
[07/11/2007 07:03|--a------|81424] D:\install.res.1041.dll
[07/11/2007 07:03|--a------|79888] D:\install.res.1042.dll
[07/11/2007 07:03|--a------|75792] D:\install.res.2052.dll
[07/11/2007 07:03|--a------|96272] D:\install.res.3082.dll
[10/09/2009 17:52|--a------|440879117] D:\top_setup_2.00_20090908.exe
[07/11/2007 07:00|--a------|5686] D:\vcredist.bmp
[07/11/2007 07:09|--a------|1442522] D:\VC_RED.cab
[07/11/2007 07:12|--a------|232960] D:\VC_RED.MSI
[05/07/2009 02:03|--a------|2] E:\-663425636
[07/03/2009 11:05|--a------|0] E:\AUTOEXEC.BAT
[04/08/2009 15:10|--a------|12376] E:\avenger.txt
[04/08/2009 16:26|--a------|23095] E:\ComboFix.txt
[07/03/2009 11:05|--a------|0] E:\CONFIG.SYS
[21/07/2009 16:36|--a------|7776] E:\FindyKill.txt
[07/03/2009 11:05|-rahs----|0] E:\IO.SYS
[07/03/2009 11:05|-rahs----|0] E:\MSDOS.SYS
[21/07/2009 16:32|--a------|5403] E:\UsbFix.txt
[23/05/2008 14:39|--ah-----|4096] H:\._.Trashes
[03/04/2007 05:30|--a------|138491] H:\Informations juridiques.pdf
[24/07/1996 13:32|-ra------|43080] H:\CRESSID.TTF
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
# F:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
################## | Crack > Keygen > Serial |
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\Dimitri\Desktop\UsbFix_Upload_Me_DIMITRI_MAISON.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .
Tutoriel : Scanner le(s) disque(s) dur(s)
Scan fini, voici le rapport:
Avira AntiVir Personal
Report file date: vendredi 8 janvier 2010 00:13
Scanning for 1508687 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DIMITRI_MAISON
Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 12/8/2009 20:23:41
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 20:53:09
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 20:54:40
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 20:54:40
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 20:54:41
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 20:54:41
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 20:54:41
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 20:54:41
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 20:54:41
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 20:54:42
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 20:54:42
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 20:54:42
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 20:54:42
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 20:54:42
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 20:20:40
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 20:20:57
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 20:21:20
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 20:21:53
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 20:21:57
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 20:22:32
VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 20:22:53
VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 20:22:59
VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 18:33:21
VBASE022.VDF : 7.10.2.132 2048 Bytes 1/7/2010 18:33:21
VBASE023.VDF : 7.10.2.133 2048 Bytes 1/7/2010 18:33:21
VBASE024.VDF : 7.10.2.134 2048 Bytes 1/7/2010 18:33:21
VBASE025.VDF : 7.10.2.135 2048 Bytes 1/7/2010 18:33:21
VBASE026.VDF : 7.10.2.136 2048 Bytes 1/7/2010 18:33:21
VBASE027.VDF : 7.10.2.137 2048 Bytes 1/7/2010 18:33:22
VBASE028.VDF : 7.10.2.138 2048 Bytes 1/7/2010 18:33:22
VBASE029.VDF : 7.10.2.139 2048 Bytes 1/7/2010 18:33:22
VBASE030.VDF : 7.10.2.140 2048 Bytes 1/7/2010 18:33:22
VBASE031.VDF : 7.10.2.144 98816 Bytes 1/7/2010 18:33:23
Engineversion : 8.2.1.130
AEVDF.DLL : 8.1.1.2 106867 Bytes 9/16/2009 05:13:38
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/5/2010 18:34:03
AESCN.DLL : 8.1.3.0 127348 Bytes 12/10/2009 20:22:12
AESBX.DLL : 8.1.1.1 246132 Bytes 11/24/2009 20:55:10
AERDL.DLL : 8.1.3.4 479605 Bytes 12/1/2009 20:21:01
AEPACK.DLL : 8.2.0.4 422263 Bytes 1/5/2010 18:33:54
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 08:59:39
AEHEUR.DLL : 8.1.0.192 2195833 Bytes 1/5/2010 18:33:47
AEHELP.DLL : 8.1.9.0 237943 Bytes 12/16/2009 20:22:01
AEGEN.DLL : 8.1.1.83 369014 Bytes 1/5/2010 18:33:30
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/7/2009 14:52:49
AECORE.DLL : 8.1.9.1 180598 Bytes 12/10/2009 20:22:12
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 12/8/2009 20:23:41
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 12/8/2009 20:23:41
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: vendredi 8 janvier 2010 00:13
Starting search for hidden objects.
