malware defence Fermé

Question

Bonjour, à tous surtout à "moment de grâce". Je viens de voir les messages qu'il a posté concernant le même sujet sur le programme malware décence. 

J'ai suivi toute les instruction qu'il a demandé.

Donc je poste les résultat du test RSIT ( Premier test): PREMIER MESSAGE
Le résultat du test Kill'em (mode analyse): Deuxième message 
Le résultat su test kill'em (mode destruction): troisième message

simoncoutu · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by titouss at 2009-12-25 21:19:03
Microsoft® Windows Vista™ Édition Familiale Premium  
System drive C: has 439 MB (1%) free of 76 GB
Total RAM: 2047 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:05, on 25/12/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32undll32.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Windows\System32undll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users	itouss\AppData\Local\Tempichtx64.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users	itouss\AppData\Local\Temp\wscsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malware Defense\mdefense.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32
otepad.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Users	itouss\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro	itouss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll (file missing)
O2 - BHO: adssite - {bf997e78-651f-8c95-d6df-3cc9e49f223d} - C:\Windows\system32\278375cc-8ac1-7d7f-a437-81bcede0d6ba.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar	oolbar.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Internet Security Service] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [systems] c:\windows\inf\svchost.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\Users	itouss\AppData\Local\Tempichtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

simoncoutu · Answer

List'em by g3n-h@ckm@n 1.1.6.1 

Thx to Chiquitine29.....& CCM team 

User : titouss (Administrateurs) # SIMON
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30 
Start at: 21:07:54 | 25/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU     T5250  @ 1.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6000 32-bit) # 
Internet Explorer 7.0.6000.16945
Windows Firewall Status : Enabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

C:\ -> Disque fixe local | 74,52 Go (439,38 Mo free) [VistaOS] | NTFS
D:\ -> Disque fixe local | 67,69 Go (6,78 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\Windows\System32\smss.exe 456
C:\Windows\system32\csrss.exe 520
C:\Windows\system32\wininit.exe 580
C:\Windows\system32\csrss.exe 592
C:\Windows\system32\services.exe 624
C:\Windows\system32\lsass.exe 636
C:\Windows\system32\lsm.exe 644
C:\Windows\system32\svchost.exe 776
C:\Windows\system32\svchost.exe 852
C:\Windows\System32\svchost.exe 888
C:\Windows\system32\svchost.exe 932
C:\Windows\System32\svchost.exe 948
C:\Windows\system32\winlogon.exe 976
C:\Windows\System32\svchost.exe 1148
C:\Windows\System32\svchost.exe 1188
C:\Windows\system32\SLsvc.exe 1324
C:\Windows\system32\svchost.exe 1372
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 1688
C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1704
C:\Program Files\ATKGFNEX\GFNEXSrv.exe 1716
C:\Windows\System32\spoolsv.exe 1796
C:\Windows\system32\WLANExt.exe 1816
C:\Windows\system32\svchost.exe 1828
C:\Windows\system32\Dwm.exe 1844
C:\Windows\Explorer.EXE 1920
C:\Windows\system32	askeng.exe 1624
C:\Program Files\ASUS\ASUS Live Update\ALU.exe 1176
C:\Program Files\Spyware Doctor\SDTrayApp.exe 772
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2100
C:\Program Files\ATK Hotkey\Hcontrol.exe 2116
C:\Program Files\ATKOSD2\ATKOSD2.exe 2124
C:\Program Files\Wireless Console 2\wcourier.exe 2132
C:\Program Files\ASUS\Splendid\ACMON.exe 2140
C:\Program Files\P4G\BatteryLife.exe 2148
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2168
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2184
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 2212
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 2236
C:\Windows\RtHDVCpl.exe 2244
C:\Program Files\PowerForPhone\PowerForPhone.exe 2280
C:\Windows\System32undll32.exe 2356
C:\Program Files\ATK Hotkey\ATKOSD.exe 2420
C:\Windows\System32\ACEngSvr.exe 2464
C:\Program Files\iTunes\iTunesHelper.exe 2484
C:\Program Files\Nero\Nero 7\InCD\InCD.exe 2504
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2544
C:\Program Files\ASUS\ATK Media\DMedia.exe 2572
C:\Windows\ASScrPro.exe 2592
C:\Windows\System32undll32.exe 2608
C:\Program Files\DAEMON Tools Lite\daemon.exe 2752
C:\Windows\ehome\ehtray.exe 2932
C:\Program Files\Windows Media Player\wmpnscfg.exe 2940
C:\Users	itouss\AppData\Local\Tempichtx64.exe 2952
C:\Windows\ehome\ehmsas.exe 3000
C:\Program Files\Spyware Doctor\swdoctor.exe 3084
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 3196
C:\Program Files\Bonjour\mDNSResponder.exe 3272
C:\Windows\system32\svchost.exe 3284
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 3316
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 3452
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 3504
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 3524
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3556
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 3576
C:\Windows\system32\svchost.exe 3632
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 3696
C:\Program Files\Spyware Doctor\svcntaux.exe 3716
C:\Program Files\Spyware Doctor\swdsvc.exe 3756
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 3848
C:\Windows\system32\svchost.exe 3880
C:\Windows\System32\svchost.exe 3932
C:\Windows\system32\SearchIndexer.exe 3972
C:\Users	itouss\AppData\Local\Temp\wscsvc32.exe 2896
C:\Program Files\Windows Media Player\wmpnetwk.exe 1848
C:\Program Files\iPod\bin\iPodService.exe 1496
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe 2908
C:\Windows\system32\wuauclt.exe 4344
C:\Program Files\Malware Defense\mdefense.exe 5356
C:\Windows\system32\conime.exe 5548
C:\Program Files\Mozilla Firefox\firefox.exe 4704
C:\Windows\system32\wbem\wmiprvse.exe 2196
C:\Windows\system32\NOTEPAD.EXE 5996
C:\Program Files\Internet Explorer\Iexplore.exe 5420
C:\Windows\system32\SearchProtocolHost.exe 5396
C:\Windows\system32\SearchFilterHost.exe 4116
C:\Program Files\List_Kill'em\List_Kill'em.exe 5256
C:\Windows\system32\cmd.exe 6084
C:\Users	itouss\AppData\Local\Temp\CD4E.tmp\pv.exe 5148

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DAEMON Tools Lite	REG_SZ         	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Internet Security Service	REG_SZ         	c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
ehTray.exe	REG_SZ         	C:\Windows\ehome\ehTray.exe
systems	REG_SZ         	c:\windows\inf\svchost.exe
WMPNSCFG	REG_SZ         	C:\Program Files\Windows Media Player\WMPNSCFG.exe
richtx64.exe	REG_SZ         	C:\Users	itouss\AppData\Local\Tempichtx64.exe
Malware Defense	REG_SZ         	"C:\Program Files\Malware Defense\mdefense.exe" -noscan

