View original (French)

HELP!! File infected by Trojan

Solved
jenny131078 Posted messages 177 Status Membre -  
jacques.gache Posted messages 34829 Status Contributeur sécurité -
Hello,

A lapse of attention on my part while opening a web page has resulted in the himspl.dll file becoming infected by a trojan. Other files have been infected, but a simple disk cleanup made them disappear. However, this is a system file, and I don't want to make any mistakes.

I scanned this file on the VirusTotal website, which recognized the infection as Gen:Trojan.Heur.cq8@LKddH4kb.
I also performed a Bitdefender quickscan online, and here is the report:

BitDefender QuickScan Beta 32-bit v0.9.9.0
------------------------------------------

Scan date: Fri Jan 29 17:44:21 2010
Machine ID: E8C36C18

Process lsass.exe (756) is affected by Gen:Trojan.Heur.cq8@LKddH4kb
Process Explorer.EXE (4632) is affected by Gen:Trojan.Heur.cq8@LKddH4kb

Found 1 infected file!
------------------------
C:\WINDOWS\himspl.dll - Gen:Trojan.Heur.cq8@LKddH4kb

Can someone tell me how to get rid of it? My antivirus alerts me every 2 minutes.
Quarantine, denying access, deletion, nothing works; the only solution is to ignore the presence of this trojan, and of course, that is out of the question.
Thank you in advance for your help;)))
Configuration: Windows XP Firefox 3.5.7

15 réponses

Réponse 1 / 15
jenny131078 Posted messages 177 Status Membre 2
 
Thank you for your response;) Here is the report, I deleted the infected files and restarted the PC as requested:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

01/29/2010 20:12:12
mbam-log-2010-01-29 (20-12-12).txt

Scan type: Full scan (C:\|)
Items examined: 288069
Elapsed time: 1 hour(s), 23 minute(s), 9 second(s)

Infected memory process(es): 0
Infected memory module(s): 1
Infected registry key(s): 4
Infected registry value(s): 2
Infected registry data item(s): 1
Infected folder(s): 1
Infected file(s): 7

Infected memory process(es):
(No harmful items detected)

Infected memory module(s):
C:\WINDOWS\himspl.dll (Trojan.Hiloti) -> Delete on reboot.

Infected registry key(s):
HKEY_CURRENT_USER\SOFTWARE\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\anti-leech alie (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Infected registry value(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{0ea986db0e30d1660} (Rogue.RegSort) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{iea986db0e30d1660} (Rogue.RegSort) -> Quarantined and deleted successfully.

Infected registry data item(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: himspl.dll -> Delete on reboot.

Infected folder(s):
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

Infected file(s):
C:\WINDOWS\himspl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{44227DE7-77E7-4473-AFC3-C779FEB6D4CB}\RP390\A0049970.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{44227DE7-77E7-4473-AFC3-C779FEB6D4CB}\RP390\A0049810.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqein.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
0
Réponse 2 / 15
jacques.gache Posted messages 34829 Status Contributeur sécurité 1 645
 
OK, how is the PC? Can you post a RSIT so we can see further?!!!

1) Download and install HijackThis:

https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/­ijackthis

Click on the downloaded hijackthis file to start the installation
follow the instructions and do not modify the installation settings.
At the end of the installation, the program will launch automatically
close it by clicking on the red cross.

Do not run this program for now and proceed with the next steps

2) Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.

-> http://images.malwareremoval.com/random/RSIT.exe

Log off and close all your running applications

Double-click on "RSIT.exe" to launch it.

Right-click under VISTA (run as…)

A first window will open with the title: "Disclaimer of warranty".

In front of the option "List files/folders created ...", choose: 1 month

then click on "Continue" to start the scan

Let the scan run and do not touch the PC

When the scan is finished, two text files will open

Post the content of "log.txt", as well as "info.txt" (which you will see in the taskbar), for analysis and wait for the next steps...

Important: post one report, then the other in the next reply

If you try to post both at the same time, it might be too long for the forum??

Note: the reports will also be saved in this folder C:\rsit

--
I may not know much, but if the little I know can help, well,
I’m happy to share it with you!!
0
Réponse 3 / 15
jenny131078 Posted messages 177 Status Membre 2
 
Here is the "log".txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jenny at 2010-01-29 21:53:01
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 16 GB (38%) free of 43 GB
Total RAM: 1023 MB (44% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{606B986D-FB81-4356-AF54-80AEE279432C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68C55168-E188-40DF-A514-835FCD78B1BF}]
IEbho Class - C:\Program Files\IE7pro\IE7pro.dll [2007-01-26 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-07-23 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-07-23 2436160]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-10-05 262144]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-10-22 185896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"UsbBoost"=C:\Program Files\UsbBoost\TurboHddUsb.exe [2010-01-08 3788800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-02-02 251264]
"Neuf Media Center"=C:\Program Files\SFR\Media Center\MediaCenter.exe [2008-10-10 726336]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-23 68856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-TF1]
C:\Program Files\TF1Vision\TF1vision.exe [2008-03-05 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
C:\WINDOWS\EXPLORER.EXE [2007-06-13 1037312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-03-23 1398272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-23 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-10-22 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Acrobat\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-24 161776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2006-09-26 534016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^Outil de détection de support de Cyber-shot Viewer.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2005-10-28 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
C:\WINDOWS\BRICOP~1\VISTAI~1\YZTOOL~1\YZTOOL~1.EXE [2002-09-29 90112]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
SiWake.lnk - C:\Program Files\Wireless LAN Utility\SiWake.exe