'42621' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'lxdpcoms.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
C:\WINDOWS\system32\wini.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
The registry was scanned ( '58' files ).
Starting the file scan:
Begin scan in 'C:\' <Windows>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\39\6cfeb967-3bca1bab
[0] Archive type: ZIP
--> myf/y/PayloadX.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.AD Java virus
C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\63\74c64fbf-79077aca
[0] Archive type: ZIP
--> Inicio.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.D Java virus
C:\Documents and Settings\Dimitri\Desktop\AD-R.exe
[0] Archive type: NSIS
--> ProgramFilesDir/List.dat
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Mozilla\Firefox\Profiles\funp17i4.default\Cache\3238B50Fd01
[0] Archive type: NSIS
--> ProgramFilesDir/List.dat
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
C:\Documents and Settings\Dimitri\My Documents\rmxp_1.01_fr_Bodom_RaBBi.rar
[0] Archive type: RAR
--> rmxp_1.0.0.1_fr_Bodom_RaBBi.exe
[DETECTION] Contains recognition pattern of the DR/Genome.esg dropper
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040635.exe
[DETECTION] Is the TR/Copiet.B.1 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040645.exe
[0] Archive type: CAB SFX (self extracting)
--> Graphics\Animations\002-Action02.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040702.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040704.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040714.rbf
[DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040715.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040716.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040717.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040719.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040721.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040722.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040724.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040738.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040754.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.1 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP70\A0042053.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.15 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050692.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050693.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050694.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050696.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050698.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050699.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050700.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050701.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050702.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050703.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050704.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050705.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050707.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050708.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050709.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050710.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050711.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050712.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050713.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050715.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050716.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050717.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050718.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050719.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050720.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\wini.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'D:\' <Sauvegarde >
Begin scan in 'E:\' <AncienWin>
E:\_OTM\MovedFiles\08042009_153111\Documents and Settings\All Users\Application Data\19471254\19471254.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
E:\_OTM\MovedFiles\08042009_153111\WINDOWS\TEMP\hrevftbnnb.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'F:\' <Ecole Dim>
Beginning disinfection:
C:\WINDOWS\system32\wini.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4bb48ac8.qua'!
C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\39\6cfeb967-3bca1bab
[NOTE] The file was moved to '4bac8ac2.qua'!
C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\63\74c64fbf-79077aca
[NOTE] The file was moved to '4ba98a93.qua'!
C:\Documents and Settings\Dimitri\Desktop\AD-R.exe
[NOTE] The file was moved to '4b738aa3.qua'!
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Mozilla\Firefox\Profiles\funp17i4.default\Cache\3238B50Fd01
[NOTE] The file was moved to '4b798a91.qua'!
C:\Documents and Settings\Dimitri\My Documents\rmxp_1.01_fr_Bodom_RaBBi.rar
[NOTE] The file was moved to '4bbe8acd.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040635.exe
[DETECTION] Is the TR/Copiet.B.1 Trojan
[NOTE] The file was moved to '4b768a90.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040702.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4808be91.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040704.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '48f6c901.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040714.rbf
[DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
[NOTE] The file was moved to '480d9639.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040715.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '480ba6a9.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040716.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4af51959.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040717.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4af6f6e1.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040719.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4809b159.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040721.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4b768a91.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040722.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
[NOTE] The file was moved to '48f4c1f2.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040724.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '48f5d9ba.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040738.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4b768a92.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040754.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.1 Trojan
[NOTE] The file was moved to '48f3e82b.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP70\A0042053.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.15 Trojan
[NOTE] The file was moved to '48f0e013.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050692.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f1f8db.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050693.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b768a93.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050694.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ff0b4c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050696.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48fc0334.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050698.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48fd1bfc.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050699.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48fa13a4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050700.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48fb2a6c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050701.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f82254.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050702.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f93a1c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050703.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e632c4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050704.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e74a8c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050705.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e44d74.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050707.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e5453c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050708.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e25de4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050709.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e355ac.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050710.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e06d94.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050711.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e1645c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050712.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ee7c04.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050713.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ef74cc.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050715.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ed8cb4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050716.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ea877c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050717.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48eb9f24.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050718.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e897ec.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050719.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e9afd4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050720.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48d6a79c.qua'!