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
SDTray	REG_SZ         	"C:\Program Files\Spyware Doctor\SDTrayApp.exe" 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
Symantec PIF AlertEng	REG_SZ         	"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" 
GrooveMonitor	REG_SZ         	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" 
SynTPEnh	REG_SZ         	C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" 
SpywareTerminator	REG_SZ         	"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" 
SMSERIAL	REG_SZ         	C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 
RtHDVCpl	REG_SZ         	RtHDVCpl.exe 
PowerForPhone	REG_SZ         	C:\Program Files\PowerForPhone\PowerForPhone.exe 
NvSvc	REG_SZ         	RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart 
NvMediaCenter	REG_SZ         	RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit 
NvCplDaemon	REG_SZ         	RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup 
NeroFilterCheck	REG_SZ         	C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe 
iTunesHelper	REG_SZ         	"C:\Program Files\iTunes\iTunesHelper.exe" 
InCD	REG_SZ         	C:\Program Files\Nero\Nero 7\InCD\InCD.exe 
IAAnotif	REG_SZ         	"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" 
ATKMEDIA	REG_SZ         	C:\Program Files\ASUS\ATK Media\DMEDIA.EXE 
ASUS Screen Saver Protector	REG_SZ         	C:\Windows\ASScrPro.exe 
ASUS Camera ScreenSaver	REG_SZ         	C:\Windows\ASScrProlog.exe 
Windows Defender	REG_SZ         	%ProgramFiles%\Windows Defender\MSASCui.exe -hide 
QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\QTTask.exe" -atboottime 
ORAHSSSessionManager	REG_SZ         	C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
ConsentPromptBehaviorAdmin	REG_DWORD      	2 (0x2) 
ConsentPromptBehaviorUser	REG_DWORD      	1 (0x1) 
EnableInstallerDetection	REG_DWORD      	1 (0x1) 
EnableLUA	REG_DWORD      	0 (0x0) 
EnableSecureUIAPaths	REG_DWORD      	1 (0x1) 
EnableVirtualization	REG_DWORD      	1 (0x1) 
PromptOnSecureDesktop	REG_DWORD      	1 (0x1) 
ValidateAdminCodeSignatures	REG_DWORD      	0 (0x0) 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
scforceoption	REG_DWORD      	0 (0x0) 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
FilterAdministratorToken	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD}	REG_SZ         	Groove GFS Stub Execution Hook 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe	REG_SZ         	C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

=============== 
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf997e78-651f-8c95-d6df-3cc9e49f223d}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.asus.com/fr/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
Wlansvc : 0x2 
SharedAccess : 0x3 
windefend : 0x2 
wuauserv : 0x2 
wscsvc : 0x4 

=========
 

D:\Autorun.inf :
----------------
[autorun]
shellexecute=wscript.exe MS32DLL.dll.vbs
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\ProgramData\Desktop  
C:\ProgramData\Documents  
C:\Program Files\Adssite Advanced Toolbar  
C:\Program Files\Adssite Games Collection  
C:\Program Files\Everest Poker  
C:\Program Files\Malware Defense  
C:\Program Files\Mozilla Firefox\components
sBrowserOpt.dll  
C:\Windows\System32\adssite-remove.exe  
C:\Windows\System32\cont_adssite-remove.exe  
C:\Windows\System32\adssite-remove.exe  
C:\Windows\System32\drivers\etc\hosts.msn  
C:\Windows\system32\krl32mainweq.dll  
C:\Windows\System32
vs2.inf  
C:\Windows\System32ightonadz-uninst.exe  
C:\Users	itouss\LOCAL Settings\Temp\aupd.exe  
C:\Users	itouss\LOCAL Settings\Temp\CTun.exe  
C:\Users	itouss\LOCAL Settings\Temp\d2l_Install.exe  
C:\Users	itouss\LOCAL Settings\Temp\EBU2298.exe  
C:\Users	itouss\LOCAL Settings\Temp\EBUA3C8.exe  
C:\Users	itouss\LOCAL Settings\Temp\Install.exe  
C:\Users	itouss\LOCAL Settings\Temp\Install_WLMessenger.exe  
C:\Users	itouss\LOCAL Settings\Temp\msnsearch.exe  
C:\Users	itouss\LOCAL Settings\Temp
ircmd.exe  
C:\Users	itouss\LOCAL Settings\Temp\NSIS_SpywareSecure_trial_setup.exe  
C:\Users	itouss\LOCAL Settings\Temp\pv.exe  
C:\Users	itouss\LOCAL Settings\Tempichtx64.exe  
C:\Users	itouss\LOCAL Settings\Temp\s3fk.4.exe  
C:\Users	itouss\LOCAL Settings\Temp\vfind.exe  
C:\Users	itouss\LOCAL Settings\Temp\war3_install.exe  
C:\Users	itouss\LOCAL Settings\Temp\wscsvc32.exe  
C:\Users	itouss\LOCAL Settings\Temp\xyeoxm6a.exe  
C:\Users	itouss\LOCAL Settings\Temp\~cln4D68.exe  
C:\Users	itouss\LOCAL Settings\Temp\INSTALL.EXE  
C:\Users	itouss\local settings\Temp\pack.epk  
C:\Users	itouss\LOCAL Settings\Temp	mp104D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp104E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp104F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1050.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp10F4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp10F5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp10F6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp10F7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1100.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1101.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1102.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1103.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1104.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1105.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1106.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1113.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp111F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1120.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1121.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1122.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp11A0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp11A1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp11A2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp11A3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp11BC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp11BD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp11BE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp11BF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1232.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1233.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1234.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1235.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp125C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp125D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp125E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp125F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp126E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp126F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1270.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1271.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1277.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1278.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1279.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp127A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1332.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1333.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1334.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1335.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1363.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1364.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1365.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1366.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1382.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1383.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1384.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1385.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp139F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13A0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13A1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13A2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13B3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13B4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13B5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13B6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13B7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13B8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13B9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13BA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13BB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13BC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13BD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13BE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13BF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13C0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13C1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13D0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13D1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13D2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13D3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13D4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13D5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13D6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13E4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13E5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13E6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13E7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13E8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp13E9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1439.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1450.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1459.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp145A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp145B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1461.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1462.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1463.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp149D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp149E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp149F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp14A0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1563.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1564.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1575.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1576.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1586.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1587.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1588.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1599.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp15DB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp15DC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp15DD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp15DE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp161D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp161E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp161F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1620.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1621.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1641.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1642.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1653.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1654.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1655.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1656.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1657.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1658.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1659.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp165A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp165B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp165C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp165D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp165E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp165F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp16F2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp16F3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp16F4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp16F5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp16F9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp170A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp170B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp170C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp17A0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp17A1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp17A2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp17A3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1852.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1865.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1866.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1867.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1877.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1880.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1881.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1882.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1883.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18BA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18BB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18BC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18BD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18CA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18CB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18CC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18CD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18CE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18CF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18D0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp18F0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp195A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp195B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp195C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp195D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp195E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp195F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1960.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1961.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1962.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1963.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1964.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1965.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1966.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1972.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1973.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1974.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1975.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1976.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1977.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1978.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1988.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1989.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp198A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp198B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp198C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp198D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp199D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp199E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp199F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19B8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19B9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19BA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19C3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19C4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19C5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19C6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19D3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19D4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19D5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp19D6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1A3E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1A4E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1A4F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1A60.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1A79.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1A7A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1A7B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1A7C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1B6B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1B6C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1B6D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1B7D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1CC4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1CC5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1CC6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1CC7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D26.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D27.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D28.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D29.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D2A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D4A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D4B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D4C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D4D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D4E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D58.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D5E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D5F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D60.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D61.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D62.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D63.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D64.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D65.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D66.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D67.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D88.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D89.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D8A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1D8B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DAA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DAB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DAC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DAD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DBC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DBD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DDE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DDF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DF9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DFA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DFB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1DFC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E1C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E1D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E1E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E1F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E22.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E23.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E24.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E25.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E26.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E27.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E28.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E29.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E2A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E2B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E2C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E2D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E30.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E31.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E32.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E33.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E3E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E3F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E40.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E41.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E42.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E43.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E44.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E45.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E46.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E47.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E48.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E49.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E4A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E58.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E59.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E5A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1E8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1EEA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1EEB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1EEC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1EED.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F0E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F0F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F10.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F11.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F12.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F13.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F14.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F15.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1F92.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FA2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FA3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FB4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FFC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FFD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FFE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp1FFF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp200.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp202A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp202B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp202C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp202D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp203F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2040.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2041.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2042.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2053.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2054.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2055.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2056.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2063.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2064.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2065.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2066.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2067.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2077.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2078.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2079.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2090.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2091.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2092.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2093.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2094.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2095.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2096.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2097.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp211D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp211E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp211F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2120.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2143.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2144.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2145.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2146.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2175.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2176.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2177.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2178.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2200.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2201.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2202.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2203.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2237.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2238.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2239.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp223A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2256.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2257.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2258.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2259.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp225A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp225B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp225C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp225D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp225E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp225F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2260.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2261.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp227B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp227C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp227D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp227E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2371.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2372.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2373.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2374.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp238E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp238F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2390.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2391.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp23DC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp23DD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp23DE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp23DF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp247.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp248.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp249.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp24C8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp24C9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp24CA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp24CB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp24EE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp24EF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp24F0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp24F1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp253C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp253D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp253E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp253F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2540.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2541.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2542.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2543.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp254B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp254C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp255D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp255E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp25A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp26.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2603.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2604.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2605.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2606.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2749.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp274A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp274B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp274C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp274D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp274E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp274F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2750.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2761.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp276D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp276E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp276F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2770.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2771.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2772.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2773.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2784.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2785.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2786.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp278D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp278E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp278F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2790.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2791.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2792.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2793.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2794.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2797.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2798.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2799.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp279A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp279B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27E3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27E4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27E5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27E6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27FB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27FC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27FD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp27FE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2809.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp282A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp282B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp282C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2845.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2855.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2865.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2866.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2867.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2868.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2877.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2878.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2896.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28A0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28A1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28A2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28A3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28B6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28B7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28B8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28C5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28C6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28D8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28E1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28E2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28E3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28E7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28F4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28FC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28FD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28FE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp28FF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29A7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29A8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29A9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29AA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29C9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29CA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29CB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29CC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp29F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A07.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A08.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A09.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A0A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A16.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A26.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A27.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A28.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A5D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A5E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A5F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A60.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A76.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A77.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A78.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A79.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A7A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A7B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A7C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A7D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A7E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A7F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A80.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A81.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A82.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A83.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A84.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A85.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A86.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A87.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A97.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A98.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A99.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A9A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2A9B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2AAC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2AAF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2AB0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2AB1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2AB2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2B2F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2B30.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2B31.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2B52.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2BA1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2BA2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2BA3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2BA4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2BAA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2BAB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2BAC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2BAD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C12.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C13.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C14.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C15.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C5D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C5E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C5F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C60.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C63.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C71.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C83.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C84.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C85.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C87.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C88.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C89.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2C8A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2D08.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2D09.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2D0A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2D0B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2D6C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2D6D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2D7E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2DE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2DF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E1B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E1C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E1D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E1E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E42.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E43.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E44.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E45.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E46.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E47.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E48.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E49.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E4A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E4B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E4C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E5C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E5D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E5E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E6F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E70.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E71.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E72.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E73.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E74.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E75.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E76.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E86.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2E97.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2EE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2EF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F15.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F16.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F17.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F18.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F29.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F2A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F2B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F2C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F2D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F2E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F2F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F30.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F31.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F32.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F33.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F34.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F35.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F38.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F3F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F40.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F41.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F42.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F43.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F45.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F53.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F54.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F55.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F56.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F57.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F58.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F59.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F5A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F5B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F5C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F5D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F65.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F76.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F7D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F7E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F7F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp2F90.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3056.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3057.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3058.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3059.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp306C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp306D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp306E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp306F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp307A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp307B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp307C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp307D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp310.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp313E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp313F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3140.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3141.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3142.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3143.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3154.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3155.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3156.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3157.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3158.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3159.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp315A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp315B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp315C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp315F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3160.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3161.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3162.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp316C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp316D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3171.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3172.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3173.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3174.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp317E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp317F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3180.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3186.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3187.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3188.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3189.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31AB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31AC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31AD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31AE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31CF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31D4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31D5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31D6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31D7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31E0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31E1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31E2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31EB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31EC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31ED.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31EE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp31FA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3214.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3215.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3225.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3226.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3239.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3243.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3244.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3245.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3246.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3249.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp324A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp324B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3265.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3266.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3267.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3268.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp327C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp327D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp327E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp327F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3282.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3283.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3284.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3285.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3287.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3298.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3299.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp329A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp329F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp32A0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp32A1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp32A2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp337.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp338.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp339.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33AA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33AB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33AC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33AD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33B6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33B7.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33B8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33B9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33BA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33BB.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33BC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33BF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33C0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33C9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33CC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33D1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33D2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33ED.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33EE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp33EF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3448.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3449.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp344A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp344B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34C8.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34C9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34E9.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34EA.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34F3.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34F4.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34F5.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp34F6.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp351E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp351F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3520.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3521.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3522.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3532.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3533.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3534.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3541.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3542.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3543.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3544.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3552.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3553.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3554.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3555.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp355B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp355C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp355D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp355E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp35B0.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp35B1.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp35B2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp35C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp35D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp35D2.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp360D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp360E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3629.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp362A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp362B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp362C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3664.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3665.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3666.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3667.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp36AC.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp36AD.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp36AE.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp36AF.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3707.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3708.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3709.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp370A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3712.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3713.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3714.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3715.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3726.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3727.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3728.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3767.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp3769.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp376A.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp376B.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp376C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp378C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp378D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp379E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp379F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp387C.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp387D.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp387E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp387F.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp388E.tmp  
C:\Users	itouss\LOCAL Settings\Temp	mp388F.tmp

