Urgent probleme avec antivirus 2009

Résolu
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   -  
 ms241 -
Bonjour,
aidez moi svp a supprimer lanti virus 2009 qui me pourri la vie
je ne suis po capable de telecharger toute les truc mais jai reussi a loader smithfraudfix
A voir également:

83 réponses

Précédent
Réponse 41 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
sa marche
0
Réponse 42 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok

passe le en regardant les explications et post le rapport stp

@+
0
Réponse 43 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
je tenvoie avant le rapporrt de hijackthis
0
Réponse 44 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
gfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:06, on 2008-12-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Magentic\bin\mgapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\SYSTEM32\winsrc.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Netscape Accélérateur\components\NOWImaging.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\meow pure.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [Blue Amok] C:\DOCUME~1\kathleen\APPLIC~1\FREEBI~1\for once.exe
O4 - HKCU\..\Run: [Magentic] C:\Program Files\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mimilie17.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/SmartCouponPrinter/SmartCouponPrinter20080612.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - https://track.vcdc.com/proceed.php?domain=dlv4.com&hash=ef4289cab3b86918ace7ae13e577a00c&u=eyJkb21haW4iOiJkbHY0LmNvbSIsImRvbWFpbl9pZCI6IjI1NTQ1NTUiLCJmb2xkZXJfaWQiOm51bGwsIm1pZCI6IjE1MSIsImZpbHRlcl9pZCI6bnVsbCwiYWR2ZXJ0aXNlcl9pZCI6IjgiLCJ0YXJnZXQiOiJodHRwOlwvXC9tZWxhbnRoaW9zLWFuYS5jb21cL3pjdmlzaXRvclwvNDkyYmIyODItMzYzMS0xMWViLWFhMmItMTI3YTY0ZGFkZTE3XC82MDE5MTczYi02NzVlLTQ4NTItOThmNC1kNGY0N2VkYmI5NzI/Y2FtcGFpZ25pZD00N2Y4Mzc2MC1mMTE4LTExZWEtOWJjOC0wYWMyYmJmNGFkYTciLCJpcF9hZGRyZXNzIjoiOTEuMjA5LjM1LjIxOCIsInR5cGUiOiJqYXZhX3JlZGlyZWN0IiwiYmlkIjoiMC4wMDU1MiJ9
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
comme tu veux
0
Réponse 46 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
maintenant je le fais avec sdfix
0
Réponse 47 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok
0
Réponse 48 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
]SDFix: Version 1.240 [/b]
Run by kathleen on 2008-12-01 at 12:06

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Rootkit Found :
C:\WINDOWS\system32\drivers\TDSSmqlt.sys - Rootkit.Win32.Agent.cku

[b]Name [/b]:
TDSSserv.sys

[b]Path [/b]:
\systemroot\system32\drivers\TDSSmqlt.sys

TDSSserv.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\explorer32.exe - Deleted
C:\WINDOWS\system32\drivers\TDSSmqlt.sys - Deleted
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSMAXT.sys - Deleted
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSMQLT.sys - Deleted
C:\WINDOWS\system32\TDSSoiqh.dll - Deleted
C:\WINDOWS\system32\TDSSlxwp.dll - Deleted
C:\WINDOWS\system32\TDSSnmxh.dll - Deleted
C:\WINDOWS\system32\TDSSsihc.dll - Deleted
C:\WINDOWS\system32\TDSSrhym.dll - Deleted
C:\WINDOWS\SYSTEM32\TDSSLXWP.dll - Deleted
C:\WINDOWS\SYSTEM32\TDSSNRSR.dll - Deleted
C:\WINDOWS\SYSTEM32\TDSSNMXH.dll - Deleted
C:\WINDOWS\SYSTEM32\TDSSRIQP.dll - Deleted
C:\WINDOWS\system32\TDSSbrsr.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSBRSR.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSOSVD.dat - Deleted
C:\WINDOWS\system32\TDSSkpjp.log - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:14:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Disabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Disabled:avginet.exe"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Disabled:GameSpy Arcade"
"C:\\WINDOWS\\SYSTEM32\\lxctcoms.exe"="C:\\WINDOWS\\SYSTEM32\\lxctcoms.exe:*:Disabled:Lexmark Communications System"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\WINDOWS\\SYSTEM32\\muzapp.exe"="C:\\WINDOWS\\SYSTEM32\\muzapp.exe:*:Disabled:MUZ AOD APP player"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 1 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 11 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 26 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0df011c9eb55edb5eb03dafb83d9e142\BIT87.tmp"
Wed 26 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32edc7728b7428dd2a788071a4c31d1a\BIT7F.tmp"
Wed 26 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\70aa70b59a382e611b9b70e6060ee277\BIT77.tmp"
Wed 26 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7dcccc5b489f481a52c50584f0656cad\BIT7E.tmp"
Wed 26 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8dea9f1a41c351f3472747bffaacf3c7\BIT7A.tmp"
Wed 26 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\90db990eb54000c71e20c919a41148fc\BIT81.tmp"
Wed 26 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ebbd0df02cda37ad332b9f16becb5e39\BIT82.tmp"
Wed 26 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f5d7738acf9c48c006cd814026ee1a38\BIT7C.tmp"
Sun 28 Jan 2007 14,826,288 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\04fa8d7e8a14279e2f99b6be37a48ffa\BIT11.tmp"
Wed 18 Jul 2007 4,724,616 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\446e704a3a88dba2b71b3667c8870d4c\BIT14.tmp"
Wed 18 Jul 2007 6,934,488 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dd7f6667f53f0d6f98a097700d69b1a9\BIT12.tmp"

[b]Finished![/b]
0
Réponse 49 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:23, on 2008-12-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Magentic\bin\mgapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Netscape Accélérateur\components\NOWImaging.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\meow pure.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [Blue Amok] C:\DOCUME~1\kathleen\APPLIC~1\FREEBI~1\for once.exe
O4 - HKCU\..\Run: [Magentic] C:\Program Files\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mimilie17.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/SmartCouponPrinter/SmartCouponPrinter20080612.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - https://track.vcdc.com/proceed.php?domain=dlv4.com&hash=ef4289cab3b86918ace7ae13e577a00c&u=eyJkb21haW4iOiJkbHY0LmNvbSIsImRvbWFpbl9pZCI6IjI1NTQ1NTUiLCJmb2xkZXJfaWQiOm51bGwsIm1pZCI6IjE1MSIsImZpbHRlcl9pZCI6bnVsbCwiYWR2ZXJ0aXNlcl9pZCI6IjgiLCJ0YXJnZXQiOiJodHRwOlwvXC9tZWxhbnRoaW9zLWFuYS5jb21cL3pjdmlzaXRvclwvNDkyYmIyODItMzYzMS0xMWViLWFhMmItMTI3YTY0ZGFkZTE3XC82MDE5MTczYi02NzVlLTQ4NTItOThmNC1kNGY0N2VkYmI5NzI/Y2FtcGFpZ25pZD00N2Y4Mzc2MC1mMTE4LTExZWEtOWJjOC0wYWMyYmJmNGFkYTciLCJpcF9hZGRyZXNzIjoiOTEuMjA5LjM1LjIxOCIsInR5cGUiOiJqYXZhX3JlZGlyZWN0IiwiYmlkIjoiMC4wMDU1MiJ9
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
0
Réponse 50 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok bien joué kathleen :)

on continu car tu as d´autres infections :

Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[*]Double-clique sur Lop S&D.exe pour lancer l'installation,
[*]Puis double-clique sur le raccourci Lop S&D présent sur le Bureau.
[*]Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
[*]A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
[*]Enregistre le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt

Tutoriel par Eric71
https://sites.google.com/site/eric71mespages/lop.sd.exe

@+
0
Réponse 51 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
...51
0
Réponse 52 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : kathleen ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:71 Go (Free:46 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 2008-12-01|12:25 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2007-12-23|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
[2008-10-16|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2006-11-11|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-05-27|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[2008-09-15|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-11-26|19:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
[2008-11-05|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[2006-11-09|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
[2008-11-20|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-11-17|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2005-03-10|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2008-11-29|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2006-08-28|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2008-11-30|14:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2006-07-05|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-11-17|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-10-30|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[2005-03-10|08:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2005-03-10|08:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2005-03-10|09:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[2005-03-10|08:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[2005-03-10|09:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2007-12-23|16:54] C:\DOCUME~1\kathleen\APPLIC~1\5400 Series
[2008-10-16|14:02] C:\DOCUME~1\kathleen\APPLIC~1\Adobe
[2006-08-13|14:24] C:\DOCUME~1\kathleen\APPLIC~1\Anuman Interactive
[2006-11-16|20:21] C:\DOCUME~1\kathleen\APPLIC~1\Apple Computer
[2008-10-30|14:02] C:\DOCUME~1\kathleen\APPLIC~1\BloodTies
[2007-08-28|16:16] C:\DOCUME~1\kathleen\APPLIC~1\Corel
[2008-11-26|19:08] C:\DOCUME~1\kathleen\APPLIC~1\free bib
[2006-08-14|14:16] C:\DOCUME~1\kathleen\APPLIC~1\FUJIFILM
[2008-11-20|21:39] C:\DOCUME~1\kathleen\APPLIC~1\gtk-2.0
[2007-01-02|21:40] C:\DOCUME~1\kathleen\APPLIC~1\Help
[2008-11-24|14:01] C:\DOCUME~1\kathleen\APPLIC~1\Identities
[2006-07-23|19:54] C:\DOCUME~1\kathleen\APPLIC~1\LANCITE
[2006-09-26|09:21] C:\DOCUME~1\kathleen\APPLIC~1\Lavasoft
[2006-08-22|10:24] C:\DOCUME~1\kathleen\APPLIC~1\Leadertech
[2007-03-09|21:29] C:\DOCUME~1\kathleen\APPLIC~1\Macromedia
[2008-11-12|08:56] C:\DOCUME~1\kathleen\APPLIC~1\Magic Academy
[2008-11-17|14:44] C:\DOCUME~1\kathleen\APPLIC~1\Microsoft
[2006-08-13|13:17] C:\DOCUME~1\kathleen\APPLIC~1\MSNInstaller
[2006-09-16|11:40] C:\DOCUME~1\kathleen\APPLIC~1\Netscape
[2008-11-24|14:01] C:\DOCUME~1\kathleen\APPLIC~1\Playrix Entertainment
[2007-02-14|18:16] C:\DOCUME~1\kathleen\APPLIC~1\Sonic
[2005-03-10|08:59] C:\DOCUME~1\kathleen\APPLIC~1\Sun
[2005-03-10|09:03] C:\DOCUME~1\kathleen\APPLIC~1\Symantec
[2008-11-27|20:20] C:\DOCUME~1\kathleen\APPLIC~1\WinRAR
[2008-11-24|14:01] C:\DOCUME~1\kathleen\APPLIC~1\Zylom