C:\WINDOWS\system32\wini.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
E:\_OTM\MovedFiles\08042009_153111\Documents and Settings\All Users\Application Data\19471254\19471254.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b7a8ab5.qua'!
E:\_OTM\MovedFiles\08042009_153111\WINDOWS\TEMP\hrevftbnnb.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bab8aef.qua'!
End of the scan: vendredi 8 janvier 2010 02:29
Used time: 2:15:42 Hour(s)
The scan has been done completely.
16598 Scanned directories
737931 Files were scanned
48 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
47 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
737882 Files not concerned
7846 Archives were scanned
4 Warnings
49 Notes
42621 Objects were scanned with rootkit scan
0 Hidden objects were found
Citation :
Avira AntiVir Personal
Report file date: vendredi 8 janvier 2010 00:13
Scanning for 1508687 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DIMITRI_MAISON
Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 12/8/2009 20:23:41
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 20:53:09
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 20:54:40
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 20:54:40
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 20:54:41
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 20:54:41
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 20:54:41
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 20:54:41
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 20:54:41
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 20:54:42
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 20:54:42
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 20:54:42
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 20:54:42
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 20:54:42
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 20:20:40
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 20:20:57
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 20:21:20
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 20:21:53
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 20:21:57
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 20:22:32
VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 20:22:53
VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 20:22:59
VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 18:33:21
VBASE022.VDF : 7.10.2.132 2048 Bytes 1/7/2010 18:33:21
VBASE023.VDF : 7.10.2.133 2048 Bytes 1/7/2010 18:33:21
VBASE024.VDF : 7.10.2.134 2048 Bytes 1/7/2010 18:33:21
VBASE025.VDF : 7.10.2.135 2048 Bytes 1/7/2010 18:33:21
VBASE026.VDF : 7.10.2.136 2048 Bytes 1/7/2010 18:33:21
VBASE027.VDF : 7.10.2.137 2048 Bytes 1/7/2010 18:33:22
VBASE028.VDF : 7.10.2.138 2048 Bytes 1/7/2010 18:33:22
VBASE029.VDF : 7.10.2.139 2048 Bytes 1/7/2010 18:33:22
VBASE030.VDF : 7.10.2.140 2048 Bytes 1/7/2010 18:33:22
VBASE031.VDF : 7.10.2.144 98816 Bytes 1/7/2010 18:33:23
Engineversion : 8.2.1.130
AEVDF.DLL : 8.1.1.2 106867 Bytes 9/16/2009 05:13:38
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/5/2010 18:34:03
AESCN.DLL : 8.1.3.0 127348 Bytes 12/10/2009 20:22:12
AESBX.DLL : 8.1.1.1 246132 Bytes 11/24/2009 20:55:10
AERDL.DLL : 8.1.3.4 479605 Bytes 12/1/2009 20:21:01
AEPACK.DLL : 8.2.0.4 422263 Bytes 1/5/2010 18:33:54
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 08:59:39
AEHEUR.DLL : 8.1.0.192 2195833 Bytes 1/5/2010 18:33:47
AEHELP.DLL : 8.1.9.0 237943 Bytes 12/16/2009 20:22:01
AEGEN.DLL : 8.1.1.83 369014 Bytes 1/5/2010 18:33:30
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/7/2009 14:52:49
AECORE.DLL : 8.1.9.1 180598 Bytes 12/10/2009 20:22:12
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 12/8/2009 20:23:41
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 12/8/2009 20:23:41
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: vendredi 8 janvier 2010 00:13
Starting search for hidden objects.
