Ordi très lent

[steff2]

J'ai besoin de ton rapport car le probleme c'est le trojan "Win32.Agent.zb"

il me faut tout pour être sur de tout eradiquer.

 

Merci

le voilà:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:23, on 14/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE

C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe

C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\AntivirusFirewall\Common\FCH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe

C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program Files\Dell Photo AIO Printer 944\memcard.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.EXE

C:\WINDOWS\system32\dlcdcoms.exe

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\Documents and Settings\Joss\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Controleur de calendrier pour Ulead Photo Express] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

O4 - Global Startup: Suitcase Startup.lnk = ?

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 10737 bytes

 

Merci à toi

[pear]

Bonjour,

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix:

 

Créez un nouveau document texte :

Clic droit de souris sur le bureau-> Nouveau-> Document Texte et y copier les lignes suivantes ,

sans le mot citation:

File::

C:\WINDOWS\system32\drivers\uwasfsd.sys

C:\WINDOWS\system32\noskrnl.sys

C:\WINDOWS\System32\drivers\Omw02.sys

C:\WINDOWS\system32\D5A0622284.sys

 

Folder::

C:\Program Files\WinAntiSpyware 2006 Free

 

Registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

{1230649B-B980-44A5-B259-9B09EBEA6331}"=-

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Modifié le 15 février 2008 par pear

[steff2]

Bonjour,

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix:

 

Créez un nouveau document texte :

Clic droit de souris sur le bureau-> Nouveau-> Document Texte et y copier les lignes suivantes ,

sans le mot citation:

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Bonjour,

voilà le rapport ComboFix.

 

ComboFix 08-02-20.2 - Joss 2008-02-19 21:22:57.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.607 [GMT 1:00]

Endroit: C:\Documents and Settings\Joss\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Joss\Bureau\CFScript.txt.doc

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Possible sites infectés -----

 

hxxp://au.download.windowsupdate

.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-02-19 21:01 . 2008-02-19 21:01 <REP> d-------- C:\Program Files\Avira

2008-02-19 21:01 . 2008-02-19 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-02-07 21:55 . 2008-02-07 21:55 <REP> d-------- C:\VundoFix Backups

2008-01-29 21:25 . 2008-01-29 21:25 <REP> d-------- C:\Program Files\Alwil Software

2008-01-29 19:45 . 2008-01-29 19:45 180,224 --a------ C:\WINDOWS\midivro1.exe

2008-01-25 23:18 . 2008-01-25 23:18 <REP> d-------- C:\Program Files\Windows Live Favorites

2008-01-25 07:36 . 2008-01-28 09:19 80 --a------ C:\WINDOWS\system32\suspend.bin

2008-01-25 07:32 . 2008-01-25 07:32 25,984 --a------ C:\WINDOWS\system32\drivers\Omw02.sys

2008-01-25 07:32 . 2008-01-25 07:32 20,480 --a------ C:\WINDOWS\exreaww.exe

2008-01-25 07:22 . 2008-01-25 07:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-01-25 07:22 . 2008-01-25 07:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-01-25 07:22 . 2008-01-25 07:22 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-01-25 07:22 . 2008-01-25 07:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-01-25 07:22 . 2008-01-25 07:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-19 19:59 --------- d-----w C:\Program Files\Dl_cats

2008-01-25 22:18 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-01-25 06:33 --------- d-----w C:\Program Files\QuickTime

2008-01-25 06:33 --------- d-----w C:\Program Files\MSN Messenger

2008-01-25 06:33 --------- d-----w C:\Program Files\Dell Photo AIO Printer 944

2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

2005-11-03 23:29 72,832 ----a-r C:\WINDOWS\inf\CamAvb.sys

2006-09-27 09:02 56 --sh--r C:\WINDOWS\system32\D5A0622284.sys

2006-09-27 09:02 5,278 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-11-06 18:17 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007110620071107\index.dat

.