[2008-05-27|07:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-05-27|07:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-04-25|20:44] C:\DOCUME~1\SEBAST~1\APPLIC~1\5400 Series
[2008-09-15|10:49] C:\DOCUME~1\SEBAST~1\APPLIC~1\Adobe
[2005-03-10|08:37] C:\DOCUME~1\SEBAST~1\APPLIC~1\Identities
[2007-04-27|11:08] C:\DOCUME~1\SEBAST~1\APPLIC~1\Macromedia
[2008-05-27|07:54] C:\DOCUME~1\SEBAST~1\APPLIC~1\Microsoft
[2008-11-28|12:08] C:\DOCUME~1\SEBAST~1\APPLIC~1\PC Tools
[2005-03-10|09:07] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sonic
[2005-03-10|08:59] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sun
[2005-03-10|09:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\Symantec

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-12-01 12:00][--ah-----] C:\WINDOWS\tasks\A810F78A93937416.job
[2008-12-01 10:49][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[2008-11-10 18:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-12-01 12:11][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-05 13:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

( A810F78A93937416.job )=( c:\docume~1\kathleen\applic~1\freebi~1\boobmorewarn.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[2007-07-22|09:24] C:\Program Files\2K Games
[2005-03-10|09:05] C:\Program Files\Adobe
[2008-08-03|16:01] C:\Program Files\Alwil Software
[2005-03-10|08:50] C:\Program Files\Analog Devices
[2006-08-13|14:16] C:\Program Files\Anuman Interactive
[2006-07-24|15:30] C:\Program Files\AxBx
[2008-10-16|15:23] C:\Program Files\BitLord
[2008-11-17|14:54] C:\Program Files\Circle Developement
[2005-03-10|08:37] C:\Program Files\ComPlus Applications
[2008-10-16|15:10] C:\Program Files\Conduit
[2005-03-10|09:00] C:\Program Files\CyberLink
[2008-05-27|08:03] C:\Program Files\Dell Computer
[2008-11-17|13:00] C:\Program Files\eGames
[2007-07-27|11:05] C:\Program Files\Electronic Arts
[2008-11-26|10:05] C:\Program Files\Fichiers communs
[2008-11-30|16:27] C:\Program Files\FindyKill
[2007-03-05|19:07] C:\Program Files\FinePixViewer
[2007-07-21|20:22] C:\Program Files\Firefly Studios
[2008-11-26|19:05] C:\Program Files\free bib
[2008-11-20|14:20] C:\Program Files\Gimp-2.0
[2008-11-30|18:22] C:\Program Files\Google
[2007-03-30|19:11] C:\Program Files\Infogrames
[2008-11-17|13:04] C:\Program Files\InstallShield Installation Information
[2007-12-19|10:42] C:\Program Files\Instant Access
[2005-03-10|09:00] C:\Program Files\Intel
[2008-11-28|08:58] C:\Program Files\Internet Explorer
[2008-09-15|13:04] C:\Program Files\Java
[2008-11-17|12:47] C:\Program Files\Kodak
[2006-09-16|11:38] C:\Program Files\Legacy Interactive
[2007-12-23|16:57] C:\Program Files\Lexmark 5400 Series
[2007-12-23|16:58] C:\Program Files\Lexmark Toolbar
[2008-09-15|12:58] C:\Program Files\LimeWire
[2008-12-01|12:18] C:\Program Files\Lx_cats
[2008-11-20|14:12] C:\Program Files\Magentic
[2007-07-27|11:02] C:\Program Files\Maxis
[2008-11-28|08:50] C:\Program Files\Messenger
[2008-11-17|14:54] C:\Program Files\Messenger Plus! Live
[2006-08-13|14:14] C:\Program Files\Micro Application
[2005-03-10|08:38] C:\Program Files\microsoft frontpage
[2008-08-07|19:51] C:\Program Files\Microsoft Games
[2008-11-22|20:04] C:\Program Files\mIRC
[2007-03-05|19:07] C:\Program Files\Modem Helper
[2007-03-05|19:07] C:\Program Files\Modem On Hold
[2007-07-21|19:47] C:\Program Files\Monte Cristo
[2005-03-10|08:38] C:\Program Files\Movie Maker
[2005-03-10|08:37] C:\Program Files\MSN
[2005-03-10|08:37] C:\Program Files\MSN Gaming Zone
[2006-12-12|03:00] C:\Program Files\MSXML 4.0
[2008-11-17|13:02] C:\Program Files\MyHeritage
[2008-11-29|16:51] C:\Program Files\Mystery Case Files - Prime Suspects
[2008-11-30|14:39] C:\Program Files\Navilog1
[2005-03-10|08:38] C:\Program Files\NetMeeting
[2006-08-24|15:15] C:\Program Files\Netscape
[2005-03-10|09:01] C:\Program Files\Nullsoft
[2005-03-10|08:37] C:\Program Files\Online Services
[2007-07-20|02:01] C:\Program Files\Outlook Express
[2006-07-24|17:14] C:\Program Files\PhotoFiltre
[2008-05-27|08:02] C:\Program Files\PokerStars
[2006-11-11|15:32] C:\Program Files\QuickTime
[2005-03-10|09:01] C:\Program Files\Real
[2006-08-14|13:21] C:\Program Files\REGSHAVE
[2007-07-19|18:24] C:\Program Files\Samsung
[2005-03-10|08:38] C:\Program Files\Services en ligne
[2005-03-10|09:03] C:\Program Files\Sonic
[2008-11-29|16:25] C:\Program Files\Spybot - Search & Destroy
[2008-09-15|19:25] C:\Program Files\Spyware-Secure
[2006-08-28|19:59] C:\Program Files\Symantec
[2008-08-11|19:27] C:\Program Files\The Adventure Company
[2008-11-27|15:45] C:\Program Files\TorrentMan
[2008-12-01|08:49] C:\Program Files\Trend Micro
[2005-03-10|08:38] C:\Program Files\Uninstall Information
[2005-03-10|09:01] C:\Program Files\Viewpoint
[2008-11-17|14:37] C:\Program Files\Windows Live
[2008-11-17|14:38] C:\Program Files\Windows Live Favorites
[2008-11-17|14:38] C:\Program Files\Windows Live Toolbar
[2007-03-05|19:07] C:\Program Files\Windows Media Connect 2
[2007-01-11|22:26] C:\Program Files\Windows Media Player
[2005-03-10|08:37] C:\Program Files\Windows NT
[2005-03-10|08:38] C:\Program Files\WindowsUpdate
[2008-11-27|20:19] C:\Program Files\WinRAR
[2005-03-10|09:05] C:\Program Files\WordPerfect Office 12
[2005-03-10|08:38] C:\Program Files\XEROX
[2008-11-29|16:20] C:\Program Files\Yahoo!
[2008-11-26|09:54] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2006-07-05|20:53] C:\Program Files\Fichiers communs\Adobe
[2008-10-16|14:02] C:\Program Files\Fichiers communs\Adobe AIR
[2005-03-10|09:01] C:\Program Files\Fichiers communs\AOL
[2005-03-10|09:05] C:\Program Files\Fichiers communs\Borland Shared
[2005-03-10|09:05] C:\Program Files\Fichiers communs\Corel
[2007-07-22|09:23] C:\Program Files\Fichiers communs\InstallShield
[2005-03-10|08:59] C:\Program Files\Fichiers communs\Java
[2008-11-17|14:38] C:\Program Files\Fichiers communs\Microsoft Shared
[2005-03-10|08:37] C:\Program Files\Fichiers communs\MSSoap
[2005-03-10|08:37] C:\Program Files\Fichiers communs\ODBC
[2008-11-26|10:05] C:\Program Files\Fichiers communs\PC Tools
[2005-03-10|09:01] C:\Program Files\Fichiers communs\Real
[2005-03-10|08:37] C:\Program Files\Fichiers communs\Services
[2005-03-10|09:03] C:\Program Files\Fichiers communs\Sonic
[2005-03-10|08:37] C:\Program Files\Fichiers communs\SpeechEngines
[2007-07-20|02:01] C:\Program Files\Fichiers communs\System
[2008-11-17|14:36] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-11-17|11:47] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 42 Processes )

IEXPLORE.EXE ~ [PID:1128]
IEXPLORE.EXE ~ [PID:1312]
iexplore.exe ~ [PID:2620]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\meow pure.exe
C:\DOCUME~1\kathleen\APPLIC~1\freebi~1
C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\boob more warn.exe
C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\for once.exe
C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\Itchwipefilecoal.exe
C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\rjonujgy.exe
C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\tybxfvdk.exe
C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\wqdoqafa.exe
C:\Program Files\freebi~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\WINDOWS\Tasks\A810F78A93937416.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Blue Amok"="C:\\DOCUME~1\\kathleen\\APPLIC~1\\FREEBI~1\\for once.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Love default global mess"="C:\\Documents and Settings\\All Users\\Application Data\\great coal love default\\meow pure.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:26:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 277

--------------------\\ Recherche d'autres infections

C:\Program Files\Instant Access
C:\Program Files\Instant Access\Center
C:\Program Files\Instant Access\Dialer
C:\WINDOWS\Pack.epk

C:\WINDOWS\System32\iwrnyv.dat
C:\WINDOWS\System32\iwrnyv_nav.dat
C:\WINDOWS\System32\iwrnyv_navps.dat
C:\WINDOWS\System32\oeuau.dat
C:\WINDOWS\System32\oeuau.exe
C:\WINDOWS\System32\oeuau_nav.dat
C:\WINDOWS\System32\oeuau_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]

--------------------\\ ROGUES ..