simoncoutu · Answer

Bonjour, 

Je viens de poster deux messages mais je ne sais pas si le troisième est passer je vais encore essayé de le faire.

gen-hackman · Answer

salut pour le transmettre :

clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

fix200 · Answer

Salut,

Tu es très infecté ... -_-'


Télécharge UsbFix (de C_XX , Chiquitine29, Chimay8)


&#x25B6; Lance le fichier téléchargé, ne touche pas aux paramètres de l'installe !.

&#x25B6; Branche tes sources de données externes à ton PC, (Clé USB, disque dur externe, carte mémoire, appareil photo ...) susceptible d'avoir été infectés , mais sans les ouvrir 

&#x25B6; Double clique sur le raccourci UsbFix sur ton bureau

&#x25B6; Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

&#x25B6; Au second menu choisis l'option 2 ( Suppression )

&#x25B6; Ton bureau disparaîtra et le PC redémarrera . (c'est normal)

&#x25B6; Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche a rien.

&#x25B6; Une fois terminé, Poste le rapport UsbFix.txt qui apparaîtra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

Aide : :
Comment Utiliser UsbFix

###

&#x25B6; Rends sur cette page .

&#x25B6; Clique sur "parcourir" et va jusqu'au fichier UsbFix_Upload_Me_xxxx.zip qui se trouve sur ton bureau .

&#x25B6; Clique sur "Envoyer le fichier" , et patiente jusqu'à la fin du transfère .

&#x25B6; Une fois terminé , tu peux supprimer le fichier UsbFix_Upload_Me_xxxx.zip ...

Merci d'avoir envoyé le fichier , cela permettra aux auteurs de cet l'outil de travailler sur ce type d'infection et d'aider ainsi à ce que UsbFix soit de plus en plus performant . ^^


=============

Tu as un infection Navipromo 

Les programmes suivants sont a éviter :

- Funky Emoticons
- Games-Attack
- Original-Solitaire
- Go-Astro
- GoRecord
- HotTVPlayer
- Live-Player
- MailSkinner
- Messenger Skinner
- Instant Access
- InternetGameBox
- Sudoplanet
- WebMediaPlayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
- SuperSexPlayer
- Sur le site www.games-desktop.com (n'allez pas dessus!!)