C:\Documents and Settings\Jenny\Menu Démarrer\Programmes\Démarrage
Outil de détection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"%windir%\system32\mcoinstall.exe"="%windir%\system32\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\Program Files\installer\mcoinstall.exe"="C:\Program Files\installer\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%SystemDir%\winsecurityxp\mswinup.exe"="%SystemDir%\winsecurityxp\mswinup.exe:*:Enabled:Internet Explorer"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\XAMPPLite\mysql\bin\mysqld.exe"="C:\XAMPPLite\mysql\bin\mysqld.exe:*:Enabled:Monday Morning (MySQL)"
"C:\XAMPPLite\apache\bin\apache.exe"="C:\XAMPPLite\apache\bin\apache.exe:*:Enabled:Monday Morning (Apache)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-29 21:53:01 ----D---- C:\rsit
2010-01-29 17:38:44 ----D---- C:\Documents and Settings\Jenny\Application Data\QuickScan
2010-01-28 20:06:12 ----SHD---- C:\RECYCLER
2010-01-28 19:59:10 ----D---- C:\WINDOWS\temp
2010-01-28 19:47:19 ----A---- C:\WINDOWS\PEV.exe
2010-01-28 19:47:19 ----A---- C:\WINDOWS\MBR.exe
2010-01-28 19:41:22 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-13 18:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-08 00:22:56 ----D---- C:\Documents and Settings\All Users\Application Data\FNET
2010-01-08 00:22:54 ----D---- C:\Program Files\UsbBoost
2010-01-08 00:20:10 ----D---- C:\Documents and Settings\Jenny\Application Data\Genie-Soft
2010-01-08 00:19:41 ----D---- C:\Program Files\LaCie
2009-12-31 14:59:18 ----D---- C:\WINDOWS\Prefetch
2009-12-31 12:45:28 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-12-31 12:44:11 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-12-31 12:44:10 ----N---- C:\WINDOWS\system32\msgsvc.dll
2009-12-31 12:44:10 ----N---- C:\WINDOWS\system32\kernel32.dll
2009-12-31 12:44:10 ----N---- C:\WINDOWS\system32\comctl32.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\locator.exe
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\localspl.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\ftp.exe
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\format.com
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\cmd.exe
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\cacls.exe
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-12-31 12:44:10 ----A---- C:\WINDOWS\system32\autochk.exe
2009-12-31 12:44:09 ----A---- C:\WINDOWS\system32\printui.dll
2009-12-31 12:44:09 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-12-31 12:44:09 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-12-31 12:44:09 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-12-31 12:44:08 ----N---- C:\WINDOWS\system32\services.exe
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\ulib.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\smss.exe
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\schannel.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\savedump.exe
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\samlib.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\rasman.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-12-31 12:44:08 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-12-31 12:44:07 ----N---- C:\WINDOWS\system32\userinit.exe
2009-12-31 12:44:07 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-12-31 12:44:07 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-12-31 12:44:07 ----A---- C:\WINDOWS\system32\untfs.dll
2009-12-31 12:44:04 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2009-12-31 12:44:04 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-12-31 12:44:04 ----A---- C:\WINDOWS\system32\hal.dll