C:\PROGRA~1\Spyware-Secure

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSScfum.dll
C:\WINDOWS\system32\TDSSfxmp.dll
C:\WINDOWS\system32\TDSSofxh.dll
C:\WINDOWS\system32\TDSStkdv.log



[F:11][D:4]-> C:\DOCUME~1\kathleen\LOCALS~1\Temp
[F:17][D:0]-> C:\DOCUME~1\kathleen\Cookies
[F:357][D:15]-> C:\DOCUME~1\kathleen\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-12-01|12:27 - Option : [1]

--------------------\\ Fin du rapport a 12:27:45
0
Réponse 53 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
bon c´est pas encore ca avec les tdss

passe l´option 2 de lopsd puis

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post egalement le rapport de lopsd option 2

@+
0
Réponse 54 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : kathleen ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:71 Go (Free:46 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 2008-12-01|12:33 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\meow pure.exe
Supprime! - C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\boob more warn.exe
Supprime! - C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\for once.exe
Supprime! - C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\Itchwipefilecoal.exe
Supprime! - C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\rjonujgy.exe
Supprime! - C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\tybxfvdk.exe
Supprime! - C:\DOCUME~1\kathleen\APPLIC~1\freebi~1\wqdoqafa.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\WINDOWS\Tasks\A810F78A93937416.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
Supprime! - C:\DOCUME~1\kathleen\APPLIC~1\freebi~1
Supprime! - C:\Program Files\freebi~1
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[2007-12-23|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
[2008-10-16|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2006-11-11|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-05-27|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[2008-09-15|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-11-05|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[2006-11-09|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
[2008-11-20|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-11-17|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2005-03-10|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[2008-11-29|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2006-08-28|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2008-11-30|14:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2006-07-05|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-11-17|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-10-30|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[2005-03-10|08:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2005-03-10|08:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2005-03-10|09:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[2005-03-10|08:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[2005-03-10|09:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[2007-12-23|16:54] C:\DOCUME~1\kathleen\APPLIC~1\5400 Series
[2008-10-16|14:02] C:\DOCUME~1\kathleen\APPLIC~1\Adobe
[2006-08-13|14:24] C:\DOCUME~1\kathleen\APPLIC~1\Anuman Interactive
[2006-11-16|20:21] C:\DOCUME~1\kathleen\APPLIC~1\Apple Computer
[2008-10-30|14:02] C:\DOCUME~1\kathleen\APPLIC~1\BloodTies
[2007-08-28|16:16] C:\DOCUME~1\kathleen\APPLIC~1\Corel
[2006-08-14|14:16] C:\DOCUME~1\kathleen\APPLIC~1\FUJIFILM
[2008-11-20|21:39] C:\DOCUME~1\kathleen\APPLIC~1\gtk-2.0
[2007-01-02|21:40] C:\DOCUME~1\kathleen\APPLIC~1\Help
[2008-11-24|14:01] C:\DOCUME~1\kathleen\APPLIC~1\Identities
[2006-07-23|19:54] C:\DOCUME~1\kathleen\APPLIC~1\LANCITE
[2006-09-26|09:21] C:\DOCUME~1\kathleen\APPLIC~1\Lavasoft
[2006-08-22|10:24] C:\DOCUME~1\kathleen\APPLIC~1\Leadertech
[2007-03-09|21:29] C:\DOCUME~1\kathleen\APPLIC~1\Macromedia
[2008-11-12|08:56] C:\DOCUME~1\kathleen\APPLIC~1\Magic Academy
[2008-11-17|14:44] C:\DOCUME~1\kathleen\APPLIC~1\Microsoft
[2006-08-13|13:17] C:\DOCUME~1\kathleen\APPLIC~1\MSNInstaller
[2006-09-16|11:40] C:\DOCUME~1\kathleen\APPLIC~1\Netscape
[2008-11-24|14:01] C:\DOCUME~1\kathleen\APPLIC~1\Playrix Entertainment
[2007-02-14|18:16] C:\DOCUME~1\kathleen\APPLIC~1\Sonic
[2005-03-10|08:59] C:\DOCUME~1\kathleen\APPLIC~1\Sun
[2005-03-10|09:03] C:\DOCUME~1\kathleen\APPLIC~1\Symantec
[2008-11-27|20:20] C:\DOCUME~1\kathleen\APPLIC~1\WinRAR
[2008-11-24|14:01] C:\DOCUME~1\kathleen\APPLIC~1\Zylom

[2008-05-27|07:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-05-27|07:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-04-25|20:44] C:\DOCUME~1\SEBAST~1\APPLIC~1\5400 Series
[2008-09-15|10:49] C:\DOCUME~1\SEBAST~1\APPLIC~1\Adobe
[2005-03-10|08:37] C:\DOCUME~1\SEBAST~1\APPLIC~1\Identities
[2007-04-27|11:08] C:\DOCUME~1\SEBAST~1\APPLIC~1\Macromedia
[2008-05-27|07:54] C:\DOCUME~1\SEBAST~1\APPLIC~1\Microsoft
[2008-11-28|12:08] C:\DOCUME~1\SEBAST~1\APPLIC~1\PC Tools
[2005-03-10|09:07] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sonic
[2005-03-10|08:59] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sun
[2005-03-10|09:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\Symantec

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-12-01 10:49][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[2008-11-10 18:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-12-01 12:11][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-05 13:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing des dossiers dans C:\Program Files

[2007-07-22|09:24] C:\Program Files\2K Games
[2005-03-10|09:05] C:\Program Files\Adobe
[2008-08-03|16:01] C:\Program Files\Alwil Software
[2005-03-10|08:50] C:\Program Files\Analog Devices
[2006-08-13|14:16] C:\Program Files\Anuman Interactive
[2006-07-24|15:30] C:\Program Files\AxBx
[2008-10-16|15:23] C:\Program Files\BitLord
[2005-03-10|08:37] C:\Program Files\ComPlus Applications
[2008-10-16|15:10] C:\Program Files\Conduit
[2005-03-10|09:00] C:\Program Files\CyberLink
[2008-05-27|08:03] C:\Program Files\Dell Computer
[2008-11-17|13:00] C:\Program Files\eGames
[2007-07-27|11:05] C:\Program Files\Electronic Arts
[2008-11-26|10:05] C:\Program Files\Fichiers communs
[2008-11-30|16:27] C:\Program Files\FindyKill
[2007-03-05|19:07] C:\Program Files\FinePixViewer
[2007-07-21|20:22] C:\Program Files\Firefly Studios
[2008-11-20|14:20] C:\Program Files\Gimp-2.0
[2008-11-30|18:22] C:\Program Files\Google
[2007-03-30|19:11] C:\Program Files\Infogrames
[2008-11-17|13:04] C:\Program Files\InstallShield Installation Information
[2007-12-19|10:42] C:\Program Files\Instant Access
[2005-03-10|09:00] C:\Program Files\Intel
[2008-11-28|08:58] C:\Program Files\Internet Explorer
[2008-09-15|13:04] C:\Program Files\Java
[2008-11-17|12:47] C:\Program Files\Kodak
[2006-09-16|11:38] C:\Program Files\Legacy Interactive
[2007-12-23|16:57] C:\Program Files\Lexmark 5400 Series
[2007-12-23|16:58] C:\Program Files\Lexmark Toolbar
[2008-09-15|12:58] C:\Program Files\LimeWire
[2008-12-01|12:18] C:\Program Files\Lx_cats
[2008-11-20|14:12] C:\Program Files\Magentic
[2007-07-27|11:02] C:\Program Files\Maxis
[2008-11-28|08:50] C:\Program Files\Messenger
[2008-11-17|14:54] C:\Program Files\Messenger Plus! Live
[2006-08-13|14:14] C:\Program Files\Micro Application
[2005-03-10|08:38] C:\Program Files\microsoft frontpage
[2008-08-07|19:51] C:\Program Files\Microsoft Games
[2008-11-22|20:04] C:\Program Files\mIRC
[2007-03-05|19:07] C:\Program Files\Modem Helper
[2007-03-05|19:07] C:\Program Files\Modem On Hold
[2007-07-21|19:47] C:\Program Files\Monte Cristo
[2005-03-10|08:38] C:\Program Files\Movie Maker
[2005-03-10|08:37] C:\Program Files\MSN
[2005-03-10|08:37] C:\Program Files\MSN Gaming Zone
[2006-12-12|03:00] C:\Program Files\MSXML 4.0
[2008-11-17|13:02] C:\Program Files\MyHeritage
[2008-11-29|16:51] C:\Program Files\Mystery Case Files - Prime Suspects
[2008-11-30|14:39] C:\Program Files\Navilog1
[2005-03-10|08:38] C:\Program Files\NetMeeting
[2006-08-24|15:15] C:\Program Files\Netscape
[2005-03-10|09:01] C:\Program Files\Nullsoft
[2005-03-10|08:37] C:\Program Files\Online Services
[2007-07-20|02:01] C:\Program Files\Outlook Express
[2006-07-24|17:14] C:\Program Files\PhotoFiltre
[2008-05-27|08:02] C:\Program Files\PokerStars
[2006-11-11|15:32] C:\Program Files\QuickTime
[2005-03-10|09:01] C:\Program Files\Real
[2006-08-14|13:21] C:\Program Files\REGSHAVE
[2007-07-19|18:24] C:\Program Files\Samsung
[2005-03-10|08:38] C:\Program Files\Services en ligne
[2005-03-10|09:03] C:\Program Files\Sonic
[2008-11-29|16:25] C:\Program Files\Spybot - Search & Destroy
[2008-09-15|19:25] C:\Program Files\Spyware-Secure
[2006-08-28|19:59] C:\Program Files\Symantec
[2008-08-11|19:27] C:\Program Files\The Adventure Company
[2008-11-27|15:45] C:\Program Files\TorrentMan
[2008-12-01|08:49] C:\Program Files\Trend Micro
[2005-03-10|08:38] C:\Program Files\Uninstall Information
[2008-11-17|14:37] C:\Program Files\Windows Live
[2008-11-17|14:38] C:\Program Files\Windows Live Favorites
[2008-11-17|14:38] C:\Program Files\Windows Live Toolbar
[2007-03-05|19:07] C:\Program Files\Windows Media Connect 2
[2007-01-11|22:26] C:\Program Files\Windows Media Player
[2005-03-10|08:37] C:\Program Files\Windows NT
[2005-03-10|08:38] C:\Program Files\WindowsUpdate
[2008-11-27|20:19] C:\Program Files\WinRAR
[2005-03-10|09:05] C:\Program Files\WordPerfect Office 12
[2005-03-10|08:38] C:\Program Files\XEROX
[2008-11-29|16:20] C:\Program Files\Yahoo!
[2008-11-26|09:54] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2006-07-05|20:53] C:\Program Files\Fichiers communs\Adobe
[2008-10-16|14:02] C:\Program Files\Fichiers communs\Adobe AIR
[2005-03-10|09:01] C:\Program Files\Fichiers communs\AOL
[2005-03-10|09:05] C:\Program Files\Fichiers communs\Borland Shared
[2005-03-10|09:05] C:\Program Files\Fichiers communs\Corel
[2007-07-22|09:23] C:\Program Files\Fichiers communs\InstallShield
[2005-03-10|08:59] C:\Program Files\Fichiers communs\Java
[2008-11-17|14:38] C:\Program Files\Fichiers communs\Microsoft Shared
[2005-03-10|08:37] C:\Program Files\Fichiers communs\MSSoap
[2005-03-10|08:37] C:\Program Files\Fichiers communs\ODBC
[2008-11-26|10:05] C:\Program Files\Fichiers communs\PC Tools
[2005-03-10|09:01] C:\Program Files\Fichiers communs\Real
[2005-03-10|08:37] C:\Program Files\Fichiers communs\Services
[2005-03-10|09:03] C:\Program Files\Fichiers communs\Sonic
[2005-03-10|08:37] C:\Program Files\Fichiers communs\SpeechEngines
[2007-07-20|02:01] C:\Program Files\Fichiers communs\System
[2008-11-17|14:36] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-11-17|11:47] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 39 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:34:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 277