Télécharge Navilog1 (de IL-MAFIOSO) sur ton bureau.

&#x25B6; Ensuite double clique sur Navilog1.exe pour lancer l'installation.

&#x25B6; Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

&#x25B6; Laisse-toi guider. Au menu principal, choisis 1 et valide.

&#x25B6; Patiente jusqu'au message :
****** Scan terminé le ..... ****** 

&#x25B6; Appuie sur une touche comme demandé, le bloc notes va s'ouvrir.

&#x25B6; Copie-colle l'intégralité dans une réponse. Referme le bloc notes

NOTE: Le rapport est en outre sauvegardé à la racine du disque (cleannavi.txt)

============

Télécharge Yoog_Fix (Batch_Man) sur ton Bureau.

! Déconnecte toi d'internet ferme toutes tes applications en cours !

&#x25B6; Double-clique sur Yoog_Fix.exe, choisis 1 pour Français et valide .

&#x25B6; Un disclamer apparaît, clique sur OK , puis choisis l'option 1 ( Recherche )


&#x25B6; Attend que le scan se fasse, un rapport va s'ouvrir.

=> Poste le dans ta prochaine réponse.

Tutoriel recherche
 
NOTE:  le rapport est à la racine de ton disque sous le nom de Yoog_Fix.txt

gen-hackman · Answer

j'aurais bien lu mon rapport de suppression avant ^^

simoncoutu · Answer

merci pour ses programmes je ne sais pas trop a quoi il serve mais je te fait confiance, je t'envoie les résultats très vite.

Merci.

simoncoutu · Answer

voila le raport Navilog1

Fix Navipromo version 4.0.5 commencé le 25/12/2009 22:39:44,02

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6000 ) 
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     T5250  @ 1.50GHz )
BIOS : Default System BIOS
USER : titouss ( Administrator )
BOOT : Normal boot

Antivirus : Malware Defense 1.0 (Activated)


C:\ (Local Disk) - NTFS - Total:74 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:67 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)


Recherche executée en mode normal 

Nettoyage exécuté au redémarrage de l'ordinateur


c:\users	itouss\appdata\local\virtua~1\progra~1\InternetGamebox supprimé !
C:\Users	itouss\AppData\Local\khmjgk.exe supprimé !
C:\Users	itouss\AppData\Local\khmjgk.dat supprimé !
C:\Users	itouss\AppData\Local\khmjgk_nav.dat supprimé !
C:\Users	itouss\AppData\Local\khmjgk_navps.dat supprimé !


Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users	itouss\AppData\Local\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !



*** Scan terminé 25/12/2009 22:48:45,12 ***

simoncoutu · Answer

et voici le scan du yoog-fix

Yoog_Fix 3.0.1 by Batch_Man | titouss (Administrator) 
Start at 22:59 le 25/12/2009 
Microsoft® Windows Vista(6.0.6000)
 
Intel(R) Core(TM)2 Duo CPU     T5250  @ 1.50GHz
Ram : 2046,6 Mo 
Normal boot
 
Antivirus: Malware Defense 1.0 (Activated) 
UAC : OFF 
Launched from "C:\Users	itouss\Desktop\Yoog_Fix.bat" 
 
C:\ [Fixed] - NTFS - (Total:76312 Mo/Free:3649 Mo)
D:\ [Fixed] - NTFS - (Total:69311 Mo/Free:2849 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
 
Option [1] 2 Search / Remove  

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Remove: Files / Folders / Keys / Firefox prefs]

DELETED - C:\Program Files\Mozilla Firefox\components
sadssite.dll
DELETED - C:\Program Files\Mozilla Firefox\components
sbads.dll
DELETED - C:\Windows\System32\146d36cd-8c47-d0bb-e8c7-1b460685a279.exe
DELETED - C:\Windows\System32\whoiscl.exe
DELETED - C:\Windows\system32\278375cc-8ac1-7d7f-a437-81bcede0d6ba.dll

DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\146d36cd-8c47-d0bb-e8c7-1b460685a279
DELETED - HKLM\SOFTWARE\Classes\CLSID\{bf997e78-651f-8c95-d6df-3cc9e49f223d}
DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf997e78-651f-8c95-d6df-3cc9e49f223d}
DELETED - HKLM\SOFTWARE\Classes\CLSID\{bf997e78-651f-8c95-d6df-3cc9e49f223d}
DELETED - HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope
DELETED - HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}
DELETED - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}
DELETED - HKLM\SOFTWARE\Classes\optimizer.adssite2
DELETED - HKLM\SOFTWARE\Classes\optimizer.adssite2.1
DELETED - HKCU\software\microsoft\adssite
DELETED - HKCU\software\microsoft\hid_layer
DELETED - HKLM\software\microsoft\windows\currentversion\uninstall\adssite
DELETED - HKLM\software\microsoft\windows\currentversion\uninstallightonadz
DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteGames

DELETED - prefs.js [titouss - 5n5tqwm3.default] user_pref("browser.search.defaultenginename", "Yoog Search"); 
DELETED - prefs.js [titouss - 5n5tqwm3.default] user_pref("browser.search.defaulturl", "http://www1.yoog.com/search.php?q="); 
DELETED - prefs.js [titouss - 5n5tqwm3.default] user_pref("browser.search.selectedEngine", "Yoog Search"); 
DELETED - prefs.js [titouss - 5n5tqwm3.default] user_pref("keyword.URL", "http://www1.yoog.com/search.php?q="); 
DELETED - user.js [titouss - 5n5tqwm3.default] user_pref("browser.search.defaultenginename", "Yoog Search"); 
DELETED - user.js [titouss - 5n5tqwm3.default] user_pref("browser.search.defaulturl", "http://www1.yoog.com/search.php?q="); 
DELETED - user.js [titouss - 5n5tqwm3.default] user_pref("browser.search.selectedEngine", "Yoog Search"); 
DELETED - user.js [titouss - 5n5tqwm3.default] user_pref("keyword.URL", "http://www1.yoog.com/search.php?q="); 
 
------------[Suspects]
 
Aucun fichier suspect trouvé 
 
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»» [Search: Analysis of Firefox]
 

------------[Analysis of Firefox]
  
 
Mozilla Firefox 3.0.16 (fr) 
Install Directory : C:\Program Files\Mozilla Firefox 
Path: C:\Users	itouss\AppData\Roaming\Mozilla\Firefox\Profiles\5n5tqwm3.default 
 
 
------------[Firefox Extensions] 
 
[titouss] NPDyyno@dyyno.com = Simple Dyyno Launcher 
[titouss] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant 
[titouss] {3112ca9c-de6d-4884-a869-9855de68056c} = Google Toolbar for Firefox 
 
{3112ca9c-de6d-4884-a869-9855de68056c} = C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} 
{20a82645-c095-46ed-80e3-08825760534b} = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ 
 
------------[Mozilla Plugins] 
 
Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll  
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt  
ProductName = Adobe© Flash© Player Plugin 
Vendor = Adobe Systems Incorporated 
Version = 10.0.22.87  
 
GeckoVersion = 1.7.2  
Path = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll 
ProductName = Windows Presentation Foundation 
Vendor = Microsoft Corp. 
Version = 3.5  
 
 
------------[Search Plugins]
 