'42621' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'lxdpcoms.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
C:\WINDOWS\system32\wini.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
The registry was scanned ( '58' files ).
Starting the file scan:
Begin scan in 'C:\' <Windows>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\39\6cfeb967-3bca1bab
[0] Archive type: ZIP
--> myf/y/PayloadX.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.AD Java virus
C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\63\74c64fbf-79077aca
[0] Archive type: ZIP
--> Inicio.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.D Java virus
C:\Documents and Settings\Dimitri\Desktop\AD-R.exe
[0] Archive type: NSIS
--> ProgramFilesDir/List.dat
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Mozilla\Firefox\Profiles\funp17i4.default\Cache\3238B50Fd01
[0] Archive type: NSIS
--> ProgramFilesDir/List.dat
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
C:\Documents and Settings\Dimitri\My Documents\rmxp_1.01_fr_Bodom_RaBBi.rar
[0] Archive type: RAR
--> rmxp_1.0.0.1_fr_Bodom_RaBBi.exe
[DETECTION] Contains recognition pattern of the DR/Genome.esg dropper
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040635.exe
[DETECTION] Is the TR/Copiet.B.1 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040645.exe
[0] Archive type: CAB SFX (self extracting)
--> Graphics\Animations\002-Action02.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040702.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040704.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040714.rbf
[DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040715.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040716.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040717.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040719.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040721.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040722.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040724.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040738.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040754.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.1 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP70\A0042053.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.15 Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050692.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050693.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050694.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050696.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050698.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050699.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050700.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050701.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050702.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050703.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050704.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050705.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050707.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050708.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050709.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050710.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050711.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050712.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050713.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050715.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050716.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050717.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050718.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050719.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050720.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\wini.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'D:\' <Sauvegarde >
Begin scan in 'E:\' <AncienWin>
E:\_OTM\MovedFiles\08042009_153111\Documents and Settings\All Users\Application Data\19471254\19471254.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
E:\_OTM\MovedFiles\08042009_153111\WINDOWS\TEMP\hrevftbnnb.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'F:\' <Ecole Dim>
Beginning disinfection:
C:\WINDOWS\system32\wini.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4bb48ac8.qua'!
C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\39\6cfeb967-3bca1bab
[NOTE] The file was moved to '4bac8ac2.qua'!
C:\Documents and Settings\Dimitri\Application Data\Sun\Java\Deployment\cache\6.0\63\74c64fbf-79077aca
[NOTE] The file was moved to '4ba98a93.qua'!
C:\Documents and Settings\Dimitri\Desktop\AD-R.exe
[NOTE] The file was moved to '4b738aa3.qua'!
C:\Documents and Settings\Dimitri\Local Settings\Application Data\Mozilla\Firefox\Profiles\funp17i4.default\Cache\3238B50Fd01
[NOTE] The file was moved to '4b798a91.qua'!
C:\Documents and Settings\Dimitri\My Documents\rmxp_1.01_fr_Bodom_RaBBi.rar
[NOTE] The file was moved to '4bbe8acd.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040635.exe
[DETECTION] Is the TR/Copiet.B.1 Trojan
[NOTE] The file was moved to '4b768a90.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040702.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4808be91.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040704.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '48f6c901.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040714.rbf
[DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
[NOTE] The file was moved to '480d9639.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040715.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '480ba6a9.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040716.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4af51959.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040717.rbf
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4af6f6e1.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040719.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4809b159.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040721.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4b768a91.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040722.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.16 Trojan
[NOTE] The file was moved to '48f4c1f2.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040724.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '48f5d9ba.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040738.exe
[DETECTION] Is the TR/Dldr.Agent.cxye Trojan
[NOTE] The file was moved to '4b768a92.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP69\A0040754.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.1 Trojan
[NOTE] The file was moved to '48f3e82b.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP70\A0042053.exe
[DETECTION] Is the TR/Dldr.Agent.cxyf.15 Trojan
[NOTE] The file was moved to '48f0e013.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050692.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f1f8db.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050693.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b768a93.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050694.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ff0b4c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050696.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48fc0334.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050698.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48fd1bfc.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050699.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48fa13a4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050700.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48fb2a6c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050701.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f82254.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050702.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f93a1c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050703.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e632c4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050704.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e74a8c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050705.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e44d74.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050707.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e5453c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050708.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e25de4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050709.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e355ac.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050710.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e06d94.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050711.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e1645c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050712.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ee7c04.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050713.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ef74cc.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050715.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ed8cb4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050716.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ea877c.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050717.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48eb9f24.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050718.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e897ec.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050719.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e9afd4.qua'!