Files Infected - Win32.Agent.zb

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program Files\Dell Photo AIO Printer 944\memcard.exe

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.exe

C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

C:\Program Files\MSN Messenger\MsnMsgr.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-25 07:32 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-25 07:32 132496]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-25 07:32 344064]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2008-01-25 07:32 94208]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2008-01-25 07:32 122940]

"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 07:39 69632]

"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2008-01-25 07:32 430080]

"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2008-01-25 07:32 282624]

"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2008-01-25 07:32 1117184]

"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2008-01-25 07:32 122929]

"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2008-01-25 07:32 700416]

"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2008-01-25 07:32 372736]

"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2008-01-25 07:32 356352]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-25 07:32 26112]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]

"Controleur de calendrier pour Ulead Photo Express"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2008-01-25 07:32 69632]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-25 07:32 286720]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-25 07:32 5674352]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2006-09-07 14:35:44 32807]

Suitcase Startup.lnk - C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe [2006-09-15 13:31:20 3145728]

Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2006-09-03 13:49:01 925696]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{1230649B-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2006 Free\shellext.dll [ ]

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]

R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2006-09-07 14:35]

R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2007-06-06 16:35]

R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]

R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-21 09:19]

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 13:45]

S0 uwasfsd;uwasfsd;C:\WINDOWS\system32\drivers\uwasfsd.sys []

S3 noskrnl.sys;noskrnl.sys;C:\WINDOWS\system32\noskrnl.sys []

S3 Omw02;Omw02;C:\WINDOWS\System32\drivers\Omw02.sys [2008-01-25 07:32]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

 

*Newly Created Service* - ANTIVIRSCHEDULER

*Newly Created Service* - ANTIVIRSERVICE

*Newly Created Service* - AVGIO

*Newly Created Service* - AVGNTFLT

*Newly Created Service* - AVIPBB

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-01-25 11:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2006-02-18 18:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

"2008-02-20 20:23:42 C:\WINDOWS\Tasks\Scheduled scanning task.job"

- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt

"2008-02-19 20:15:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-20 21:24:47

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-02-20 21:25:29

ComboFix-quarantined-files.txt 2008-02-20 20:25:27

ComboFix2.txt 2008-02-13 20:16:47

ComboFix3.txt 2008-02-07 21:24:19

.

2008-02-13 20:46:15 --- E O F ---

 

 

 

Merci encore à tous

[steff2]

Bonjour,

voilà le rapport ComboFix.

 

ComboFix 08-02-20.2 - Joss 2008-02-19 21:22:57.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.607 [GMT 1:00]

Endroit: C:\Documents and Settings\Joss\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Joss\Bureau\CFScript.txt.doc

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Possible sites infectés -----

 

hxxp://au.download.windowsupdate

.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-02-19 21:01 . 2008-02-19 21:01 <REP> d-------- C:\Program Files\Avira

2008-02-19 21:01 . 2008-02-19 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-02-07 21:55 . 2008-02-07 21:55 <REP> d-------- C:\VundoFix Backups

2008-01-29 21:25 . 2008-01-29 21:25 <REP> d-------- C:\Program Files\Alwil Software

2008-01-29 19:45 . 2008-01-29 19:45 180,224 --a------ C:\WINDOWS\midivro1.exe

2008-01-25 23:18 . 2008-01-25 23:18 <REP> d-------- C:\Program Files\Windows Live Favorites

2008-01-25 07:36 . 2008-01-28 09:19 80 --a------ C:\WINDOWS\system32\suspend.bin

2008-01-25 07:32 . 2008-01-25 07:32 25,984 --a------ C:\WINDOWS\system32\drivers\Omw02.sys

2008-01-25 07:32 . 2008-01-25 07:32 20,480 --a------ C:\WINDOWS\exreaww.exe

2008-01-25 07:22 . 2008-01-25 07:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-01-25 07:22 . 2008-01-25 07:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-01-25 07:22 . 2008-01-25 07:22 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-01-25 07:22 . 2008-01-25 07:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-01-25 07:22 . 2008-01-25 07:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-19 19:59 --------- d-----w C:\Program Files\Dl_cats

2008-01-25 22:18 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-01-25 06:33 --------- d-----w C:\Program Files\QuickTime

2008-01-25 06:33 --------- d-----w C:\Program Files\MSN Messenger

2008-01-25 06:33 --------- d-----w C:\Program Files\Dell Photo AIO Printer 944

2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

2005-11-03 23:29 72,832 ----a-r C:\WINDOWS\inf\CamAvb.sys

2006-09-27 09:02 56 --sh--r C:\WINDOWS\system32\D5A0622284.sys

2006-09-27 09:02 5,278 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-11-06 18:17 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007110620071107\index.dat

.