[Program Files] amazon-france.xml = https://www.amazon.fr/ 
[Program Files] eBay-france.xml = http://search.ebay.fr/ 
[Program Files] google-com.xml = https://www.google.com/?gws_rd=ssl 
[Program Files] google.xml = https://www.google.com/ 
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp 
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche 
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/ 
 
------------[Listing of folders]
 
[18/12/2009 18:59 | 23000 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll 
[18/12/2009 18:59 | 134616 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll 
[07/08/2007 12:35 | 49152 bytes] C:\Program Files\Mozilla Firefox\plugins
p32dsw.dll 
[15/08/2007 19:15 | 69632 bytes] C:\Program Files\Mozilla Firefox\plugins
pitunes.dll 
[18/12/2009 18:59 | 65496 bytes] C:\Program Files\Mozilla Firefox\plugins
pnul32.dll 
[27/10/2006 04:12 | 16192 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL 
[04/02/2008 17:49 | 663072 bytes] C:\Program Files\Mozilla Firefox\plugins
pOGAPlugin.dll 
[10/05/2007 21:52 | 95864 bytes] C:\Program Files\Mozilla Firefox\plugins
ppdf32.dll 
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins
pqtplugin.dll 
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins
pqtplugin2.dll 
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins
pqtplugin3.dll 
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins
pqtplugin4.dll 
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins
pqtplugin5.dll 
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins
pqtplugin6.dll 
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins
pqtplugin7.dll 
  
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»» [Search: Registry Analysis]
 
Internet Explorer : 7.0.6000.16945 
 
L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
L1 = HKCU\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Window Title = Windows Internet Explorer
L1 = HKU\.DEFAULT\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKU\S-1-5-21-4042420907-3840879848-1767098931-1000\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
L1 = HKU\S-1-5-21-4042420907-3840879848-1767098931-1000\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKU\S-1-5-21-4042420907-3840879848-1767098931-1000\..\Main.Window Title = Windows Internet Explorer
L1 = HKU\S-1-5-18\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.asus.com/fr/
 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] 
NoAdd-ons = res://ieframe.dll/noaddon.htm 
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm 
SecurityRisk = res://ieframe.dll/securityatrisk.htm 
Tabs = res://ieframe.dll/tabswelcome.htm 
NavigationFailure = res://ieframe.dll/navcancl.htm 
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm 
NavigationCanceled = res://ieframe.dll/navcancl.htm 
OfflineInformation = res://ieframe.dll/offcancl.htm 
Home = 0x10e 
blank = res://mshtml.dll/blank.htm 
PostNotCached = res://ieframe.dll/repost.htm 
 
--------[Browser Helper Object]
 
BHO: {53707962-6F74-2D53-2644-206D7942484F},@SANS NOM=(valeur non d‚finie) 
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=(valeur non d‚finie) 
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=(valeur non d‚finie) 
 
--------[SearchScopes]
 
[HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}],@DisplayName=Crawler Search 
[HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\..\SearchScopes\{2AD0EF2D-9361-46E6-8E46-817B37A91C1A}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\..\SearchScopes\{DD36DD87-FE9F-4216-B10C-C85A024ED232}],@DisplayName=@ieframe.dll,-12512  
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}],@DisplayName=Crawler Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2AD0EF2D-9361-46E6-8E46-817B37A91C1A}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD36DD87-FE9F-4216-B10C-C85A024ED232}],@DisplayName=@ieframe.dll,-12512 
 
--------[Extensions]
 
 
--------[Run Key]
 
 
------------[Others infections]
 
 
  
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»» [Others reports]
 

[25/12/2009 23:01] C:\Yoog_Fix\Logs\Rapport_25_12_2009_n1.txt - (Choice 1 : Search / Remove)

-------------------------->> 

Please upload the file C:\Yoog_Fix\Backups\Backup_25_12_2009_1.zip at : http://batchdhelus.open-web.fr/upload 
How to use : http://batchdhelus.open-web.fr/upload/procedure.html 
 
If the procedure fails, please send the file at yoog.fix.sav@gmail.com 
 

+--------------[End at 23h 01min]

simoncoutu · Answer

Merci pour ton aide en tout cas j'espère que ces scan vont pouvoir t'aider

gen-hackman · Answer

simoncoutu , peux-tu poster ceci stp ? :

C:\Kill'em.txt

simoncoutu · Answer

Pardon mais pour ce dossier tu veux le dossier de recherche ou de destruction ?

gen-hackman · Answer

le fichier texte de destruction stp

simoncoutu · Answer

voila le fichier qui sort du scan

Kill'em by g3n-h@ckm@n 1.1.6.1 
 
User : titouss (Administrateurs) # SIMON
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30 
Start at: 23:22:18 | 25/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU     T5250  @ 1.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6000 32-bit) # 
Internet Explorer 7.0.6000.16945
Windows Firewall Status : Enabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

C:\ -> Disque fixe local | 74,52 Go (3,52 Go free) [VistaOS] | NTFS
D:\ -> Disque fixe local | 67,69 Go (6,78 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\Windows\System32\smss.exe 456
C:\Windows\system32\csrss.exe 520
C:\Windows\system32\wininit.exe 580
C:\Windows\system32\csrss.exe 592
C:\Windows\system32\services.exe 624
C:\Windows\system32\lsass.exe 636
C:\Windows\system32\lsm.exe 644
C:\Windows\system32\svchost.exe 772
C:\Windows\system32\winlogon.exe 860
C:\Windows\system32\svchost.exe 888
C:\Windows\System32\svchost.exe 932
C:\Windows\System32\svchost.exe 1020
C:\Windows\System32\svchost.exe 1084
C:\Windows\system32\svchost.exe 1132
C:\Windows\system32\SLsvc.exe 1228
C:\Windows\system32\svchost.exe 1292
C:\Windows\system32\svchost.exe 1428
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 1600
C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1612
C:\Program Files\ATKGFNEX\GFNEXSrv.exe 1632
C:\Windows\system32\WLANExt.exe 1640
C:\Windows\System32\spoolsv.exe 1760
C:\Windows\system32\svchost.exe 1804
C:\Windows\system32\Dwm.exe 1456
C:\Windows\Explorer.EXE 1772
C:\Windows\system32	askeng.exe 2008
C:\Program Files\ASUS\ASUS Live Update\ALU.exe 376
C:\Program Files\ATK Hotkey\Hcontrol.exe 1184
C:\Program Files\ATKOSD2\ATKOSD2.exe 1792
C:\Program Files\Wireless Console 2\wcourier.exe 1356
C:\Program Files\ASUS\Splendid\ACMON.exe 2052
C:\Program Files\P4G\BatteryLife.exe 2060
C:\Windows\System32\ACEngSvr.exe 2328
C:\Program Files\ATK Hotkey\ATKOSD.exe 2536
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2944
C:\Program Files\Bonjour\mDNSResponder.exe 3028
C:\Windows\system32\svchost.exe 3040
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 3072
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 3236
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 3296
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 3320
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3340
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 3372
C:\Windows\system32\svchost.exe 3396
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 3408
C:\Program Files\Spyware Doctor\svcntaux.exe 3436
C:\Program Files\Spyware Doctor\swdsvc.exe 3552
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 3636
C:\Program Files\Spyware Doctor\SDTrayApp.exe 3648
C:\Windows\system32\svchost.exe 3664
C:\Windows\System32\svchost.exe 3704
C:\Windows\system32\SearchIndexer.exe 3768
C:\Windows\system32\wbem\wmiprvse.exe 2148
C:\Windows\system32	askeng.exe 1828
C:\Windows\system32\wbem\wmiprvse.exe 2972
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2840
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2908
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2652
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 2020
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 3276
C:\Windows\RtHDVCpl.exe 3696
C:\Program Files\PowerForPhone\PowerForPhone.exe 3760
C:\Windows\System32undll32.exe 2076
C:\Windows\System32undll32.exe 3996
C:\Program Files\iTunes\iTunesHelper.exe 2152
C:\Program Files\Nero\Nero 7\InCD\InCD.exe 2204
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2220
C:\Program Files\ASUS\ATK Media\DMedia.exe 2276
C:\Windows\ASScrPro.exe 2096
C:\Program Files\DAEMON Tools Lite\daemon.exe 1072
C:\Windows\ehome\ehtray.exe 1444
C:\Program Files\Windows Media Player\wmpnscfg.exe 3060
C:\Windows\ehome\ehmsas.exe 2760
C:\Program Files\Windows Media Player\wmpnetwk.exe 3660
C:\Program Files\iPod\bin\iPodService.exe 4248
C:\Windows\system32\wuauclt.exe 5264
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe 5952
C:\Windows\system32\conime.exe 5412
C:\Program Files\List_Kill'em\List_Kill'em.exe 4520
C:\Windows\system32\cmd.exe 1544
C:\Users	itouss\AppData\Local\Temp\4356.tmp\pv.exe 2588
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