======List of files/folders modified in the last 1 months======

2010-01-29 21:00:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-29 20:49:45 ----SHD---- C:\System Volume Information
2010-01-29 20:49:45 ----D---- C:\WINDOWS\system32\Restore
2010-01-29 20:47:52 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 20:31:57 ----D---- C:\WINDOWS\Internet Logs
2010-01-29 20:18:01 ----SD---- C:\WINDOWS\Tasks
2010-01-29 20:14:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-29 20:14:34 ----D---- C:\WINDOWS
2010-01-29 20:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2010-01-29 20:14:21 ----D---- C:\WINDOWS\system32\drivers
2010-01-29 20:12:11 ----D---- C:\WINDOWS\system32
2010-01-29 19:32:47 ----D---- C:\Program Files\PokerStars
2010-01-29 18:28:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-29 17:25:00 ----AD---- C:\Program Files
2010-01-29 17:13:19 ----SHD---- C:\WINDOWS\Installer
2010-01-29 17:13:19 ----D---- C:\Config.Msi
2010-01-28 21:51:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-01-28 20:12:10 ----D---- C:\WINDOWS\ERDNT
2010-01-28 20:03:38 ----A---- C:\WINDOWS\system.ini
2010-01-28 20:00:45 ----D---- C:\WINDOWS\system32\config
2010-01-28 19:58:20 ----RSD---- C:\WINDOWS\Fonts
2010-01-28 19:54:43 ----D---- C:\WINDOWS\AppPatch
2010-01-28 19:54:38 ----D---- C:\Program Files\Common Files
2010-01-28 18:38:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-28 18:37:08 ----D---- C:\Program Files\SpywareBlaster
2010-01-28 18:19:37 ----D---- C:\WINDOWS\Debug
2010-01-26 21:40:50 ----D---- C:\WINDOWS\system32\wbem
2010-01-26 21:40:50 ----D---- C:\WINDOWS\system32\Setup
2010-01-26 21:38:34 ----D---- C:\Program Files\Freeware PDF Unlocker
2010-01-23 02:08:23 ----HD---- C:\WINDOWS\inf
2010-01-23 02:08:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 02:08:14 ----D---- C:\Program Files\Internet Explorer
2010-01-23 02:08:06 ----D---- C:\WINDOWS\ie8updates
2010-01-23 02:07:10 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-20 18:14:45 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-20 00:15:42 ----D---- C:\WINDOWS\security
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-13 18:42:46 ----D---- C:\Documents and Settings\Jenny\Application Data\Canon
2010-01-09 20:02:36 ----A---- C:\WINDOWS\system32\PQ_DEBUG.TXT
2010-01-08 00:29:53 ----D---- C:\WINDOWS\repair
2010-01-08 00:29:39 ----D---- C:\WINDOWS\Registration
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-31 18:56:15 ----D---- C:\Program Files\Messenger
2009-12-31 18:56:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-31 14:09:06 ----D---- C:\WINDOWS\WinSxS
2009-12-31 14:08:57 ----D---- C:\WINDOWS\system32\bits
2009-12-31 14:08:10 ----D---- C:\WINDOWS\system32\usmt
2009-12-31 14:08:06 ----D---- C:\WINDOWS\system32\oobe
2009-12-31 14:08:06 ----D---- C:\WINDOWS\system32\npp
2009-12-31 14:07:41 ----D---- C:\WINDOWS\system32\Com
2009-12-31 14:06:41 ----D---- C:\WINDOWS\system
2009-12-31 14:06:41 ----D---- C:\WINDOWS\srchasst
2009-12-31 14:03:59 ----D---- C:\WINDOWS\peernet
2009-12-31 14:03:57 ----D---- C:\WINDOWS\network diagnostic
2009-12-31 14:03:56 ----D---- C:\WINDOWS\msagent
2009-12-31 14:03:42 ----D---- C:\WINDOWS\ime
2009-12-31 14:03:41 ----D---- C:\WINDOWS\Help
2009-12-31 14:03:33 ----D---- C:\Program Files\Windows NT
2009-12-31 14:03:33 ----D---- C:\Program Files\Windows Media Player
2009-12-31 14:03:32 ----D---- C:\Program Files\Outlook Express
2009-12-31 14:03:30 ----D---- C:\Program Files\NetMeeting
2009-12-31 14:03:29 ----D---- C:\Program Files\Movie Maker
2009-12-31 14:03:20 ----D---- C:\Program Files\Common Files\System
2009-12-31 14:02:53 ----D---- C:\WINDOWS\system32\fr-fr
2009-12-31 14:02:53 ----D---- C:\WINDOWS\system32\fr
2009-12-31 14:02:44 ----D---- C:\WINDOWS\l2schemas
2009-12-31 12:56:35 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-31 12:48:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-31 12:43:40 ----D---- C:\WINDOWS\EHome
2009-12-30 22:31:22 ----RSD---- C:\WINDOWS\assembly
2009-12-30 19:14:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-30 19:09:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 FNETURPX;FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [2010-01-08 7936]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2001-08-10 3252]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-15 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 BelkinNGservicename;NDIS5.1 Miniport Driver for Belkin Gigabit Desktop Card; C:\WINDOWS\system32\DRIVERS\GigNIC.sys [2005-02-08 226432]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-11 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\drivers\btkrnl.sys [2007-02-11 863402]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-18 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-09-22 92160]
0
Réponse 4 / 15
jacques.gache Posted messages 34829 Status Contributeur sécurité 1 645
 
You didn't follow the procedure. I asked you to download HijackThis and install it, and then to run RSIT for a more complete report. But it's not a big deal; we'll manage. So this time, please do what I ask you, because if I ask you to do things, it's not just to be nice—it's to be more efficient in cleaning your PC. If you want us to be effective in disinfecting your PC, no problem. We're here to help you, but start by helping us by doing what we ask. THANK YOU!!

SO IF YOU WANT TO CONTINUE!!!

Please do the following, Thank you

1° You run ToolBar S&D

Download ToolBar-S&D (Thanks to Eric_71, Angeldark, Sham_Rock, and XmichouX)

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

If there are problems:

http://eric71.geekstogo.com/tools/ToolBarSD.exe

Launch the installation of the program by executing the downloaded file.
Now double-click on the ToolBar-S&D shortcut.
Select your desired language by typing the letter of your choice and confirming with the Enter key.
Now choose option 1 (Search). Wait until the search is complete.
Post the generated report. (C:\TB.txt)

Deletion option 2

Restart ToolBar-S&D by double-clicking the shortcut. Press "2" and confirm by pressing "Enter".
! Do not close the window during deletion!
A report will be generated; post its contents here.

NOTE: If your Desktop does not reappear, press Ctrl+Alt+Del simultaneously to open the Task Manager.
Go to the "Processes" tab. Click on File at the top left and choose "Run..."
Type explorer and confirm.

Help with images: https://sites.google.com/site/toolbarsd/aideenimages

2) Post a HIJACKTHIS

Download HijackThis: https://www.androidworld.fr/

Everything is explained to properly install and know how to use it.

How to copy/paste the report:

When you have the report on the screen, press ctrl A to "select all" and then ctrl C to "copy".

Then come back to the forum to respond and press ctrl V to "paste" the report.

An explanation of the keyboard shortcuts is illustrated on this website:

https://www.androidworld.fr/

--
 Personally, I may not know much, but if the little I know can help, well, 
 I’m happy to share it with you!!
0
Réponse 5 / 15
jenny131078 Posted messages 177 Status Membre 2
 
Sorry, I missed this part, I'll continue and especially thanks for your patience ;)
0
Réponse 6 / 15
jenny131078 Posted messages 177 Status Membre 2
 
Here is the 1st report Toolbar

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 2
X86-based PC (Uniprocessor Free: Intel(R) Pentium(R) 4 CPU 2.66GHz)
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A12
USER: Jenny (Administrator)
BOOT: Normal boot
Antivirus: AntiVir Desktop 9.0.1.32 (Activated)
Firewall: ZoneAlarm Firewall 8.0.298.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total: 41 Go (Free: 16 Go)
D:\ (Local Disk) - NTFS - Total: 70 Go (Free: 22 Go)
E:\ (Local Disk) - NTFS - Total: 232 Go (Free: 98 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" (Update: 22-08-2009|18:42)
Option: [1] (29/01/2010|22:26)