Files Infected - Win32.Agent.zb

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program Files\Dell Photo AIO Printer 944\memcard.exe

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.exe

C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

C:\Program Files\MSN Messenger\MsnMsgr.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-25 07:32 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-25 07:32 132496]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-25 07:32 344064]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2008-01-25 07:32 94208]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2008-01-25 07:32 122940]

"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 07:39 69632]

"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2008-01-25 07:32 430080]

"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2008-01-25 07:32 282624]

"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2008-01-25 07:32 1117184]

"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2008-01-25 07:32 122929]

"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2008-01-25 07:32 700416]

"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2008-01-25 07:32 372736]

"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2008-01-25 07:32 356352]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-25 07:32 26112]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]

"Controleur de calendrier pour Ulead Photo Express"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2008-01-25 07:32 69632]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-25 07:32 286720]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-25 07:32 5674352]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2006-09-07 14:35:44 32807]

Suitcase Startup.lnk - C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe [2006-09-15 13:31:20 3145728]

Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2006-09-03 13:49:01 925696]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{1230649B-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2006 Free\shellext.dll [ ]

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]

R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2006-09-07 14:35]

R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2007-06-06 16:35]

R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]

R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-21 09:19]

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 13:45]

S0 uwasfsd;uwasfsd;C:\WINDOWS\system32\drivers\uwasfsd.sys []

S3 noskrnl.sys;noskrnl.sys;C:\WINDOWS\system32\noskrnl.sys []

S3 Omw02;Omw02;C:\WINDOWS\System32\drivers\Omw02.sys [2008-01-25 07:32]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

 

*Newly Created Service* - ANTIVIRSCHEDULER

*Newly Created Service* - ANTIVIRSERVICE

*Newly Created Service* - AVGIO

*Newly Created Service* - AVGNTFLT

*Newly Created Service* - AVIPBB

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-01-25 11:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2006-02-18 18:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

"2008-02-20 20:23:42 C:\WINDOWS\Tasks\Scheduled scanning task.job"

- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt

"2008-02-19 20:15:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-20 21:24:47

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-02-20 21:25:29

ComboFix-quarantined-files.txt 2008-02-20 20:25:27

ComboFix2.txt 2008-02-13 20:16:47

ComboFix3.txt 2008-02-07 21:24:19

.

2008-02-13 20:46:15 --- E O F ---

Merci encore à tous

Personne pour m'aider?

merci à celui ou celle qui se dévouera

[cauxboy]

Bon apparement cela vient de Win32.Agent.zb

 

Télécharger SDFix (créé par AndyManchesta) et le sauvegarder sur le Bureau.

 

- Double cliquer sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

 

Redémarrer en mode sans échec

 

- Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.cmd pour lancer le script.

- Appuie sur Y pour commencer le processus de nettoyage.

- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

- Le redémarrage sera un peu plus lent que d'hab il va continuer à s'exécuter et supprimer des fichiers.

- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

- Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

- Copie le et poste le rapport .

 

TMAC pour la suite.

[steff2]

Bon apparement cela vient de Win32.Agent.zb

 

Télécharger SDFix (créé par AndyManchesta) et le sauvegarder sur le Bureau.

 

- Double cliquer sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

 

Redémarrer en mode sans échec

 

- Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.cmd pour lancer le script.

- Appuie sur Y pour commencer le processus de nettoyage.

- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

- Le redémarrage sera un peu plus lent que d'hab il va continuer à s'exécuter et supprimer des fichiers.

- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

- Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

- Copie le et poste le rapport .

 

TMAC pour la suite.