 
 
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted : 
  
Quarantine : 


==============
host file OK !
==============

========
Registry
========

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

simoncoutu · Answer

Même si je pense que ce n'est pas terminer merci beaucoup pour ton aide je n'est plus les messages d'alerte du virus malware defence c'est génial.

gen-hackman · Answer

non c est le premier rapport que tu as eu qui m interessait....le fait de refaire l option 2 l'a supprimé...tant pis

Merci quand meme , je laisse Fix200 continuer...@+

simoncoutu · Answer

haaaaa désoler pour sa.
Merci de ton aide en tout cas !!!

gen-hackman · Answer

je te conseille juste de desinstaller spyware doctor par contre

simoncoutu · Answer

merci du  conseil

gen-hackman · Answer

desinstalle aussi List_Kill'em il ne te servira plus

simoncoutu · Answer

oke Merci

simoncoutu · Answer

ps: maintenant que malware defence est en quarantaine je le désinstalle ou pas ?

gen-hackman · Answer

qui ? malware defense ? tu as la possibilité ?????

simoncoutu · Answer

oui malware défence ( enfin de le désinstaller via Panneau de configuration ( programme et fonctionnalité c'est tout ))

gen-hackman · Answer

ben oui mais je pense que l acces au desinstalleur sera impossible selon windows mais tu peux essayer

simoncoutu · Answer

oke pas de probléme merci en tout cas

fix200 · Answer

Salut,

Désolé,
Je ne savais pas que gen a posté avant moi.
Je te laisse avec lui.

Bonne chasse -;)

gen-hackman · Answer

Télécharge OTL de OLDTimer

&#9654 enregistre le sur ton Bureau.

&#9654 Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant scan all users

&#9654 règle-le sur "60 Days"

&#9654 dans la colonne de gauche , mets tout sur all

ne modifie pas ceci : 

"files created whithin" et "files modified whithin" 

&#9654Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt".

simoncoutu · Answer

pardon de n'avoir pas donné de nouvelle j'ai eu quelque problème mais je lance les scan tout de suite.

ps: j'ai un autre problème je ne sais pas si ca va le régler mais quand je lance une application ( telle que un jeu vidéo) j'ai souvent des retours windows inexpliqué. Sais tu à quoi cela est due ? 

Merci.

simoncoutu · Answer

http://www.cijoint.fr/cjlink.php?file=cj200912/cijQ3AHnBD.txt

http://www.cijoint.fr/cjlink.php?file=cj200912/cijh3eFPlB.txt

Voila les deux liens.

Merci.

gen-hackman · Answer

desinstalle List_Kill'em , retelcharge-le , puis option 2 directement

je lui ai apporté des mises a jour sur les rogues

lien :

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

simoncoutu · Answer

je te poste le résultat après ?

gen-hackman · Answer

oui s'il te plait

simoncoutu · Answer

désoler pour le retard voila le rapport


Kill'em by g3n-h@ckm@n 1.1.6.2 
 
User : titouss (Administrateurs) # SIMON
Update on 28/12/2009 by g3n-h@ckm@n ::::: 01:30 
Start at: 23:56:48 | 03/01/2010
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU     T5250  @ 1.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6000 32-bit) # 
Internet Explorer 7.0.6000.16945
Windows Firewall Status : Enabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

C:\ -> Disque fixe local | 74,52 Go (3,08 Go free) [VistaOS] | NTFS
D:\ -> Disque fixe local | 67,69 Go (6,78 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\Windows\System32\smss.exe 456
C:\Windows\system32\csrss.exe 520
C:\Windows\system32\wininit.exe 580
C:\Windows\system32\csrss.exe 592
C:\Windows\system32\services.exe 624
C:\Windows\system32\lsass.exe 636
C:\Windows\system32\lsm.exe 644
C:\Windows\system32\svchost.exe 776
C:\Windows\system32\svchost.exe 864
C:\Windows\system32\winlogon.exe 912
C:\Windows\System32\svchost.exe 924
C:\Windows\system32\svchost.exe 976
C:\Windows\System32\svchost.exe 1104
C:\Windows\System32\svchost.exe 1184
C:\Windows\system32\SLsvc.exe 1316
C:\Windows\system32\svchost.exe 1360
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 1652
C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1664
C:\Program Files\ATKGFNEX\GFNEXSrv.exe 1680
C:\Windows\system32\WLANExt.exe 1716
C:\Windows\System32\spoolsv.exe 1804
C:\Windows\system32\svchost.exe 1884
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1304
C:\Program Files\Bonjour\mDNSResponder.exe 1496
C:\Windows\system32\svchost.exe 1512
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 1928
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 1300
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 1980
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 1948
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2052
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2088
C:\Windows\system32\svchost.exe 2144
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2172
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 2220
C:\Windows\system32\svchost.exe 2268
C:\Windows\System32\svchost.exe 2312
C:\Windows\system32\SearchIndexer.exe 2368
C:\Windows\system32\wbem\wmiprvse.exe 2668
C:\Windows\system32	askeng.exe 2680
C:\Windows\system32\wbem\wmiprvse.exe 2812
C:\Windows\system32\Dwm.exe 3092
C:\Windows\Explorer.EXE 3124
C:\Windows\system32	askeng.exe 3140
C:\Program Files\ASUS\ASUS Live Update\ALU.exe 3196
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 3332
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 3364
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3372
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 3416
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 3428
C:\Windows\RtHDVCpl.exe 3464
C:\Program Files\PowerForPhone\PowerForPhone.exe 3476
C:\Program Files\ATK Hotkey\Hcontrol.exe 3540
C:\Program Files\ATKOSD2\ATKOSD2.exe 3548
C:\Program Files\Wireless Console 2\wcourier.exe 3556
C:\Program Files\ASUS\Splendid\ACMON.exe 3564
C:\Program Files\P4G\BatteryLife.exe 3572
C:\Windows\System32undll32.exe 3668
C:\Program Files\iTunes\iTunesHelper.exe 3700
C:\Program Files\Nero\Nero 7\InCD\InCD.exe 3708
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3720
C:\Program Files\ASUS\ATK Media\DMedia.exe 3740
C:\Windows\ASScrPro.exe 3748
C:\Program Files\DAEMON Tools Lite\daemon.exe 3824
C:\Windows\ehome\ehtray.exe 3864
C:\Program Files\Windows Media Player\wmpnscfg.exe 3872
C:\Windows\System32\ACEngSvr.exe 3924
C:\Program Files\ATK Hotkey\ATKOSD.exe 4052
C:\Windows\System32undll32.exe 4068
C:\Windows\ehome\ehmsas.exe 1460
C:\Program Files\Windows Media Player\wmpnetwk.exe 2216
C:\Program Files\iPod\bin\iPodService.exe 2808
C:\Windows\servicing\TrustedInstaller.exe 3020
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe 3684
C:\Windows\system32\vssvc.exe 3324
C:\Windows\System32\svchost.exe 2928
C:\Windows\system32\wuauclt.exe 2992
C:\Windows\system32\conime.exe 576
C:\Windows\system32\SearchProtocolHost.exe 2796
C:\Windows\system32\SearchFilterHost.exe 3620
C:\Program Files\List_Kill'em\List_Kill'em.exe 2440
C:\Windows\system32\cmd.exe 3728
C:\Users	itouss\AppData\Local\Temp\52A1.tmp\pv.exe 1328
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