-----------\\ File / Folder Search ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\zonealarm.ico
C:\Program Files\BitLord
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\BitLord\BitLord.url
C:\Program Files\BitLord\BitLord.xml
C:\Program Files\BitLord\Downloads
C:\Program Files\BitLord\Downloads.xml
C:\Program Files\BitLord\lang
C:\Program Files\BitLord\License.txt
C:\Program Files\BitLord\rules
C:\Program Files\BitLord\Torrents
C:\Program Files\BitLord\uninst.exe
C:\Program Files\BitLord\lang\lang_ar_ae.xml
C:\Program Files\BitLord\lang\lang_bg_bg.xml
C:\Program Files\BitLord\lang\lang_ca_es.xml
C:\Program Files\BitLord\lang\lang_cz_cz.xml
C:\Program Files\BitLord\lang\lang_da_dk.xml
C:\Program Files\BitLord\lang\lang_de_de.xml
C:\Program Files\BitLord\lang\lang_el_gr.xml
C:\Program Files\BitLord\lang\lang_en_us.xml
C:\Program Files\BitLord\lang\lang_es_ar.xml
C:\Program Files\BitLord\lang\lang_es_es.xml
C:\Program Files\BitLord\lang\lang_et_ee.xml
C:\Program Files\BitLord\lang\lang_fi_fi.xml
C:\Program Files\BitLord\lang\lang_fr_fr.xml
C:\Program Files\BitLord\lang\lang_gl_es.xml
C:\Program Files\BitLord\lang\lang_he_il.xml
C:\Program Files\BitLord\lang\lang_hu_hu.xml
C:\Program Files\BitLord\lang\lang_it_it.xml
C:\Program Files\BitLord\lang\lang_jp_jp.xml
C:\Program Files\BitLord\lang\lang_ko_kr.xml
C:\Program Files\BitLord\lang\lang_nb_no.xml
C:\Program Files\BitLord\lang\lang_nl_nl.xml
C:\Program Files\BitLord\lang\lang_pl_pl.xml
C:\Program Files\BitLord\lang\lang_pt_br.xml
C:\Program Files\BitLord\lang\lang_pt_pt.xml
C:\Program Files\BitLord\lang\lang_ro_ro.xml
C:\Program Files\BitLord\lang\lang_ru_ru.xml
C:\Program Files\BitLord\lang\lang_sk_sk.xml
C:\Program Files\BitLord\lang\lang_sl_si.xml
C:\Program Files\BitLord\lang\lang_sr_sr.xml
C:\Program Files\BitLord\lang\lang_sv_se.xml
C:\Program Files\BitLord\lang\lang_th_th.xml
C:\Program Files\BitLord\lang\lang_tr_tr.xml
C:\Program Files\BitLord\lang\lang_va_es.xml
C:\Program Files\BitLord\lang\lang_zh_tw.xml
C:\Program Files\BitLord\rules\ipfilter.dat
C:\Program Files\BitLord\rules\tracker.dat
C:\Program Files\BitLord\Torrents\ micky green - ok.torrent
C:\Program Files\BitLord\Torrents\-Mesrine.L'instinct.de.Mort.TS.FRENCH.LD.KiNG.of.RLZ.avi.torrent
C:\Program Files\BitLord\Torrents\100 Serial Numbers.torrent
C:\Program Files\BitLord\Torrents\21[2008]Xvid-TTS.torrent
C:\Program Files\BitLord\Torrents\24.S07E01.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E02.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E03.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E04.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E05.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E06.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E07.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E08.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E09.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E10.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E11.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E12.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E13.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E14.HDTV.XviD-LOL.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E15.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E16.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E17.Day.7.12.00.A.M.-1.00.A.M.HDTV.XviD-FQM.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E18.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E19.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E20.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E21.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E22.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E23.PREAIR.DVDRip.XviD-TOPAZ.avi.torrent
C:\Program Files\BitLord\Torrents\24.S07E24.PREAIR.DVDRip.XviD-TOPAZ.avi.torrent
C:\Program Files\BitLord\Torrents\88 Minutes.avi.torrent
C:\Program Files\BitLord\Torrents\Accidentally.on.Purpose.S01E01.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Accidentally.on.Purpose.S01E02.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Accidentally.On.Purpose.S01E03.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Accidentally.On.Purpose.S01E04.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Adobe LightRoom 2 Final[h33t][eat me drink me].torrent
C:\Program Files\BitLord\Torrents\Ayo.-.Gravity.At.Last.(2008).R&.B.WwW.Mixermusic.net.torrent
C:\Program Files\BitLord\Torrents\Bambu Station - Break The Soil (Reggae by Manras13).torrent
C:\Program Files\BitLord\Torrents\Because.I.Said.So[2007]DvDrip[Eng]-aXXo.torrent
C:\Program Files\BitLord\Torrents\Before.Sunset.Limited.DVDRiP.XViD-DEiTY.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E01.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E02.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E03.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E03.HDTV.XviD-NoTV.avi[0].torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E04.HDTV.XViD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E05.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E06.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E07.HDTV.XViD-HiQT.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E08.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E09.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E10.HDTV.XViD-HiQT.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E11.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.And.Sisters.S03E12.HDTV.XviD-YesTV.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E13.HDTV.XviD-XOXO.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.And.Sisters.S03E14.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.And.Sisters.S03E15.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E16E17.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E18.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E19.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E20.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E21.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E22.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E23.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S03E24.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Brothers.and.Sisters.S04E01.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Cassius - 15 Again.torrent
C:\Program Files\BitLord\Torrents\Cougar.Town.S01E01.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Cougar.Town.S01E02.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Cougar.Town.S01E03.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Cougar.Town.S01E04.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\David Guetta - One Love (Special Edition) [2009].torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E02.FRENCH.HDTV.XViD-NeigeS.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S04E10 FRENCH.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S04E12 FRENCH.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S04E16 FRENCH HDTV - Apower.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S04E17 FINAL FRENCH HDTV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E04 XVID VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E06 XVID VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E07 XVID VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E08 XVID VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E09 XVID VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E10 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E11 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E12 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E14 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E15 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E17 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E18 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E21 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate Housewives S05E22 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E01.FRENCH.LD.HDTV.XViD-ASC.