--------------------\\ Recherche d'autres infections

C:\Program Files\Instant Access
C:\Program Files\Instant Access\Center
C:\Program Files\Instant Access\Dialer
C:\WINDOWS\Pack.epk

C:\WINDOWS\System32\iwrnyv.dat
C:\WINDOWS\System32\iwrnyv_nav.dat
C:\WINDOWS\System32\iwrnyv_navps.dat
C:\WINDOWS\System32\oeuau.dat
C:\WINDOWS\System32\oeuau.exe
C:\WINDOWS\System32\oeuau_nav.dat
C:\WINDOWS\System32\oeuau_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]

--------------------\\ ROGUES ..

C:\PROGRA~1\Spyware-Secure

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSScfum.dll
C:\WINDOWS\system32\TDSSfxmp.dll
C:\WINDOWS\system32\TDSSofxh.dll
C:\WINDOWS\system32\TDSStkdv.log



[F:11][D:4]-> C:\DOCUME~1\kathleen\LOCALS~1\Temp
[F:17][D:0]-> C:\DOCUME~1\kathleen\Cookies
[F:361][D:15]-> C:\DOCUME~1\kathleen\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-12-01|12:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2008-12-01|12:35 - Option : [2]

--------------------\\ Fin du rapport a 12:35:33
0
Réponse 55 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok

passe combofix maintenant
0
Réponse 56 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
ComboFix 08-11-30.02 - kathleen 2008-12-01 12:41:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.254 [GMT -5:00]
Lancé depuis: c:\documents and settings\kathleen\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kathleen\Menu Démarrer\crazy girls.lnk
c:\documents and settings\kathleen\Menu Démarrer\NOCREDITCARD.lnk
c:\program files\instant access
c:\program files\instant access\Center\Crazy Girls.upd
c:\program files\instant access\Center\GAMES-DESKTOP.upd
c:\program files\instant access\Center\LastSoftwares.upd
c:\program files\instant access\Center\NoCreditCard.upd
c:\program files\instant access\Center\SerialPlayer.upd
c:\program files\instant access\Center\Videozapping.upd
c:\program files\instant access\Dialer\1023531327\fp.pc-on-internet.com\50325\images\licencebackgr.png
c:\program files\instant access\Dialer\1023531327\fp.pc-on-internet.com\50325\images\openframe.png
c:\program files\instant access\Dialer\1023531327\fp.pc-on-internet.com\50325\imatges.js
c:\program files\instant access\Dialer\1023531327\fp.pc-on-internet.com\7a734eed873c112e54090ce03e9d4fb7.html
c:\program files\instant access\Dialer\1023531327\fp.pc-on-internet.com\7a734eed873c112e54090ce03e9d4fb7.html_0.loginvis
c:\program files\instant access\Dialer\1023531327\us2-external-api.dlv4.com\js\8106c40e1ccdc13f9f553870d8d737fa
c:\program files\instant access\Dialer\1023531327\us2-www.0texkax7c6hzuidk.com\Common\274b4f42728b8ad1d0e266c8d81214bf.html
c:\program files\instant access\Dialer\1023531327\us2-www.0texkax7c6hzuidk.com\custom\4291\EN\button1.gif
c:\program files\instant access\Dialer\1023531327\us2-www.0texkax7c6hzuidk.com\custom\4291\EN\button2.gif
c:\program files\instant access\Dialer\1023531327\us2-www.0texkax7c6hzuidk.com\custom\4291\EN\button3.gif
c:\program files\instant access\Dialer\1023531327\us2-www.0texkax7c6hzuidk.com\custom\4291\EN\button4.gif
c:\program files\instant access\Dialer\1023531327\VIDEOZAPPING.lnk
c:\program files\instant access\Dialer\1035948659\external-api.dlv4.com\hits\840b94bd3086432a224ba3a1292aebea
c:\program files\instant access\Dialer\1035948659\external-api.dlv4.com\js\74693b043b04775e0c7f59ee763d1ca9
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html
c:\program files\instant access\Dialer\1035948659\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html_0.loginvis
c:\program files\instant access\Dialer\1043785219\Crazy Girls.lnk
c:\program files\instant access\Dialer\1043785219\fp.pc-on-internet.com\3b5ce562f004b2b3a0e53d0d86b66970.html
c:\program files\instant access\Dialer\1043785219\fp.pc-on-internet.com\3b5ce562f004b2b3a0e53d0d86b66970.html_0.loginvis
c:\program files\instant access\Dialer\1043785219\fp.pc-on-internet.com\50284\images\background.gif
c:\program files\instant access\Dialer\1043785219\fp.pc-on-internet.com\50284\images\FR\index_02.jpg
c:\program files\instant access\Dialer\1043785219\fp.pc-on-internet.com\50284\images\index_01.jpg
c:\program files\instant access\Dialer\1043785219\fp.pc-on-internet.com\50284\images\index_03.jpg
c:\program files\instant access\Dialer\1043785219\us2-external-api.dlv4.com\js\[u]0[/u]0e79ec3b510c3b474aad895585edeed
c:\program files\instant access\Dialer\1043785219\us2-www.0texkax7c6hzuidk.com\Common\fe4d3360a8f113deaa15d192109a5446.html
c:\program files\instant access\Dialer\1043785219\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\1043785219\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\1043785219\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\1043785219\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\1082472493\external-api.dlv4.com\hits\dce4d2197b3c1fa5bc55f246f5cfe589
c:\program files\instant access\Dialer\1082472493\external-api.dlv4.com\js\3c3c2c28443f5f1b665521fcee5ea08c
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\a03d45190e177d2b08f125795cafc424.html
c:\program files\instant access\Dialer\1082472493\fp.pc-on-internet.com\a03d45190e177d2b08f125795cafc424.html_0.loginvis
c:\program files\instant access\Dialer\1082472493\LastSoftwares.lnk
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\375578c7aeb380aa5edabf405c625b4e.html
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\375578c7aeb380aa5edabf405c625b4e.html_0.loginvis
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\50289\images\background.gif
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\50289\images\FR\index_01.gif
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\50289\images\FR\index_02.gif
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\50289\images\index_03.jpg
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\50289\images\index_04.jpg
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\50289\images\index_06.jpg
c:\program files\instant access\Dialer\108553727\fp.pc-on-internet.com\50289\images\index_07.gif
c:\program files\instant access\Dialer\108553727\us2-external-api.dlv4.com\js\6a56a7ff2eafc9a9636cefe9e6a70e12
c:\program files\instant access\Dialer\108553727\us2-www.0texkax7c6hzuidk.com\Common\6a73f509ad1c0a63fea7ea7e70613148.html
c:\program files\instant access\Dialer\108553727\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\108553727\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\108553727\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\108553727\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\1132837441\external-api.dlv4.com\hits\44bb8b27799d0f572aa473c5b193bd02
c:\program files\instant access\Dialer\1132837441\external-api.dlv4.com\js\af682071e57c6ce13901a4cc6ab74202
c:\program files\instant access\Dialer\1132837441\fp.pc-on-internet.com\30400bffa0cb4e7f711da99be9d80656.html
c:\program files\instant access\Dialer\1132837441\fp.pc-on-internet.com\30400bffa0cb4e7f711da99be9d80656.html_0.loginvis
c:\program files\instant access\Dialer\1132837441\fp.pc-on-internet.com\50268\images\bckg.gif
c:\program files\instant access\Dialer\1132837441\fp.pc-on-internet.com\50268\images\button.gif
c:\program files\instant access\Dialer\1132837441\fp.pc-on-internet.com\50268\images\index_01.gif
c:\program files\instant access\Dialer\1132837441\SerialPlayer.lnk
c:\program files\instant access\Dialer\113716963\external-api.dlv4.com\hits\9e00795e86f321b7af747714e003940d
c:\program files\instant access\Dialer\113716963\external-api.dlv4.com\js\aeacca170c9c3b3861d8987ee4a8113d
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\ebf62c63c9d1b10489dc2833796e41ff.html
c:\program files\instant access\Dialer\113716963\fp.pc-on-internet.com\ebf62c63c9d1b10489dc2833796e41ff.html_0.loginvis
c:\program files\instant access\Dialer\113716963\LastSoftwares.lnk
c:\program files\instant access\Dialer\1172797098\external-api.dlv4.com\hits\4954da4b523aca7e1b8a869178bb3b71
c:\program files\instant access\Dialer\1172797098\external-api.dlv4.com\js\ef4e39957ad58920c55ef27c9a929871
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\50268\images\bckg.gif
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\50268\images\button.gif
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\50268\images\index_01.gif
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\50268\images\index_02.gif
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\50268\images\index_03.jpg
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\50268\images\index_04.jpg
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\50268\images\index_06.jpg
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\50268\images\product.ico
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\a4fdbccbb671556907f928c7b4c83e57.html
c:\program files\instant access\Dialer\1172797098\fp.pc-on-internet.com\a4fdbccbb671556907f928c7b4c83e57.html_0.loginvis
c:\program files\instant access\Dialer\158451583\fp.pc-on-internet.com\50258\images\background.gif
c:\program files\instant access\Dialer\158451583\fp.pc-on-internet.com\50258\images\FR\index_01.jpg
c:\program files\instant access\Dialer\158451583\fp.pc-on-internet.com\50258\images\FR\index_02.jpg
c:\program files\instant access\Dialer\158451583\fp.pc-on-internet.com\50258\images\FR\index_03.jpg
c:\program files\instant access\Dialer\158451583\fp.pc-on-internet.com\b37c7790dfa81f5a57d789dfe9110283.html
c:\program files\instant access\Dialer\158451583\fp.pc-on-internet.com\b37c7790dfa81f5a57d789dfe9110283.html_0.loginvis
c:\program files\instant access\Dialer\158451583\us2-external-api.dlv4.com\js\d54e3f2e1b9f26241765d09102449a7e
c:\program files\instant access\Dialer\158451583\us2-www.0texkax7c6hzuidk.com\Common\[u]0[/u]15824c8ba83dc592f4a0e7e4396bda9.html
c:\program files\instant access\Dialer\158451583\Videozapping.lnk
c:\program files\instant access\Dialer\211857230\external-api.dlv4.com\hits\9a12735bde4fa2d8c63c3d9092509bb8
c:\program files\instant access\Dialer\211857230\external-api.dlv4.com\js\3c3c2c28443f5f1b665521fcee5ea08c
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\a03d45190e177d2b08f125795cafc424.html
c:\program files\instant access\Dialer\211857230\fp.pc-on-internet.com\a03d45190e177d2b08f125795cafc424.html_0.loginvis
c:\program files\instant access\Dialer\220593889\external-api.dlv4.com\hits\ecec08212795c53b5f31d21c1b8852fd
c:\program files\instant access\Dialer\220593889\external-api.dlv4.com\js\af682071e57c6ce13901a4cc6ab74202
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\50268\images\bckg.gif
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\50268\images\button.gif
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\50268\images\index_01.gif
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\50268\images\index_02.gif
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\50268\images\index_03.jpg
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\50268\images\index_04.jpg
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\50268\images\index_06.jpg
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\a35d37fee659c3b9cc3c98133ae26e27.html
c:\program files\instant access\Dialer\220593889\fp.pc-on-internet.com\a35d37fee659c3b9cc3c98133ae26e27.html_0.loginvis
c:\program files\instant access\Dialer\234255671\Crazy Girls.lnk
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\50289\images\background.gif
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\50289\images\FR\index_01.gif
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\50289\images\FR\index_02.gif
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\50289\images\index_03.jpg
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\50289\images\index_04.jpg
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\50289\images\index_06.jpg
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\50289\images\index_07.gif
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\b13b6a1a4042e3634cab559ae9c771a8.html
c:\program files\instant access\Dialer\234255671\fp.pc-on-internet.com\b13b6a1a4042e3634cab559ae9c771a8.html_0.loginvis
c:\program files\instant access\Dialer\234255671\us2-external-api.dlv4.com\js\bd3f6cbf7bdc254dd22514f425713f58
c:\program files\instant access\Dialer\234255671\us2-www.0texkax7c6hzuidk.com\Common\f8591b48b49fe98c1ef93d18f8c4cbe0.html
c:\program files\instant access\Dialer\234255671\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\234255671\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\234255671\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\234255671\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\234255671\www.rapid-pass.net\10182c9ab299ce656ff1f4edf14cff27_
c:\program files\instant access\Dialer\301115274\fp.pc-on-internet.com\334e389bb0b9fce57c243f72b8e20e45.html
c:\program files\instant access\Dialer\301115274\fp.pc-on-internet.com\334e389bb0b9fce57c243f72b8e20e45.html_0.loginvis
c:\program files\instant access\Dialer\301115274\fp.pc-on-internet.com\50226\images\background.gif
c:\program files\instant access\Dialer\301115274\fp.pc-on-internet.com\50226\images\FR\index_03.jpg
c:\program files\instant access\Dialer\301115274\fp.pc-on-internet.com\50226\images\index_01.jpg
c:\program files\instant access\Dialer\301115274\fp.pc-on-internet.com\50226\images\index_02.jpg
c:\program files\instant access\Dialer\301115274\us2-external-api.dlv4.com\js\d130d7b9f1f8f8a9d9e366bce0b3387d
c:\program files\instant access\Dialer\301115274\us2-www.0texkax7c6hzuidk.com\Common\1509c5148113bc90a737a49103ba79e2.html
c:\program files\instant access\Dialer\301115274\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\301115274\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\301115274\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\301115274\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\387591819\access.rapid-pass.net\18e7233b7f82e719a5386b12669cbc21.html
c:\program files\instant access\Dialer\387591819\access.rapid-pass.net\18e7233b7f82e719a5386b12669cbc21.html_0.loginvis
c:\program files\instant access\Dialer\387591819\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\FR\index_r1_c2.gif
c:\program files\instant access\Dialer\387591819\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\FR\index_r4_c2.gif
c:\program files\instant access\Dialer\387591819\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\index_r1_c1.jpg
c:\program files\instant access\Dialer\387591819\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\index_r1_c3.jpg
c:\program files\instant access\Dialer\387591819\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\index_r3_c2.jpg
c:\program files\instant access\Dialer\387591819\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\index_r3_c3.gif
c:\program files\instant access\Dialer\387591819\us2-external-api.dlv4.com\js\d60d67695262dfd8a59eea690ecb1c28
c:\program files\instant access\Dialer\387591819\us2-scripts.downloadv3.com\Common\53b084f87cb1040981c3eae71d580e2f.html
c:\program files\instant access\Dialer\387591819\us2-scripts.downloadv3.com\custom\2140\EN\button3.gif
c:\program files\instant access\Dialer\403872211\external-api.dlv4.com\hits\[u]0[/u]2389bbf7e84a89fe278590e1c69bd1c
c:\program files\instant access\Dialer\403872211\external-api.dlv4.com\js\3c3c2c28443f5f1b665521fcee5ea08c
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\a03d45190e177d2b08f125795cafc424.html
c:\program files\instant access\Dialer\403872211\fp.pc-on-internet.com\a03d45190e177d2b08f125795cafc424.html_0.loginvis
c:\program files\instant access\Dialer\403872211\LastSoftwares.lnk
c:\program files\instant access\Dialer\408245901\us2-external-api.dlv4.com\js\4e8c74a20c9007b1974caa77bcf7f6be
c:\program files\instant access\Dialer\408245901\us2-www.0texkax7c6hzuidk.com\Common\725134215fde9f7e38a19f5473ecf34d.html
c:\program files\instant access\Dialer\408245901\us2-www.0texkax7c6hzuidk.com\Common\725134215fde9f7e38a19f5473ecf34d.html_0.loginvis
c:\program files\instant access\Dialer\408245901\us2-www.0texkax7c6hzuidk.com\custom\4336\FR\button1.gif
c:\program files\instant access\Dialer\408245901\us2-www.0texkax7c6hzuidk.com\custom\4336\FR\button2.gif
c:\program files\instant access\Dialer\408245901\us2-www.0texkax7c6hzuidk.com\custom\4336\FR\button3.gif
c:\program files\instant access\Dialer\408245901\us2-www.0texkax7c6hzuidk.com\custom\4336\FR\button4.gif
c:\program files\instant access\Dialer\416757828\Crazy Girls.lnk
c:\program files\instant access\Dialer\416757828\fp.gad-network.com\30d99a36acff7169880bcbef83727b0e.html
c:\program files\instant access\Dialer\416757828\fp.gad-network.com\30d99a36acff7169880bcbef83727b0e.html_0.loginvis
c:\program files\instant access\Dialer\416757828\fp.gad-network.com\50252\images\FR\index_01.gif
c:\program files\instant access\Dialer\416757828\fp.gad-network.com\50252\images\FR\index_02.gif
c:\program files\instant access\Dialer\416757828\fp.gad-network.com\50252\images\index_03.jpg
c:\program files\instant access\Dialer\416757828\fp.gad-network.com\50252\images\index_05.gif
c:\program files\instant access\Dialer\416757828\fp.gad-network.com\50252\images\index_06.jpg
c:\program files\instant access\Dialer\416757828\us2-external-api.dlv4.com\js\fab04b01c587ee0153b62f0ee562d73e
c:\program files\instant access\Dialer\416757828\us2-www.0texkax7c6hzuidk.com\Common\62015ba657289106de98fa1126a95450.html
c:\program files\instant access\Dialer\416757828\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\416757828\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\416757828\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\416757828\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\427438990\external-api.dlv4.com\hits\7dfd0cd0d66351d82703b0f066d2704f
c:\program files\instant access\Dialer\427438990\external-api.dlv4.com\js\74693b043b04775e0c7f59ee763d1ca9
c:\program files\instant access\Dialer\427438990\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\427438990\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\427438990\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\427438990\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\427438990\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\427438990\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html
c:\program files\instant access\Dialer\427438990\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html_0.loginvis
c:\program files\instant access\Dialer\427438990\LastSoftwares.lnk
c:\program files\instant access\Dialer\485432171\Crazy Girls.lnk
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\50291\images\background.gif
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\50291\images\FR\index_01.gif
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\50291\images\FR\index_02.gif
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\50291\images\index_03.jpg
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\50291\images\index_04.jpg
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\50291\images\index_06.jpg
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\50291\images\index_07.jpg
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\5c8ed4b785652ea02194439b0ae4aedc.html
c:\program files\instant access\Dialer\485432171\fp.pc-on-internet.com\5c8ed4b785652ea02194439b0ae4aedc.html_0.loginvis
c:\program files\instant access\Dialer\485432171\us2-external-api.dlv4.com\js\8ede4645f1f2a97e6893faf61491b3c7
c:\program files\instant access\Dialer\485432171\us2-www.0texkax7c6hzuidk.com\Common\b546319785e2d2dc140585e56511a607.html
c:\program files\instant access\Dialer\485432171\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\485432171\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\485432171\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\485432171\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\512401444\external-api.dlv4.com\hits\5113ac2d65c841d9806190db0e0e4745
c:\program files\instant access\Dialer\512401444\external-api.dlv4.com\js\74693b043b04775e0c7f59ee763d1ca9
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html
c:\program files\instant access\Dialer\512401444\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html_0.loginvis
c:\program files\instant access\Dialer\512401444\LastSoftwares.lnk
c:\program files\instant access\Dialer\534454953\external-api.dlv4.com\hits\98c08fb7f6b684013451fdec7a6df949
c:\program files\instant access\Dialer\534454953\external-api.dlv4.com\js\74693b043b04775e0c7f59ee763d1ca9
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html
c:\program files\instant access\Dialer\534454953\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html_0.loginvis
c:\program files\instant access\Dialer\534454953\LastSoftwares.lnk
c:\program files\instant access\Dialer\632385718\Crazy Girls.lnk
c:\program files\instant access\Dialer\632385718\fp.pc-on-internet.com\50285\images\FR\index_01.gif
c:\program files\instant access\Dialer\632385718\fp.pc-on-internet.com\50285\images\FR\index_02.gif
c:\program files\instant access\Dialer\632385718\fp.pc-on-internet.com\50285\images\index_03.jpg
c:\program files\instant access\Dialer\632385718\fp.pc-on-internet.com\50285\images\index_04.jpg
c:\program files\instant access\Dialer\632385718\fp.pc-on-internet.com\50285\images\index_06.jpg
c:\program files\instant access\Dialer\632385718\fp.pc-on-internet.com\6830382d18f3963b706d48b491f505d9.html
c:\program files\instant access\Dialer\632385718\fp.pc-on-internet.com\6830382d18f3963b706d48b491f505d9.html_0.loginvis
c:\program files\instant access\Dialer\632385718\us2-external-api.dlv4.com\js\d7359ab3cb1a4e5708d9dba76ad715e5
c:\program files\instant access\Dialer\632385718\us2-www.0texkax7c6hzuidk.com\Common\965d5d590eda189446afc4f0c6a58d06.html
c:\program files\instant access\Dialer\632385718\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\632385718\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\632385718\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\632385718\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\638508084\Crazy Girls.lnk
c:\program files\instant access\Dialer\638508084\fp.pc-on-internet.com\50278\images\background.gif
c:\program files\instant access\Dialer\638508084\fp.pc-on-internet.com\50278\images\FR\index_04.jpg
c:\program files\instant access\Dialer\638508084\fp.pc-on-internet.com\50278\images\index_02.jpg
c:\program files\instant access\Dialer\638508084\fp.pc-on-internet.com\50278\images\index_03.jpg
c:\program files\instant access\Dialer\638508084\fp.pc-on-internet.com\9cba5489b7a50def972439a72710b2f3.html
c:\program files\instant access\Dialer\638508084\fp.pc-on-internet.com\9cba5489b7a50def972439a72710b2f3.html_0.loginvis
c:\program files\instant access\Dialer\638508084\us2-external-api.dlv4.com\js\416e6c0352e0543bed06eeb0e6dacff4
c:\program files\instant access\Dialer\638508084\us2-www.0texkax7c6hzuidk.com\Common\c80eccf2e8354ead79946512a18e06e6.html
c:\program files\instant access\Dialer\638508084\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\638508084\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\638508084\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\638508084\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\665183295\external-api.dlv4.com\hits\20b609a43079a1470531c29dd09bbf29
c:\program files\instant access\Dialer\665183295\external-api.dlv4.com\js\aeacca170c9c3b3861d8987ee4a8113d
c:\program files\instant access\Dialer\665183295\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\665183295\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\665183295\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\665183295\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\665183295\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\665183295\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\665183295\fp.pc-on-internet.com\ebf62c63c9d1b10489dc2833796e41ff.html
c:\program files\instant access\Dialer\665183295\fp.pc-on-internet.com\ebf62c63c9d1b10489dc2833796e41ff.html_0.loginvis
c:\program files\instant access\Dialer\665183295\LastSoftwares.lnk
c:\program files\instant access\Dialer\687065597\external-api.dlv4.com\hits\878c45168bb577629964d831d2d29ed5
c:\program files\instant access\Dialer\687065597\external-api.dlv4.com\js\af682071e57c6ce13901a4cc6ab74202
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\30400bffa0cb4e7f711da99be9d80656.html
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\30400bffa0cb4e7f711da99be9d80656.html_0.loginvis
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\50268\images\bckg.gif
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\50268\images\button.gif
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\50268\images\index_01.gif
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\50268\images\index_02.gif
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\50268\images\index_03.jpg
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\50268\images\index_04.jpg
c:\program files\instant access\Dialer\687065597\fp.pc-on-internet.com\50268\images\index_06.jpg
c:\program files\instant access\Dialer\811162902\fp.pc-on-internet.com\50094\images\bg.gif
c:\program files\instant access\Dialer\811162902\fp.pc-on-internet.com\50094\images\FR\index_01.jpg
c:\program files\instant access\Dialer\811162902\fp.pc-on-internet.com\50094\images\index_02.jpg
c:\program files\instant access\Dialer\811162902\fp.pc-on-internet.com\f6b57b9941445bc74814766228390a14.html
c:\program files\instant access\Dialer\811162902\fp.pc-on-internet.com\f6b57b9941445bc74814766228390a14.html_0.loginvis
c:\program files\instant access\Dialer\811162902\GAMES-DESKTOP.lnk
c:\program files\instant access\Dialer\811162902\us2-external-api.dlv4.com\js\d944eb2e8456611c94621231fbe3b596
c:\program files\instant access\Dialer\811162902\us2-www.0texkax7c6hzuidk.com\Common\15c33cbd4d11cb5a96d578fa002b483e.html
c:\program files\instant access\Dialer\811162902\us2-www.0texkax7c6hzuidk.com\custom\4336\FR\button1.gif
c:\program files\instant access\Dialer\811162902\us2-www.0texkax7c6hzuidk.com\custom\4336\FR\button2.gif
c:\program files\instant access\Dialer\811162902\us2-www.0texkax7c6hzuidk.com\custom\4336\FR\button3.gif
c:\program files\instant access\Dialer\811162902\us2-www.0texkax7c6hzuidk.com\custom\4336\FR\button4.gif
c:\program files\instant access\Dialer\823513171\external-api.dlv4.com\hits\6d04c93c29f4cf6c2f484744705a212f
c:\program files\instant access\Dialer\823513171\external-api.dlv4.com\js\3c3c2c28443f5f1b665521fcee5ea08c
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\a03d45190e177d2b08f125795cafc424.html
c:\program files\instant access\Dialer\823513171\fp.pc-on-internet.com\a03d45190e177d2b08f125795cafc424.html_0.loginvis
c:\program files\instant access\Dialer\823513171\LastSoftwares.lnk
c:\program files\instant access\Dialer\834054937\fp.pc-on-internet.com\1ba9d790cef405435c8748bb369944c3.html
c:\program files\instant access\Dialer\834054937\fp.pc-on-internet.com\1ba9d790cef405435c8748bb369944c3.html_0.loginvis
c:\program files\instant access\Dialer\834054937\fp.pc-on-internet.com\50278\images\background.gif
c:\program files\instant access\Dialer\834054937\fp.pc-on-internet.com\50278\images\FR\index_04.jpg
c:\program files\instant access\Dialer\834054937\fp.pc-on-internet.com\50278\images\index_02.jpg
c:\program files\instant access\Dialer\834054937\fp.pc-on-internet.com\50278\images\index_03.jpg
c:\program files\instant access\Dialer\834054937\us2-external-api.dlv4.com\js\83bc2d8ebbee72d1e196c614e0909fe8
c:\program files\instant access\Dialer\834054937\us2-www.0texkax7c6hzuidk.com\Common\179abc57e234250d2f11aaa41cc36f19.html
c:\program files\instant access\Dialer\834054937\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\834054937\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\834054937\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\834054937\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\858688880\access.rapid-pass.net\a7a98aa876274121081b72bd08a1246a.html
c:\program files\instant access\Dialer\858688880\access.rapid-pass.net\a7a98aa876274121081b72bd08a1246a.html_0.loginvis
c:\program files\instant access\Dialer\858688880\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\FR\index_r1_c2.gif
c:\program files\instant access\Dialer\858688880\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\FR\index_r4_c2.gif
c:\program files\instant access\Dialer\858688880\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\index_r1_c1.jpg
c:\program files\instant access\Dialer\858688880\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\index_r1_c3.jpg
c:\program files\instant access\Dialer\858688880\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\index_r3_c2.jpg
c:\program files\instant access\Dialer\858688880\media.rapid-pass.net\fullpages\ncc_v3_freshflesh\fullpage\images\index_r3_c3.gif
c:\program files\instant access\Dialer\858688880\us2-external-api.dlv4.com\js\12ede369541ba1f2579126ad9b565785
c:\program files\instant access\Dialer\858688880\us2-scripts.downloadv3.com\Common\7a29094614d42d14f37f0e11cf3033cc.html
c:\program files\instant access\Dialer\858688880\us2-scripts.downloadv3.com\custom\2140\EN\button1.gif
c:\program files\instant access\Dialer\858688880\us2-scripts.downloadv3.com\custom\2140\EN\button2.gif
c:\program files\instant access\Dialer\858688880\us2-scripts.downloadv3.com\custom\2140\EN\button3.gif
c:\program files\instant access\Dialer\858688880\us2-scripts.downloadv3.com\custom\2140\EN\button4.gif
c:\program files\instant access\Dialer\90975124\external-api.dlv4.com\hits\557a2bf3e54dad2ded65bbf914f42ee8
c:\program files\instant access\Dialer\90975124\external-api.dlv4.com\js\74693b043b04775e0c7f59ee763d1ca9
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\50198\images\FR\button.gif
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\50198\images\FR\index_01.jpg
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\50198\images\index_02.jpg
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\50198\images\index_03.jpg
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\50198\images\index_04.jpg
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\50198\images\index_05.jpg
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\50198\images\index_07.jpg
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html
c:\program files\instant access\Dialer\90975124\fp.pc-on-internet.com\72d3df799561cf167d3631c8620bde84.html_0.loginvis
c:\program files\instant access\Dialer\90975124\LastSoftwares.lnk
c:\program files\instant access\Dialer\926765358\Crazy Girls.lnk
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\50289\images\background.gif
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\50289\images\FR\index_01.gif
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\50289\images\FR\index_02.gif
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\50289\images\index_03.jpg
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\50289\images\index_04.jpg
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\50289\images\index_06.jpg
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\50289\images\index_07.gif
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\b13b6a1a4042e3634cab559ae9c771a8.html
c:\program files\instant access\Dialer\926765358\fp.pc-on-internet.com\b13b6a1a4042e3634cab559ae9c771a8.html_0.loginvis
c:\program files\instant access\Dialer\926765358\us2-external-api.dlv4.com\js\93ec6bf475cbdbe3c539f3c6d75df21b
c:\program files\instant access\Dialer\926765358\us2-www.0texkax7c6hzuidk.com\Common\27064c7653385ca0aa5655eb0daa5ef5.html
c:\program files\instant access\Dialer\926765358\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\926765358\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\926765358\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\926765358\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\program files\instant access\Dialer\966663363\Crazy Girls.lnk
c:\program files\instant access\Dialer\966663363\fp.pc-on-internet.com\50253\images\background.gif
c:\program files\instant access\Dialer\966663363\fp.pc-on-internet.com\50253\images\FR\index_01.jpg
c:\program files\instant access\Dialer\966663363\fp.pc-on-internet.com\50253\images\FR\index_02.jpg
c:\program files\instant access\Dialer\966663363\fp.pc-on-internet.com\50253\images\FR\index_03.jpg
c:\program files\instant access\Dialer\966663363\fp.pc-on-internet.com\bba259c746e157021f7a4ae9c098aa98.html
c:\program files\instant access\Dialer\966663363\fp.pc-on-internet.com\bba259c746e157021f7a4ae9c098aa98.html_0.loginvis
c:\program files\instant access\Dialer\966663363\us2-external-api.dlv4.com\js\7b3a61eb088fab62d691640533e22955
c:\program files\instant access\Dialer\966663363\us2-www.0texkax7c6hzuidk.com\Common\1bf7253e91693320482493de86669da7.html
c:\program files\instant access\Dialer\966663363\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button1.gif
c:\program files\instant access\Dialer\966663363\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button2.gif
c:\program files\instant access\Dialer\966663363\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button3.gif
c:\program files\instant access\Dialer\966663363\us2-www.0texkax7c6hzuidk.com\custom\4239\FR\button4.gif
c:\windows\pack.epk
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\iwrnyv.dat
c:\windows\system32\iwrnyv_nav.dat
c:\windows\system32\iwrnyv_navps.dat
c:\windows\system32\oeuau.dat
c:\windows\system32\oeuau.exe
c:\windows\system32\oeuau_nav.dat
c:\windows\system32\oeuau_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.