"C:\Windows\system32\krl32mainweq.dll"  
"C:\Windows\System32\srcr.dat"  
 
 
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted : 
  
Quarantine : 

krl32mainweq.dll.Kill'em
srcr.dat.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\H8SRT  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

bien refais un scan OTL stp

simoncoutu · Answer

je le fais avec quel configuration ??

Les mêmes que expliquer dans le message plus haut ?

gen-hackman · Answer

oui stp

simoncoutu · Answer

je tel 'envoie tout de suite

gen-hackman · Answer

ok...via cijoint.fr hein ?

simoncoutu · Answer

http://www.cijoint.fr/cjlink.php?file=cj201001/cijG9RSHFF.txt


voila

gen-hackman · Answer

&#9654 Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche    Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

&#9654 clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\Windows\System32
sr3782.dll

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

&#9654 Double clic sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adssite Toolbar) - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar	oolbar.dll File not found
O3 - HKU\S-1-5-21-4042420907-3840879848-1767098931-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKU\S-1-5-21-4042420907-3840879848-1767098931-1000..\Run: [Malware Defense] C:\Program Files\Malware Defense\mdefense.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"iTunesHelper"=-
"NeroFilterCheck"=-
"QuickTime Task"=-

:files
C:\Users	itouss\AppData\Roaming\Adssite Advanced Toolbar
C:\Users	itouss\AppData\Roaming\Application Data

:commands
[emptytemp]
[start explorer]
[reboot]


&#9654 Clique sur RunFix pour lancer la suppression.


&#9654 Poste le rapport.

simoncoutu · Answer

Fichier nsr3782.dll reçu le 2010.01.05 11:05:21 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.48 2010.01.05 Virus.Win32.Rootkit!IK AhnLab-V3 5.0.0.2 2010.01.05 - AntiVir 7.9.1.122 2009.12.31 TR/Spy.1289216 Antiy-AVL 2.0.3.7 2010.01.05 - Authentium 5.2.0.5 2010.01.05 - Avast 4.8.1351.0 2010.01.05 - AVG 8.5.0.430 2010.01.04 - BitDefender 7.2 2010.01.05 Gen:Adware.Heur.ov8@WX2xKndi CAT-QuickHeal 10.00 2010.01.05 - ClamAV 0.94.1 2010.01.05 - Comodo 3474 2010.01.05 UnclassifiedMalware DrWeb 5.0.1.12222 2010.01.05 - eSafe 7.0.17.0 2010.01.04 - eTrust-Vet 35.1.7216 2010.01.05 - F-Prot 4.5.1.85 2010.01.04 - F-Secure 9.0.15370.0 2010.01.05 Gen:Adware.Heur.ov8@WX2xKndi Fortinet 4.0.14.0 2010.01.05 - GData 19 2010.01.05 Gen:Adware.Heur.ov8@WX2xKndi Ikarus T3.1.1.79.0 2010.01.05 Virus.Win32.Rootkit Jiangmin 13.0.900 2010.01.05 - K7AntiVirus 7.10.937 2010.01.04 - Kaspersky 7.0.0.125 2010.01.05 - McAfee 5851 2010.01.04 - McAfee+Artemis 5851 2010.01.04 Artemis!1FC27D79186B McAfee-GW-Edition 6.8.5 2010.01.05 Trojan.Spy.1289216 Microsoft 1.5302 2010.01.05 - NOD32 4744 2010.01.05 - Norman 6.04.03 2010.01.05 - nProtect 2009.1.8.0 2010.01.05 - Panda 10.0.2.2 2010.01.04 - PCTools 7.0.3.5 2010.01.05 - Prevx 3.0 2010.01.05 Low Risk Adware Rising 22.29.01.04 2010.01.05 - Sophos 4.49.0 2010.01.05 - Sunbelt 3.2.1858.2 2010.01.05 - Symantec 20091.2.0.41 2010.01.05 - TheHacker 6.5.0.3.132 2010.01.05 - TrendMicro 9.120.0.1004 2010.01.05 - VBA32 3.12.12.1 2010.01.05 - ViRobot 2010.1.5.2122 2010.01.05 - VirusBuster 5.0.21.0 2010.01.04 - Information additionnelle File size: 1289216 bytes MD5...: 1fc27d79186b073d408ad0cf2e618075 SHA1..: 8d538aadd9ff1ead0462747ff58c198aa1913ecc SHA256: 8604a5f51aecad3ede01f070b8dd6ab498f20d60672aca08ffe11763c2198eb4 ssdeep: 24576:avOmgg8pFvcbzaRZVven6+OMEExQ5awgTdNOND/VSX1KOqysTte4x0:4MX
Ebhx20nOylKdysT43
PEiD..: - PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x82b70
timedatestamp.....: 0x4a4bac2f (Wed Jul 01 18:34:23 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xfa9fd 0xfaa00 6.55 075a771dd78774b64713f440f4522872
.rdata 0xfc000 0x1b894 0x1ba00 4.84 f4491e08a0059dc92bd83f06d94eec2a
.data 0x118000 0x9b5c 0x2e00 4.30 b3bf0a9d35bf7ada8a4b9a19c2457835
.rsrc 0x122000 0x34c 0x400 4.72 037837d45f29c426d6f2bca0f2d4f3d9
.reloc 0x123000 0x2117a 0x21200 4.52 779aa19de8adfd4a271829184bdc1e14