 

 

SDFix: Version 1.144

 

Run by Joss on 25/02/2008 at 18:28

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services:

 

Name:

noskrnl.sys

 

Path:

\??\C:\WINDOWS\system32\noskrnl.sys

 

noskrnl.sys - Deleted

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Checking Files:

 

Trojan Files Found:

 

C:\WINDOWS\SYSTEM32\SRTIWPGF.TMP - Deleted

 

 

 

 

 

The below files have been patched by Trojan.Agent to load users32.dat and should be replaced:

 

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.exe

C:\Program Files\Dell Photo AIO Printer 944\memcard.exe

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.exe

C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

C:\Program Files\MSN Messenger\MsnMsgr.exe

 

 

Removing Temp Files...

 

ADS Check:

 

 

 

Final Check:

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-25 18:54:18

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\3ff21f[1].jpg 27243 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\3[2].gif 12281 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\3[2].jpg 10561 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\3[3].jpg 6811 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\401696[1].jpg 14473 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\4035563[1].jpg 3218 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\404555[1].jpg 15504 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\4055611445[1].jpg 11401 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\40[1].jpg 4818 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\40[2].jpg 17957 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\75[1].jpg 5309 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\75[2].jpg 19619 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\764085[1].jpg 10829 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\8[1].jpg 16285 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\8[2].jpg 3906 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\57f333[1].jpg 14840 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\58c26f[1].jpg 18964 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\58cfb9[1].jpg 30174 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\590[1].jpg 7903 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\59616[1].jpg 18903 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\59622[1].jpg 17512 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\59669[1].jpg 13760 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\59678[1].jpg 13961 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\597801[1].jpg 15904 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\59875[1].jpg 15105 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\59891[1].jpg 15988 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\59937[1].jpg 19235 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\165966[1].jpg 19223 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\166023[1].jpg 19008 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\768a43[1].jpg 17224 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\b84963[1].jpg 18910 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\824bf6[1].jpg 23519 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\8307724637[1].jpg 6343 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\8329307041[1].jpg 20081 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\48[1].jpg 7855 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\49713031_56376.13024402.gallery[1].gif 3718 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\4[1].jpg 15502 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\50664[1].jpg 9780 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\50[1].jpg 7519 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\5119246368819[1].jpg 40823 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\51392[1].jpg 2038 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\32[1].jpg 6879 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\330[1].jpg 2939 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\35[1].jpg 11678 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\36-mini[1].jpg 14320 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\36-mini[2].jpg 14320 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\3806948378[1].jpg 11298 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\o_style[1].css 6149 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\p6[1].jpg 8011 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\peepclips_com[1].htm 73211 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\peignoir-femme-coeur[1].jpg 7860 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\pinkspirit-videosxg[1].jpg 21441 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\planeteurgence_728x90_080107[1].gif 19487 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\pl_r2_c5[1].gif 134 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\poilue[1].jpg 6348 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\hottiecumlately_19_m[1].jpg 18702 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\icra_sw[1].gif 1626 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\180x135-2[1].jpg 11367 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\96ef29[1].jpg 18815 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\9730969416[1].jpg 8709 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\9866[1].jpg 9378 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\98f980[1].jpg 9274 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\996a62[1].jpg 16982 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\438577[1].jpg 7693 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\module-tab-country[1].css 1936 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\moms_16[1].jpg 6455 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\My_Ass_Is_Yours_2__4[1].jpg 16442 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\m_artistes_off[1].png 4051 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\navdroite[1].gif 10061 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\newyorkknicks[1].gif 3374 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\no-hotlink-warning[1].htm 45 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\no-hotlink-warning[2].htm 45 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\nympho[1].jpg 14615 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\omniture_s_code[1].js 18161 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\onglets[1].css 3521 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\onglet_after_off_off[1].png 447 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\onglet_middle_artistes_over[1].png 4814 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\onglet_middle_nouveautes_off[1].png 5227 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\online[1].gif 2762 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\outgoing[1].xml 10417 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\6338638766[1].jpg 11803 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\63cd91[1].jpg 25212 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\63hOJmOcIKGIHkZmksYSfw[1].jpg 10075 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\669900[1].jpg 6340 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2[1].gif 1306 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2[1].jpg 22075 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2[2].jpg 24876 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2_280108_orange_300x250[1].gif 