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E03.FRENCH.LD.HDTV.XViD-ASC.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E04.Les.nuisibles.FRENCH.HDTV.XViD-STG.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E05.Critique.d'art.FRENCH.HDTV.XViD-STG.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E06.FRENCH.HDTV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E07.FRENCH.LD.HDTV.XViD-ASC.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E08.FRENCH.HDTV.XViD-STG.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E09.FRENCH.LD.HDTV.XViD-ASC.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E11.FRENCH.HDTV.XViD-EPZ.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E13.FRENCH.HDTV.XViD-EPZ.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E14.FRENCH.HDTV.XViD-EPZ.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S04E15.PROPER.FRENCH.LD.HDTV.XViD-ASC.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E01.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E01.VOSTFR.FV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E02.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.s05e02.vostfr.FRoggy.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.s05e02.vostfr.FRoggy.avi[0].torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E03.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E03.PROPER.VOSTFR.HDTV.XViD-DRAGONS.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E03.VOSTFR.FV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E04.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E04.HDTV.XviD.VOSTFR-VanVan.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E04.VOSTFR.HDTV.Xvid-GKS.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E05.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E05.VOSTFR.FV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E06.REPACK.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E06.VOSTFR.HDTV.XviD-GKS.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E07.HDTV.XviD-XOXO.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E08.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E09.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E10.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E11.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E12.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E13.HDTV.XviD-XOXO.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E13.VOSTFR.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E14.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E15.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E16.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E16.VOSTFR.HDTV.NatzoX.XviD-GKS.Par.[MeDiA-ArEnA.TK].avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E17.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E18.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E19.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E19.VOSTFR.HDTV.[== titesalope.1s.fr ==].avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E20.HDTV.XviD-XOR.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E20.VOSTFR.HDTV.XviD-XOR.[bon-plan.blog.com].avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E21.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E22.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E22.HDTV.XviD-NoTV.[eztv].[INFO].txt.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E23.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E23.HDTV.XviD-NoTV.[eztv].[INFO].txt.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E24.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Desperate.Housewives.S05E24.HDTV.XviD-NoTV.[eztv].[INFO].txt.torrent
C:\Program Files\BitLord\Torrents\DiskAid_30_Serial.rtf.torrent
C:\Program Files\BitLord\Torrents\Duffy - Rockferry (2008).torrent
C:\Program Files\BitLord\Torrents\ER S15E15 HDTV XviD-LOL.torrent
C:\Program Files\BitLord\Torrents\er.1507.hdtv-lol.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E01.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E03.HDTV.XviD-LOL.torrent
C:\Program Files\BitLord\Torrents\ER.S15E04.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E05.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E06.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E07.HDTV.XviD-LOL.torrent
C:\Program Files\BitLord\Torrents\ER.S15E08.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E08.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E10.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E11.HDTV.XviD-LOL.torrent
C:\Program Files\BitLord\Torrents\ER.S15E13.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E14.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E15.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E16.The.Beginning.of.the.End.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E17.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E18.What.We.Do.HDTV.XviD-FQM.[MFD].avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E20.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E21.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\ER.S15E22.And.In.The.End.HDTV.XviD-FQM.avi.torrent
C:\Program Files\BitLord\Torrents\EXPRESS.DI-GUET.APENS 2.torrent
C:\Program Files\BitLord\Torrents\Ghosts.Of.Girlfriends.Past.TS.XVID-WhoCares.[www.usabit.com].torrent
C:\Program Files\BitLord\Torrents\Gran.Torino.2008.DvDRip-FxM.torrent
C:\Program Files\BitLord\Torrents\Grey's Anatomy S05E08 XviD VOSTFR --Antoine4011--.avi.torrent
C:\Program Files\BitLord\Torrents\Greys Anatomy S05E16 HDTV XviD-2HD[Www.Overget.Com].torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E01E02.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E03.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E04.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E05.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E06.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E07.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E08.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E09.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E10.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E11.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E11.HDTV.XviD-LOL.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E12.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E13.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E14.HDTV.XviD-2HD.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E15.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E17.HDTV.XviD-2HD.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E18.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E19.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E20.HDTV.XviD-XOR.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E21.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E23E24.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S05E23E24.HDTV.XviD-NoTV.[eztv].[INFO].txt.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S06E01E02.HDTV.XviD-NoTV.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Greys.Anatomy.S06E03.HDTV.XviD-2HD.avi.torrent
C:\Program Files\BitLord\Torrents\He just not that into you.CAM,XVID.Prism.torrent
C:\Program Files\BitLord\Torrents\HousewivesDesperate..S05E23.VOST-French.HDTV.ffd-Gillop.avi.torrent
C:\Program Files\BitLord\Torrents\HousewivesDesperate..S05E24.VOST-French.HDTV.ffd-Gillop.avi.torrent
C:\Program Files\BitLord\Torrents\Inglourious.Basterds.2009.DvDRip-FxM.torrent
C:\Program Files\BitLord\Torrents\Inglourious.Basterds.2009.DvDRip-FxM.xml
C:\Program Files\BitLord\Torrents\JACK JOHNSON - DISCOGRAPHY [CHANNEL NEO].torrent
C:\Program Files\BitLord\Torrents\James.Bond.Quantum.of.Solace.2008.PROPER.REPACK.TS.XviD-CiRCLE.torrent
C:\Program Files\BitLord\Torrents\Jason Mraz.torrent