( 4 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, MultiByteToWideChar, GetCurrentThreadId, ExitThread, InterlockedCompareExchange, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetDriveTypeA, CreateFileA, GetProcessHeap, SetEndOfFile, GetLocaleInfoW, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, CreateFileW, SetStdHandle, InitializeCriticalSectionAndSpinCount, WideCharToMultiByte, Sleep, InterlockedExchange, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetLastError, HeapFree, GetCommandLineA, GetSystemTimeAsFileTime, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeW, FindFirstFileW, LCMapStringA, LCMapStringW, GetCPInfo, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapAlloc, HeapSize, ExitProcess, HeapCreate, HeapDestroy, VirtualFree, VirtualAlloc, HeapReAlloc, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleA, GetTimeZoneInformation, CloseHandle, WriteFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, ReadFile, SetFilePointer, GetFullPathNameW, GetCurrentDirectoryA, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, CreateThread
> USER32.dll: IsWindow, SetWindowTextW, SendMessageW, GetWindowTextW, CallWindowProcW, CharLowerW, CharUpperW, wsprintfW, ShowWindow, SetWindowPos, SystemParametersInfoW, SetWindowLongW, GetWindowLongW
> ole32.dll: CoMarshalInterThreadInterfaceInStream, CoUnmarshalInterface
> OLEAUT32.dll: -, -, -, -, -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
RDS...: NSRL Reference Data Set
- pdfid.: - sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: 4, 6, 5, 4
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) http://info.prevx.com/aboutprogramtext.asp?PX5=8D4774D700D71696AC1A130B3C185B00D8665E3E Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.48 2010.01.05 Virus.Win32.Rootkit!IK AhnLab-V3 5.0.0.2 2010.01.05 - AntiVir 7.9.1.122 2009.12.31 TR/Spy.1289216 Antiy-AVL 2.0.3.7 2010.01.05 - Authentium 5.2.0.5 2010.01.05 - Avast 4.8.1351.0 2010.01.05 - AVG 8.5.0.430 2010.01.04 - BitDefender 7.2 2010.01.05 Gen:Adware.Heur.ov8@WX2xKndi CAT-QuickHeal 10.00 2010.01.05 - ClamAV 0.94.1 2010.01.05 - Comodo 3474 2010.01.05 UnclassifiedMalware DrWeb 5.0.1.12222 2010.01.05 - eSafe 7.0.17.0 2010.01.04 - eTrust-Vet 35.1.7216 2010.01.05 - F-Prot 4.5.1.85 2010.01.04 - F-Secure 9.0.15370.0 2010.01.05 Gen:Adware.Heur.ov8@WX2xKndi Fortinet 4.0.14.0 2010.01.05 - GData 19 2010.01.05 Gen:Adware.Heur.ov8@WX2xKndi Ikarus T3.1.1.79.0 2010.01.05 Virus.Win32.Rootkit Jiangmin 13.0.900 2010.01.05 - K7AntiVirus 7.10.937 2010.01.04 - Kaspersky 7.0.0.125 2010.01.05 - McAfee 5851 2010.01.04 - McAfee+Artemis 5851 2010.01.04 Artemis!1FC27D79186B McAfee-GW-Edition 6.8.5 2010.01.05 Trojan.Spy.1289216 Microsoft 1.5302 2010.01.05 - NOD32 4744 2010.01.05 - Norman 6.04.03 2010.01.05 - nProtect 2009.1.8.0 2010.01.05 - Panda 10.0.2.2 2010.01.04 - PCTools 7.0.3.5 2010.01.05 - Prevx 3.0 2010.01.05 Low Risk Adware Rising 22.29.01.04 2010.01.05 - Sophos 4.49.0 2010.01.05 - Sunbelt 3.2.1858.2 2010.01.05 - Symantec 20091.2.0.41 2010.01.05 - TheHacker 6.5.0.3.132 2010.01.05 - TrendMicro 9.120.0.1004 2010.01.05 - VBA32 3.12.12.1 2010.01.05 - ViRobot 2010.1.5.2122 2010.01.05 - VirusBuster 5.0.21.0 2010.01.04 - Information additionnelle File size: 1289216 bytes MD5...: 1fc27d79186b073d408ad0cf2e618075 SHA1..: 8d538aadd9ff1ead0462747ff58c198aa1913ecc SHA256: 8604a5f51aecad3ede01f070b8dd6ab498f20d60672aca08ffe11763c2198eb4 ssdeep: 24576:avOmgg8pFvcbzaRZVven6+OMEExQ5awgTdNOND/VSX1KOqysTte4x0:4MX
Ebhx20nOylKdysT43
PEiD..: - PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x82b70
timedatestamp.....: 0x4a4bac2f (Wed Jul 01 18:34:23 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xfa9fd 0xfaa00 6.55 075a771dd78774b64713f440f4522872
.rdata 0xfc000 0x1b894 0x1ba00 4.84 f4491e08a0059dc92bd83f06d94eec2a
.data 0x118000 0x9b5c 0x2e00 4.30 b3bf0a9d35bf7ada8a4b9a19c2457835
.rsrc 0x122000 0x34c 0x400 4.72 037837d45f29c426d6f2bca0f2d4f3d9
.reloc 0x123000 0x2117a 0x21200 4.52 779aa19de8adfd4a271829184bdc1e14

( 4 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, MultiByteToWideChar, GetCurrentThreadId, ExitThread, InterlockedCompareExchange, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetDriveTypeA, CreateFileA, GetProcessHeap, SetEndOfFile, GetLocaleInfoW, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, CreateFileW, SetStdHandle, InitializeCriticalSectionAndSpinCount, WideCharToMultiByte, Sleep, InterlockedExchange, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetLastError, HeapFree, GetCommandLineA, GetSystemTimeAsFileTime, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeW, FindFirstFileW, LCMapStringA, LCMapStringW, GetCPInfo, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapAlloc, HeapSize, ExitProcess, HeapCreate, HeapDestroy, VirtualFree, VirtualAlloc, HeapReAlloc, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleA, GetTimeZoneInformation, CloseHandle, WriteFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, ReadFile, SetFilePointer, GetFullPathNameW, GetCurrentDirectoryA, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, CreateThread
> USER32.dll: IsWindow, SetWindowTextW, SendMessageW, GetWindowTextW, CallWindowProcW, CharLowerW, CharUpperW, wsprintfW, ShowWindow, SetWindowPos, SystemParametersInfoW, SetWindowLongW, GetWindowLongW
> ole32.dll: CoMarshalInterThreadInterfaceInStream, CoUnmarshalInterface
> OLEAUT32.dll: -, -, -, -, -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
RDS...: NSRL Reference Data Set
- pdfid.: - sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: 4, 6, 5, 4
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) http://info.prevx.com/aboutprogramtext.asp?PX5=8D4774D700D71696AC1A130B3C185B00D8665E3E premier scan

simoncoutu · Answer

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{41C29B07-6F91-4966-91BE-2E2841643C83} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\Software\Microsoft\Windows\CurrentVersion\Run\Malware Defense deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task deleted successfully.
========== FILES ==========
C:\Users	itouss\AppData\Roaming\Adssite Advanced Toolbar folder moved successfully.
C:\Users	itouss\AppData\Roaming\Application Data folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
 
User: Public
 
User: titouss
->Temp folder emptied: 1511982815 bytes
->Temporary Internet Files folder emptied: 1428723147 bytes
->Java cache emptied: 1333947 bytes
->FireFox cache emptied: 63351426 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 957995 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2 867,00 mb
 
 
OTL by OldTimer - Version 3.1.20.1 log created on 01052010_120942

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


2eme scan

gen-hackman · Answer

hello peux-tu supprimer ceci manuellement ? :

C:\Windows\System32
sr3782.dll

simoncoutu · Answer

document supprimé a l'instant

gen-hackman · Answer

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



&#9654 Télécharge :

Malwarebytes  

ou  :

Malwarebytes

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

&#9654 Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

simoncoutu · Answer

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3458
Windows 6.0.6000
Internet Explorer 7.0.6000.16945

06/01/2010 08:31:52
mbam-log-2010-01-06 (08-31-38).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 261813
Temps écoulé: 1 hour(s), 7 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\cooltoolbar.iebarlogic (Adware.Adssite) -> No action taken.
HKEY_CLASSES_ROOT\cooltoolbar.iebarlogic.1 (Adware.Adssite) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41c29b07-6f91-4966-91be-2e2841643c83} (Adware.Adssite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Adssite ToolBar (Adware.Adssite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.SpywareSecure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteToolBar (Adware.Adssite) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users	itouss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> No action taken.

Fichier(s) infecté(s):
C:\Yoog_Fix\Backups\Backup_25_12_2009_1\WhoisCL..exe.vir (Trojan.BHO) -> No action taken.
C:\Users	itouss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> No action taken.

gen-hackman · Answer

il m'aurait fallu le rapport apres suppression

Malware defence

48 réponses

Discussions similaires