C:\System Volume Information\_restore{995B4E5D-4982-4846-9396-E2CF43D75EFC}\RP80\A0050720.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48d6a79c.qua'!
C:\WINDOWS\system32\wini.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
E:\_OTM\MovedFiles\08042009_153111\Documents and Settings\All Users\Application Data\19471254\19471254.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b7a8ab5.qua'!
E:\_OTM\MovedFiles\08042009_153111\WINDOWS\TEMP\hrevftbnnb.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bab8aef.qua'!
End of the scan: vendredi 8 janvier 2010 02:29
Used time: 2:15:42 Hour(s)
The scan has been done completely.
16598 Scanned directories
737931 Files were scanned
48 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
47 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
737882 Files not concerned
7846 Archives were scanned
4 Warnings
49 Notes
42621 Objects were scanned with rootkit scan
0 Hidden objects were found
Merci, mais mon système d'exploitation est en anglais et je préfère donc laisser comme tel, histoire de m'habituer. Et j'ai une très bonne compréhension à la lecture anglophone, donc ça ne me pose aucun soucis.
Quant au problème en lui-même, étant donné que le truc était qu'il revienne à chaque fois, je vais attendre 24h avant de juger si c'est réglé.
merci encore et donc à dans 24h.
( ps: les deux modules Firefox suspects sont déjà partis, c'est déjà ça de fait. Pour les trois spy/malware, voyons s'ils reviennent ).
Normalement, je pense que si à 22h, le problème n'est plus là, ça devrait être bon.
Donc, à tout l'heure ^^.
Encore merci ( je sais, je me répète ),
Sarken,
HS.
Quant au problème en lui-même, étant donné que le truc était qu'il revienne à chaque fois, je vais attendre 24h avant de juger si c'est réglé.
merci encore et donc à dans 24h.
( ps: les deux modules Firefox suspects sont déjà partis, c'est déjà ça de fait. Pour les trois spy/malware, voyons s'ils reviennent ).
Normalement, je pense que si à 22h, le problème n'est plus là, ça devrait être bon.
Donc, à tout l'heure ^^.
Encore merci ( je sais, je me répète ),
Sarken,
HS.
1/
Désinstalle HijackThis.
Télécharge ToolsCleaner2 sur ton Bureau.
Double-clique sur ToolsCleaner2.exe pour le lancer.
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options Facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2/
Télécharge et installe CCleaner Slim.
Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.
3/
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
==Prévention==
Pour supprimer les popups d'AntiVir : Lien
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
Clique, dans ton premier message, sur le bouton Editer ![]()
.
Ajoute la mention [Résolu] devant le titre.
Clique ensuite sur Valider votre message.
Sois plus vigilant(e) sur Internet![;)]( ";)")
2/
3/
==Prévention==
Pour supprimer les popups d'AntiVir : Lien
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
.Sois plus vigilant(e) sur Internet
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forum[résolu]1and1: Erreur 500 : erreur interne du serveur !
- Forum[Résolu] Enumérateur périphérique plug-and-play
- Forum[RESOLU] Windows 7 recovery, Analysing PC Performance and stability ??
- Forum[Résolu] C-5-ads-host and co...
- Forum[Résolu] Recherche chanson "you and I"
- ForumInfecté par winantivirus, drivecleaner and co...[résolu!]
- Forum[Résolu] Reduction de loyer: APL and Co
- ForumSPYAXE and Co... Au secours !! - RESOLU