C:\Program Files\BitLord\Torrents\Jason_Mraz-We_Sing_We_Dance_We_Steal_Things-2008(wWw.FiveMP3.CoM).rar.torrent
C:\Program Files\BitLord\Torrents\Kid Cudi vs. Crookers - Day 'N' Nite (!!! NEW DANCE HIT !!! 320kbps).torrent
C:\Program Files\BitLord\Torrents\Lady_GaGa-Poker_Face-Remix_CDM-2008.torrent
C:\Program Files\BitLord\Torrents\le vieux carre.nrg.torrent
C:\Program Files\BitLord\Torrents\Madcon - Beggin (Original Version).mp3.torrent
C:\Program Files\BitLord\Torrents\Mesrine.L'instinct.de.Mort.TS.FRENCH.LD.KiNG.of.RLZ.avi.torrent
C:\Program Files\BitLord\Torrents\Michael Jacksons Memorial Service.torrent
C:\Program Files\BitLord\Torrents\Michael.Jacksons.Last.Days.What.Really.Happened.WS.PDTV.XviD-aAF.torrent
C:\Program Files\BitLord\Torrents\Nina Simone-VeryBest of(with covers) a DHZ.Inc Release.torrent
C:\Program Files\BitLord\Torrents\Noise Ninja 2.1.2 Photoshop Plug-In.zip.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E01.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E02.HDTV.XviD-DOT.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E04.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E05.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E06.HDTV.XviD-iDontLikeFQM.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E07.Messin.With.The.Kid.PROPER.HDTV.XviD-FQM.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E08.Our.Life.Is.Not.A.Movie.or.Maybe.HDTV.XviD-FQM.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E08.Our.Life.Is.Not.A.Movie.or.Maybe.HDTV.XviD-FQM.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E09.HDTV.XViD-YesTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E10.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E11.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E12.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E13.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E14.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E15.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E16.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E17.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E18.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E19.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E20.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E21.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E22.HDTV.XviD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E23.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\One.Tree.Hill.S06E24.Remember.Me.as.a.Time.of.Day.HDTV.XviD-FQM.avi.torrent
C:\Program Files\BitLord\Torrents\P.S.I.Love.You[2007]DvDrip[Eng]-Zeus_Dias.avi.torrent
C:\Program Files\BitLord\Torrents\PictureCode.Noise.Ninja.v2.2.0.for.Adobe.Photoshop.Incl.Keygen-SSG.rar.torrent
C:\Program Files\BitLord\Torrents\Pride.and.Glory.torrent
C:\Program Files\BitLord\Torrents\Prison Break S04E07 HDTV XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E01.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E02.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E03.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E06.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E07.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E08.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E09.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E10.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E11.HDTV.XviD-LOL.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E12.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E13.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E14.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E15.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E16.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E17.REPACK.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E18.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E19.[5 Languages]-Auta.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E20.HDTV.XviD-LOL.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E21.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E21.HDTV.XviD-LOL.[eztv].[INFO].txt.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E22.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Prison.Break.S04E22.HDTV.XviD-LOL.[eztv].[INFO].txt.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E01.HDTV.XViD-DOT.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E02.HDTV.XViD-DOT.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E03.HDTV.XviD-XOR.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E04.HDTV.XViD-DOT.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E05.HDTV.XviD-0TV.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E06.HDTV.XViD-DOT.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E07.HDTV.XviD-2HD.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E08.HDTV.XviD-NoTV.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E09.Know.When.to.Fold.HDTV.XviD-FQM.avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E10.HDTV.XViD-XOR.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E11.HDTV.XviD-XOR.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E12.Homeward.Bound.HDTV.XviD-FQM.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E13.HDTV.XviD-XOXO.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E14.HDTV.XviD-2HD.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E15.HDTV.XviD-XOR.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E16.HDTV.XviD-2HD.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E17.HDTV.XviD-2HD.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E18.HDTV.XviD-NoTV.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E19.HDTV.XviD-NoTV.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E20.HDTV.XviD-NoTV.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E21.HDTV.XviD-0TV.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S02E22.HDTV.XviD-2HD.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Private.Practice.S03E01.HDTV.XviD-NoTV.[VTV].avi.torrent
C:\Program Files\BitLord\Torrents\Public Enemies (2009) TS DivXNL-Team.torrent
C:\Program Files\BitLord\Torrents\Pussycat Dolls - Doll Domination (Deluxe Edition) (2008) and bonus disc s-srg_mrsidhq.torrent
C:\Program Files\BitLord\Torrents\Rihanna - Good Girl Gone Bad [2007] - Full Album + cd covers.torrent
C:\Program Files\BitLord\Torrents\Rihanna-Disturbia[2008].mp3.torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E01.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E01.HDTV.XViD-DOT.avi[0].torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E02.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E03.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E04.HDTV.XviD-0TV.avi.torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E04.HDTV.XviD-NoTV.avi.torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E06.HDTV.XViD-DOT.avi.torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E07.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Samantha.Who.S02E08.HDTV.XviD-XOR.avi.torrent
C:\Program Files\BitLord\Torrents\Silk.2007.LiMiTED.DVDRip.XviD-SVD.torrent
C:\Program Files\BitLord\Torrents\Survivor S18E16 HDTV XviD -XOXO [eztv].torrent
C:\Program Files\BitLord\Torrents\survivor.1801.hdtv.xoxo.avi.torrent
C:\Program Files\BitLord\Torrents\Survivor.S15.Reunion.HDTV.XviD-FQM.avi.torrent
C:\Program Files\BitLord\Torrents\Survivor.S17E02.HDTV.XviD-GNARLY.avi.torrent
C:\Program Files\BitLord\Torrents\Survivor.S17E03.HDTV.XviD-XOXO.avi.torrent
C:\Program Files\BitLord\Torrents\Survivor.S17E04.HDTV.XviD-XOXO.avi.torrent
C:\Program Files\BitLord\Torrents\Survivor.S17E05.HDTV.XviD-GNARLY.avi.torrent
C:\Program Files\BitLord\Torrents\Survivor.S17E06.It.All.Depends.On.The.Pin-Up.Girl.HDTV.XviD-FQM.avi.torrent
C:\Program Files\BitLord\Torrents\Survivor.S17E07.HDTV.XviD-LOL.avi.torrent
C:\Program Files\BitLord\Torrents\Survivor.S17E08.HDTV.XviD-LOL.avi.torrent
0
Réponse 7 / 15
jenny131078 Posted messages 177 Status Membre 2
 