20243 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\3-lg[1].jpg 11623 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\300x225_18[1].gif 51096 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\3026544908[1].jpg 7346 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\753305[1].jpg 8226 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\753963[1].jpg 9872 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\52[1].jpg 6770 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\53938523_79102.14462483.gallery[1].gif 5160 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\53[1].jpg 5219 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\53[2].jpg 5983 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\5425af[1].jpg 20955 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\54[1].jpg 6985 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\556996[1].jpg 7843 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\557206[1].jpg 8506 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\557567[1].jpg 15660 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\560787[1].jpg 6583 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\th66808[1].jpg 10492 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\thumb2[1].jpg 1765 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\thumb300x225z[1].jpg 22151 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\thumb799[1].jpg 5218 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\thumbh1[1].jpg 8175 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\thumbh300225[1].jpg 29320 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\thumb_c3379d890d99d9c3ebc5025a3d2722c8[1].jpg 2636 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\th_melody-007[1].jpg 9993 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\iitaliano[1].jpg 12004 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\img11[1].jpg 3899 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\img4[1].jpg 3060 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\img9[1].jpg 4416 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\img_09[1].gif 3392 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\796[1].jpg 9533 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\7ad96d[1].jpg 18502 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\7f75b2[1].jpg 10670 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\7[1].jpg 18479 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\811383[1].jpg 9577 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\19[1].jpg 7510 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\1a4121[1].jpg 18699 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\1w_01[1].jpg 14789 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\1w_16[1].jpg 67725 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\1[1].jpg 10028 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\1[2].jpg 26736 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bordureEshop[1].gif 64 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bottom-border[1].gif 125 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bottombeground[1].jpg 335 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bottom_01[1].jpg 3632 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\878788[1].jpg 5421 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\87[1].jpg 8780 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\milfmovs[1].jpg 25735 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\mimage[1].jpg 7407 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\minnesotatimberwolves[1].gif 3517 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\minus[1].gif 81 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\MM001resized[1].jpg 31892 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\mmp_fgh_13_38[1].jpg 1194 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\gigatopsexe[1].jpg 25176 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\groupsex[1].jpg 35427 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\hdsh896[1].jpg 18331 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\header_04[1].jpg 2118 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\head_03[1].gif 4530 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\head_104[1].jpg 7171 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\top_join[1].gif 7011 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\track[1].gif 43 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\track[2].gif 43 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tranny_surprise_2x1[1].gif 7459 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\t_Mark164[1].jpg 5036 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\t_stin00039[1].jpg 6084 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\t_stin00082[1].jpg 6078 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\uj572[1].jpg 18193 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\uniform[1].jpg 42995 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\unitable_03[1].gif 2388 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\up[1].jpg 372 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\wf8NSdD21SPbs2IKShenTSLg[1].jpg 3919 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\xmov160_pornstar[1].gif 27096 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\xxx[1].jpg 1532 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\yes-off[1].jpg 4509 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\yy21[1].jpg 20082 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\yy500[1].jpg 19485 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\zag1[1].gif 3374 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\z[1].gif 43 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\l23[1].jpg 22105 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\layout_03[1].gif 8697 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\layout_10[1].jpg 1021 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\layout_11[1].jpg 1122 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\layout_11[2].jpg 511 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\lin1[1].gif 550 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\teen[1].jpg 33377 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tekano_artiste[1].css 157 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\th104652[1].jpg 9031 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\th110240[1].jpg 14331 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\9a5cf0[1].jpg 11715 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\9ccdda[1].jpg 18331 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\a26c3f[1].jpg 35950 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\a33a62[1].jpg 15488 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\a7fe6e[1].jpg 15125 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CAZ1IRSZ 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\sexe-beurette_01[1].gif 7836 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\sexe-beurette_24[1].gif 25027 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\shemale[1].jpg 33222 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\spermsnow_800X600_2_1[1].jpg 133762 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\spermsnow_800X600_2_2[1].jpg 113080 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\t4[1].jpg 8188 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tb4_08[1].gif 229 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\28[1].jpg 