2008-12-01 12:24 . 2008-12-01 12:35 <REP> d-------- C:\Lop SD
2008-12-01 12:03 . 2008-12-01 12:03 <REP> d-------- c:\windows\ERUNT
2008-12-01 11:59 . 2008-12-01 12:17 <REP> d-------- C:\SDFix
2008-12-01 10:12 . 2008-12-01 10:12 <REP> d-------- C:\_OTMoveIt
2008-12-01 08:49 . 2008-12-01 08:49 <REP> d-------- c:\program files\Trend Micro
2008-11-30 17:21 . 2008-11-30 18:21 2,796 --a------ c:\windows\SYSTEM32\tmp.reg
2008-11-30 17:19 . 2007-09-05 23:22 289,144 --a------ c:\windows\SYSTEM32\VCCLSID.exe
2008-11-30 17:19 . 2006-04-27 16:49 288,417 --a------ c:\windows\SYSTEM32\SrchSTS.exe
2008-11-30 17:19 . 2008-10-01 14:51 87,552 --a------ c:\windows\SYSTEM32\VACFix.exe
2008-11-30 17:19 . 2008-11-29 17:58 82,944 --a------ c:\windows\SYSTEM32\o4Patch.exe
2008-11-30 17:19 . 2008-05-18 20:40 82,944 --a------ c:\windows\SYSTEM32\IEDFix.exe
2008-11-30 17:19 . 2008-11-29 17:58 82,944 --a------ c:\windows\SYSTEM32\IEDFix.C.exe
2008-11-30 17:19 . 2008-08-18 11:19 82,432 --a------ c:\windows\SYSTEM32\404Fix.exe
2008-11-30 17:19 . 2003-06-05 20:13 53,248 --a------ c:\windows\SYSTEM32\Process.exe
2008-11-30 17:19 . 2004-07-31 17:50 51,200 --a------ c:\windows\SYSTEM32\dumphive.exe
2008-11-30 17:19 . 2007-10-03 23:36 25,600 --a------ c:\windows\SYSTEM32\WS2Fix.exe
2008-11-30 15:33 . 2008-11-30 16:27 <REP> d-------- c:\program files\FindyKill
2008-11-30 14:38 . 2008-11-30 14:39 <REP> d-------- c:\program files\Navilog1
2008-11-29 16:20 . 2008-11-29 16:20 <REP> d-------- c:\program files\Yahoo!
2008-11-28 12:08 . 2008-11-28 12:08 <REP> d-------- c:\documents and settings\sebastien\Application Data\PC Tools
2008-11-27 10:00 . 2008-11-29 16:51 <REP> d-------- c:\program files\Mystery Case Files - Prime Suspects
2008-11-27 08:50 . 2008-11-27 11:22 <REP> d-------- c:\windows\SYSTEM32\CatRoot_bak
2008-11-27 08:43 . 2008-11-27 08:43 73,728 --a------ c:\windows\SYSTEM32\TDSScfum.dll
2008-11-27 08:43 . 2008-11-27 08:43 2,271 --a------ c:\windows\SYSTEM32\TDSSfxmp.dll
2008-11-27 08:42 . 2008-11-27 08:42 35,840 --a------ c:\windows\SYSTEM32\TDSSofxh.dll
2008-11-27 08:36 . 2008-05-01 09:31 331,776 --------- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2008-11-27 08:36 . 2008-06-14 12:59 272,768 --------- c:\windows\SYSTEM32\DRIVERS\bthport.sys
2008-11-27 08:36 . 2008-06-14 12:59 272,768 --------- c:\windows\SYSTEM32\DLLCACHE\bthport.sys
2008-11-27 08:35 . 2008-08-14 04:51 138,368 --------- c:\windows\SYSTEM32\DLLCACHE\afd.sys
2008-11-26 10:06 . 2008-11-30 14:53 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-26 10:05 . 2008-11-26 10:05 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2008-11-26 09:58 . 2008-10-16 14:06 268,648 --a------ c:\windows\SYSTEM32\mucltui.dll
2008-11-26 09:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\SYSTEM32\muweb.dll
2008-11-26 09:58 . 2008-10-16 14:06 27,496 --a------ c:\windows\SYSTEM32\mucltui.dll.mui
2008-11-24 14:01 . 2008-11-24 14:01 <REP> d-------- c:\documents and settings\kathleen\Application Data\Playrix Entertainment
2008-11-20 21:39 . 2008-11-20 21:39 <REP> d-------- c:\documents and settings\kathleen\Application Data\gtk-2.0
2008-11-20 21:38 . 2008-11-20 21:38 <REP> d-------- c:\documents and settings\kathleen\.thumbnails
2008-11-20 14:21 . 2008-11-30 17:58 <REP> d-------- c:\documents and settings\kathleen\.gimp-2.6
2008-11-20 14:21 . 2008-11-20 14:21 <REP> d-------- c:\documents and settings\kathleen\.gegl-0.0
2008-11-20 14:20 . 2008-11-20 14:20 <REP> d-------- c:\program files\Gimp-2.0
2008-11-20 14:12 . 2008-11-20 14:12 <REP> d-------- c:\program files\Magentic
2008-11-20 14:12 . 2008-08-04 12:20 980,280 --a------ c:\windows\SYSTEM32\Magentic Screensaver.scr
2008-11-17 14:54 . 2008-11-20 16:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-17 14:53 . 2008-11-17 14:54 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-17 14:38 . 2008-11-17 14:38 <REP> d-------- c:\program files\Windows Live Toolbar
2008-11-17 14:38 . 2008-11-17 14:38 <REP> d-------- c:\program files\Windows Live Favorites
2008-11-17 14:31 . 2008-11-17 14:37 <REP> d-------- c:\program files\Windows Live
2008-11-17 14:31 . 2008-11-17 14:36 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-17 14:30 . 2008-11-17 14:30 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-12 08:29 . 2008-11-12 08:56 <REP> d-------- c:\documents and settings\kathleen\Application Data\Magic Academy
2008-11-05 14:10 . 2008-11-05 14:10 <REP> d-------- c:\documents and settings\All Users\Application Data\JollyBear