and the second

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A12
USER : Jenny ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
Firewall : ZoneAlarm Firewall 8.0.298.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:41 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:70 Go (Free:22 Go)
E:\ (Local Disk) - NTFS - Total:232 Go (Free:98 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" ( LAST UPDATED : 22-08-2009|18:42 )
Option : [2] ( 29/01/2010|22:30 )

-----------\\ DELETION

Deleting! - C:\Program Files\AskBarDis\zonealarm.ico
Deleting! - C:\Program Files\BitLord\BitLord.exe
Deleting! - C:\Program Files\BitLord\BitLord.url
Deleting! - C:\Program Files\BitLord\BitLord.xml
Deleting! - C:\Program Files\BitLord\Downloads
Deleting! - C:\Program Files\BitLord\Downloads.xml
Deleting! - C:\Program Files\BitLord\lang
Deleting! - C:\Program Files\BitLord\License.txt
Deleting! - C:\Program Files\BitLord\rules
Deleting! - C:\Program Files\BitLord\Torrents
Deleting! - C:\Program Files\BitLord\uninst.exe
Deleting! - C:\WINDOWS\Prefetch\BITLORD.EXE-167C46E2.pf
Deleting! - C:\DOCUME~1\Jenny\MENUDM~1\PROGRA~1\BitLord
Deleting! - C:\DOCUME~1\Jenny\Cookies\jenny@bitlord[2].txt
Deleting! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Deleting! - C:\Program Files\DAEMON Tools Toolbar\Resources
Deleting! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Deleting! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Deleting! - C:\Program Files\AskBarDis
Deleting! - C:\Program Files\BitLord
Deleting! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ File / Folder Search ...

-----------\\ Extensions

(Jenny) - {37E4D8EA-8BDA-4831-8EA1-89053939A250} => pdfdownload
(Jenny) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock
(Jenny) - {4dce973c-25a5-4657-8e37-6c2a85c24a7e} => contactssidebar
(Jenny) - {ada4b710-8346-4b82-8199-5de2b400a6ae} => reminderfox
(Jenny) - {ADA51547-FEF6-4b2c-8D96-EE43BDF53DE0} => vista_mail-2.0-tb

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="https://gamespace.daemon-tools.cc/fra/home"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Search for other infections

No other infections found!

1 - "C:\ToolBar SD\TB_1.txt" - 29/01/2010|22:28 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 29/01/2010|22:33 - Option : [2]

-----------\\ End of report at 22:33:13,37
0
Réponse 8 / 15
jacques.gache Posted messages 34829 Status Contributeur sécurité 1 645
 
OK, continue with option 2 of the toolbar and the hijackthis. Thank you
--
Personally, I may not know much, but if the little I know can help, then
I am happy to share it with you!!
0
Réponse 9 / 15
jenny131078 Posted messages 177 Status Membre 2
 
and the hijackthis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:04, on 29/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe
C:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\xampplite\srvany.exe
c:\xampplite\srvany.exe
C:\XAMPPLite\Apache\bin\apache.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\XAMPPLite\MySQL\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\UsbBoost\TurboHddUsb.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\XAMPPLite\Apache\bin\apache.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Connection Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Detection Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to Bluetooth device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Google &Gears settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Direct Add - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Direct Add in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f2ebae11f979b012.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: doliwampapache - Apache Software Foundation - C:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: doliwampmysqld - Unknown owner - C:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate1c9c8c37fa7e0fa) (gupdate1c9c8c37fa7e0fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lundi Matin Business Apache (LMBApache) - Unknown owner - c:\xampplite\srvany.exe
O23 - Service: Lundi Matin Business MySQL (LMBMySQL) - Unknown owner - c:\xampplite\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13542 bytes
0
Réponse 10 / 15
jacques.gache Posted messages 34829 Status Contributeur sécurité 1 645
 
ok that seems good to me unless you tell me otherwise !!!!

you do the following, open malwarebytes and empty the quarantine.

and you continue with this.