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 17:38 --------- d-----w c:\program files\Lx_cats
2008-11-30 23:22 --------- d-----w c:\program files\Google
2008-11-29 21:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-29 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 20:45 --------- d-----w c:\program files\TorrentMan
2008-11-26 14:54 --------- d-----w c:\program files\Zylom Games
2008-11-24 19:01 --------- d-----w c:\documents and settings\kathleen\Application Data\Zylom
2008-11-23 01:04 --------- d-----w c:\program files\mIRC
2008-11-17 18:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 18:02 --------- d-----w c:\program files\MyHeritage
2008-11-17 18:00 --------- d-----w c:\program files\eGames
2008-11-17 17:47 --------- d-----w c:\program files\Kodak
2008-11-17 16:47 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-30 19:02 --------- d-----w c:\documents and settings\kathleen\Application Data\BloodTies
2008-10-30 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-16 20:23 --------- d-----w c:\program files\BitLord
2008-10-16 20:10 --------- d-----w c:\program files\Conduit
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\WUPS.DLL
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:02 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-10-15 16:59 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-03 17:12 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-10-01 00:14 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 15:39 1,846,144 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-09-04 16:45 1,106,944 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-11-27 1784856]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-11-27 15:45 1784856 --a------ c:\program files\TorrentMan\tbTor0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-11-27 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-11-27 1784856]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Magentic"="c:\program files\Magentic\bin\Magentic.exe" [2008-08-04 853304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-10 26112]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxctcoms.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=


*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-12-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites

c:\windows\Downloaded Program Files\SmartCouponPrinter.ocx - O16 -: {76716694-EADA-4810-8C3B-4826328A317F}
hxxp://content.dll1.com/Connectus/SmartCouponPrinter/SmartCouponPrinter20080612.cab
c:\windows\Downloaded Program Files\SmartCouponPrinter.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:43:46
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-01 12:45:03
ComboFix-quarantined-files.txt 2008-12-01 17:44:26

Avant-CF: 49 587 494 912 octets libres
Après-CF: 49,620,717,568 octets libres

600 --- E O F --- 2008-11-28 13:51:11
0
Réponse 57 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok

* Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
* Choisis l'onglet Contenu puis onglet Certificats.
* Si tu trouves les programmes suivants (en particulier dans "Editeurs approuvés" ), supprime-les :


electronic-group
egroup
Montorgueil
VIP
Sunny Day Design Ltd
ooo favorite

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\TDSScfum.dll
C:\WINDOWS\system32\TDSSfxmp.dll
C:\WINDOWS\system32\TDSSofxh.dll
C:\WINDOWS\system32\TDSStkdv.log

Folder::

Collect::
C:\WINDOWS\system32\TDSScfum.dll
C:\WINDOWS\system32\TDSSfxmp.dll
C:\WINDOWS\system32\TDSSofxh.dll
C:\WINDOWS\system32\TDSStkdv.log
C:\WINDOWS\system32\explorer32.exe
C:\WINDOWS\system32\drivers\TDSSmqlt.sys
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSMAXT.sys
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSMQLT.sys
C:\WINDOWS\system32\TDSSoiqh.dll
C:\WINDOWS\system32\TDSSlxwp.dll
C:\WINDOWS\system32\TDSSnmxh.dll
C:\WINDOWS\system32\TDSSsihc.dll
C:\WINDOWS\system32\TDSSrhym.dll
C:\WINDOWS\SYSTEM32\TDSSLXWP.dll
C:\WINDOWS\SYSTEM32\TDSSNRSR.dll
C:\WINDOWS\SYSTEM32\TDSSNMXH.dll
C:\WINDOWS\SYSTEM32\TDSSRIQP.dll
C:\WINDOWS\system32\TDSSbrsr.dat
C:\WINDOWS\SYSTEM32\TDSSBRSR.dat
C:\WINDOWS\SYSTEM32\TDSSOSVD.dat
C:\WINDOWS\system32\TDSSkpjp.log
TDSSserv.sys
LEGACY_TDSSSERV.SYS
C:\WINDOWS\system32\drivers\TDSSmqlt.sys

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]

Driver::
TDSSserv

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 58 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
omboFix 08-11-30.02 - kathleen 2008-12-01 13:15:42.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.172 [GMT -5:00]
Lancé depuis: c:\documents and settings\kathleen\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\kathleen\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSStkdv.log
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSStkdv.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.

2008-12-01 12:56 . 2008-12-01 12:56 <REP> d-------- c:\documents and settings\kathleen\DoctorWeb
2008-12-01 12:54 . 2008-12-01 12:54 <REP> d-------- c:\program files\SpywareBlaster
2008-12-01 12:53 . 2008-12-01 12:54 <REP> d-------- c:\program files\SpywareGuard
2008-12-01 12:24 . 2008-12-01 12:35 <REP> d-------- C:\Lop SD
2008-12-01 12:03 . 2008-12-01 12:03 <REP> d-------- c:\windows\ERUNT
2008-12-01 11:59 . 2008-12-01 12:17 <REP> d-------- C:\SDFix
2008-12-01 10:12 . 2008-12-01 10:12 <REP> d-------- C:\_OTMoveIt
2008-12-01 08:49 . 2008-12-01 08:49 <REP> d-------- c:\program files\Trend Micro
2008-11-30 17:21 . 2008-11-30 18:21 2,796 --a------ c:\windows\SYSTEM32\tmp.reg
2008-11-30 17:19 . 2007-09-05 23:22 289,144 --a------ c:\windows\SYSTEM32\VCCLSID.exe
2008-11-30 17:19 . 2006-04-27 16:49 288,417 --a------ c:\windows\SYSTEM32\SrchSTS.exe
2008-11-30 17:19 . 2008-10-01 14:51 87,552 --a------ c:\windows\SYSTEM32\VACFix.exe
2008-11-30 17:19 . 2008-11-29 17:58 82,944 --a------ c:\windows\SYSTEM32\o4Patch.exe
2008-11-30 17:19 . 2008-05-18 20:40 82,944 --a------ c:\windows\SYSTEM32\IEDFix.exe
2008-11-30 17:19 . 2008-11-29 17:58 82,944 --a------ c:\windows\SYSTEM32\IEDFix.C.exe
2008-11-30 17:19 . 2008-08-18 11:19 82,432 --a------ c:\windows\SYSTEM32\404Fix.exe
2008-11-30 17:19 . 2003-06-05 20:13 53,248 --a------ c:\windows\SYSTEM32\Process.exe
2008-11-30 17:19 . 2004-07-31 17:50 51,200 --a------ c:\windows\SYSTEM32\dumphive.exe
2008-11-30 17:19 . 2007-10-03 23:36 25,600 --a------ c:\windows\SYSTEM32\WS2Fix.exe
2008-11-30 15:33 . 2008-11-30 16:27 <REP> d-------- c:\program files\FindyKill
2008-11-30 14:38 . 2008-11-30 14:39 <REP> d-------- c:\program files\Navilog1
2008-11-29 16:20 . 2008-11-29 16:20 <REP> d-------- c:\program files\Yahoo!
2008-11-28 12:08 . 2008-11-28 12:08 <REP> d-------- c:\documents and settings\sebastien\Application Data\PC Tools
2008-11-27 10:00 . 2008-11-29 16:51 <REP> d-------- c:\program files\Mystery Case Files - Prime Suspects
2008-11-27 08:50 . 2008-11-27 11:22 <REP> d-------- c:\windows\SYSTEM32\CatRoot_bak
2008-11-27 08:36 . 2008-05-01 09:31 331,776 --------- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2008-11-27 08:36 . 2008-06-14 12:59 272,768 --------- c:\windows\SYSTEM32\DRIVERS\bthport.sys
2008-11-27 08:36 . 2008-06-14 12:59 272,768 --------- c:\windows\SYSTEM32\DLLCACHE\bthport.sys
2008-11-27 08:35 . 2008-08-14 04:51 138,368 --------- c:\windows\SYSTEM32\DLLCACHE\afd.sys
2008-11-26 10:06 . 2008-12-01 12:55 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-26 10:05 . 2008-11-26 10:05 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2008-11-26 09:58 . 2008-10-16 14:06 268,648 --a------ c:\windows\SYSTEM32\mucltui.dll
2008-11-26 09:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\SYSTEM32\muweb.dll
2008-11-26 09:58 . 2008-10-16 14:06 27,496 --a------ c:\windows\SYSTEM32\mucltui.dll.mui
2008-11-24 14:01 . 2008-11-24 14:01 <REP> d-------- c:\documents and settings\kathleen\Application Data\Playrix Entertainment
2008-11-20 21:39 . 2008-11-20 21:39 <REP> d-------- c:\documents and settings\kathleen\Application Data\gtk-2.0
2008-11-20 21:38 . 2008-11-20 21:38 <REP> d-------- c:\documents and settings\kathleen\.thumbnails
2008-11-20 14:21 . 2008-11-30 17:58 <REP> d-------- c:\documents and settings\kathleen\.gimp-2.6
2008-11-20 14:21 . 2008-11-20 14:21 <REP> d-------- c:\documents and settings\kathleen\.gegl-0.0
2008-11-20 14:20 . 2008-11-20 14:20 <REP> d-------- c:\program files\Gimp-2.0
2008-11-20 14:12 . 2008-11-20 14:12 <REP> d-------- c:\program files\Magentic
2008-11-20 14:12 . 2008-08-04 12:20 980,280 --a------ c:\windows\SYSTEM32\Magentic Screensaver.scr
2008-11-17 14:54 . 2008-11-20 16:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-17 14:53 . 2008-11-17 14:54 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-17 14:38 . 2008-11-17 14:38 <REP> d-------- c:\program files\Windows Live Toolbar
2008-11-17 14:38 . 2008-11-17 14:38 <REP> d-------- c:\program files\Windows Live Favorites
2008-11-17 14:31 . 2008-11-17 14:37 <REP> d-------- c:\program files\Windows Live
2008-11-17 14:31 . 2008-11-17 14:36 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-17 14:30 . 2008-11-17 14:30 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-12 08:29 . 2008-11-12 08:56 <REP> d-------- c:\documents and settings\kathleen\Application Data\Magic Academy
2008-11-05 14:10 . 2008-11-05 14:10 <REP> d-------- c:\documents and settings\All Users\Application Data\JollyBear

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 17:38 --------- d-----w c:\program files\Lx_cats
2008-11-30 23:22 --------- d-----w c:\program files\Google
2008-11-29 21:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-29 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 20:45 --------- d-----w c:\program files\TorrentMan
2008-11-26 14:54 --------- d-----w c:\program files\Zylom Games
2008-11-24 19:01 --------- d-----w c:\documents and settings\kathleen\Application Data\Zylom
2008-11-23 01:04 --------- d-----w c:\program files\mIRC
2008-11-17 18:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 18:02 --------- d-----w c:\program files\MyHeritage
2008-11-17 18:00 --------- d-----w c:\program files\eGames
2008-11-17 17:47 --------- d-----w c:\program files\Kodak
2008-11-17 16:47 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-30 19:02 --------- d-----w c:\documents and settings\kathleen\Application Data\BloodTies
2008-10-30 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-16 20:23 --------- d-----w c:\program files\BitLord
2008-10-16 20:10 --------- d-----w c:\program files\Conduit
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\WUPS.DLL
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:02 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-10-15 16:59 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-03 17:12 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-10-01 00:14 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 15:39 1,846,144 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-09-04 16:45 1,106,944 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-11-27 1784856]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-11-27 15:45 1784856 --a------ c:\program files\TorrentMan\tbTor0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-11-27 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-11-27 1784856]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Magentic"="c:\program files\Magentic\bin\Magentic.exe" [2008-08-04 853304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-10 26112]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxctcoms.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=


*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-12-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 13:17:41
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-01 13:18:52
ComboFix-quarantined-files.txt 2008-12-01 18:18:13
ComboFix2.txt 2008-12-01 17:45:04

Avant-CF: 49,564,418,048 octets libres
Après-CF: 49,561,985,024 octets libres

194 --- E O F --- 2008-11-28 13:51:11
0
Réponse 59 / 83
kathleenbouc Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
 
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:00, on 2008-12-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Magentic\bin\mgapp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Netscape Accélérateur\components\NOWImaging.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Magentic] C:\Program Files\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe (User 'Default user')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mimilie17.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/SmartCouponPrinter/SmartCouponPrinter20080612.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
0
Réponse 60 / 83
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
on revient de loin :)

passe ceci maintenant :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+
0

Discussions similaires

télécharger et installer encarta junior
98653773 -
1 -

3 réponses
Telecharger encarta junior 2015 Gratuit en Francais
Chairman -
Weuz -

2 réponses
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Télécharger le logiciel Encarta gratuit 2015 version française.
Rémy M. SAKI -
medab -

13 réponses