1) Fix the lines

.You close all open programs including the browser. except your antivirus and firewall
.Run HijackThis
.Click on "Do a system scan only"
.Check the following lines:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f2ebae11f979b012.spaces.live.com/PhotoUpload/MsnPUpld.cab

.You click on "Fix Checked"
.You close HijackThis

explanations in pictures: http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

2) run OTCleanIT

Download OTCleanIT from Old Timer.
http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
if this link doesn’t work try this one: http://www.geekstogo.com/forum/files/file/399-ots-oldtimers-system-scanner/
Save the file on your desktop.

Double click " if you are under Vista right-click and run as administrator on " OTCleanit.exe to run it.
Click on CleanUp!.
The software will ask you to start the scan. Accept.

You will be prompted to restart your PC to finish deleting files and also remove OTCleanIT. Accept.

3) run ccleaner with the given settings

download Ccleaner from this address

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

.save it on the desktop
.double-click the file to start the installation
.on the installation window language select French and OK
.click next
.read the license and I accept
.click next
.there you keep only create a shortcut on the desktop and then automatically check for Ccleaner updates
.click install
.click close
.double-click the CCleaner icon to open it
.once opened click on options then advanced
.you uncheck delete only files in the windows temp folder older than 48 hours
.click on cleaner
.click on windows and in the advanced column
.check the first box old data from the prefetch that one
.click on analyze once the analysis is complete
.click on run the cleaner and on the confirmation request OK you will have to do it again once it's done check again by pressing analyze again to be sure there is nothing left
.now click on registry then search for errors
.leave everything checked and click repair selected errors
.it will ask you to save YES
.you give it a name to be able to find it and save
.click on fix all selected errors and on the confirmation request OK
.it deletes and close you check by relaunching search for errors
.you go back to options and you check the box delete only files in the windows temp folder older than 48 hours and on cleaner, windows under advanced you uncheck the first box old data from the prefetch
.you can close Ccleaner

to help if needed tutorial: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

or more here: http://www.lescofofides.fr/forum/viewtopic.php?f=30&t=96

4) if no more problems there remains system restore and 1 or 2 small tips !!!

--
Personally I may not know a lot, but if the little I know can help then,
I am happy to share it with you!!
0
Réponse 11 / 15
jenny131078 Posted messages 177 Status Membre 2
 
I performed all the prescribed actions and everything looks great. I did a quick online scan and everything is normal ;)
0
Réponse 12 / 15
jacques.gache Posted messages 34829 Status Contributeur sécurité 1 645
 
Ok, you only have the system restore left to purge!!!
--
Personally, I might not know much, but if the little I know can help, then
I'm happy to share it with you!!
0
Réponse 13 / 15
jenny131078 Posted messages 177 Status Membre 2
 
Thanks a lot for your help! I'm purging the system restore to create a clean point.
Thanks again and have a good evening ;)
0
Réponse 14 / 15
jacques.gache Posted messages 34829 Status Contributeur sécurité 1 645
 
Okay, and then keep Malwarebytes and use it regularly, but always make sure to update it first!!
And then use CCleaner as a cleaner every time you shut down the PC, or more simply as we do at home where it's automated for this function, and then use it on the registry after every uninstallation of programs.

Otherwise, if you need to purge the system restore, do as explained

After disinfecting, it is useful to delete all system restore points to avoid inadvertently reverting to an infected restore point.

To do this, you need to disable system restore (which will result in deleting all existing restore points) and then re-enable it right after so that Windows continues to create regular backup points.

Delete the old restore points: System Volume Information_restore

(1) Disable System Restore

Click on Start
Right-click on My Computer
Click on Properties
Click on the System Restore tab
Check Disable System Restore on all drives
Click on Apply, When the confirmation message appears,
click on Yes.
Click on OK.

(2) Enable System Restore

Click on Start
Right-click on My Computer
Click on Properties
Click on the System Restore tab
Uncheck Disable System Restore on all drives
Click on Apply, When the confirmation message appears,
click on Yes.
Click on OK.

(3) Create a restore point

.Click on Start
.Click on All Programs
.Click on Accessories
.Click on System Tools
.Click on System Restore
.In the window that opens, check Create a restore point
.Click on Next
.In the Description of the restore point window, give it a clear name so you know what it corresponds to
.Click on Create
.Once the page displays the name and time of your restore point at the top left, close the window

--
Personally, I might not know much, but if what I do know can help, well,
I'm happy to share it with you!!
0
Réponse 15 / 15
jacques.gache Posted messages 34829 Status Contributeur sécurité 1 645
 
Hello, run Malwarebytes

Download Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

. On the page, click on Download Malwarebyte's Anti-Malware
. Save it to the desktop
. Double-click on the downloaded file to start the installation process.
. If the firewall asks for permission to connect for Malwarebytes, accept
. Go to the Scan tab
. Select Run a complete scan
. Click on Scan
. The scan starts.
. At the end of the scan, a message appears: The scan finished normally. Click 'Show Results' to view all found items.
. Click on Ok to proceed.
. If any malware is detected, click on Show Results
. Select all (or leave checked) and click on Remove Selected Malwarebytes will destroy the files and registry keys and put a copy in quarantine.
. Malwarebytes will open Notepad and copy the scan report into it.
. restart the PC if it doesn't do it by itself
. Once restarted, double-click on Malwarebytes
. Go to the Report/Log tab
. Click on it to display it once displayed
. Click on Edit at the top of Notepad, then on Select All
. Click again on Edit and then on Copy and return to the forum and in your response
. Right-click in the reply box and Paste

If you need help, check this tutorial:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
--
 Personally, I may not know much, but if the little I know can help, then,
 I am happy to share it with you!!
-1