6482 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\29209281054[1].gif 45 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\29415[1].jpg 1846 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2963068863[1].jpg 18690 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\29a4a12bec4c324ea4f80dce0e59927a[1].jpg 2101 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2bc459[1].jpg 21235 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\681618[1].jpg 10196 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\693102[1].jpg 8783 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\695461[1].jpg 6407 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\ecotour[1].js 1076 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\effectif[1].htm 15782 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\egtsg[1].jpg 7532 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\ejgiga[1].jpg 25452 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\espaceur[1].gif 43 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\es_flag[1].gif 162 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\evt_valence[1].jpg 11179 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\extrait-sexe[1].htm 63279 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\f54fb0[1].jpg 14551 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\f79eaf[1].jpg 14441 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\faceimage1199794451[1].jpg 35478 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\fake_banner[1].gif 35301 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\favicon[2].ico 3638 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\favicon[3].ico 894 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\flag_fr[1].gif 581 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\footer1[1].gif 9255 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\form[1].htm 1532 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\form_03[1].gif 407 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\320-4[1].jpg 15567 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\45124165_57608.15232754.gallery[1].gif 29675 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\45532515_73053.12416958.gallery[1].gif 4243 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\46156[1].jpg 15286 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\46162[1].jpg 19402 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\46163[1].jpg 20097 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\46168[1].jpg 20440 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\468x60_ttba_207_070108[1].gif 13673 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\468x60_ttba_407_070108[1].gif 13716 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\im_2030_04_tgp2[1].jpg 69694 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\im_2030_04_tgp4[1].jpg 77338 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\index_02[1].jpg 54670 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\index_09[1].jpg 931 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\index_10[1].gif 822 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\index_14[1].gif 919 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\index_21[1].gif 500 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\index_28[1].gif 12412 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\index_r3_c7[1].gif 1028 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\inscription[1].gif 791 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\jm[1].css 3292 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\juj992[1].jpg 18993 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\84[1].jpg 12151 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\850784[1].jpg 38115 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\85b8c2[1].jpg 16042 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\860795[1].jpg 14069 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\fpc[1].gif 12208 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\frame[1].htm 12002 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\free%20porn%20093[1].jpg 2990 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\gallery01_01[1].jpg 15064 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\gallery_09[1].jpg 9544 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\gallery_46[1].jpg 648 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\20[1].jpg 21406 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\20[2].jpg 8346 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2253130195[1].jpg 16079 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\22909[1].jpg 5086 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2300457573[1].jpg 9522 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\2346298974[1].jpg 31981 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\23535[1].jpg 5977 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\devils_12[1].jpg 787 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\dhtml_pop[1].js 7672 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\dot[1].jpg 406 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\dualseed[1].jpg 8709 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\e03d66[1].jpg 16274 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\6278838315[1].jpg 7715 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\632239[1].jpg 11982 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\amateur%20sex%20videos%20009[1].jpg 6317 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\animirovannii[1].gif 11333 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\auth_user[1].htm 26849 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\auto_suggest[1].js 10136 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\5[1].htm 391 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\5[1].jpg 13556 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60027[1].jpg 13467 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60125[1].jpg 17649 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60144[1].jpg 16114 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60150[1].jpg 8417 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60170[1].jpg 14809 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60317[1].jpg 11056 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60342[1].jpg 18533 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60350[1].jpg 17030 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60410[1].jpg 22163 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60460[1].jpg 15747 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\browsecats[1].gif 1064 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bullet[1].gif 111 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\b_fon[1].gif 139 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\c44252[1].jpg 22735 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\c8d252c20545b8ee2ac4a70eecf7de0c.17[1].jpg 6188 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\c95479[1].jpg 15077 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CA1CJR7S 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CA4NCHAZ 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CA74Z1QO 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CACH0285 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CAHIN3MX 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CAJ3I6O5 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CAPQWRFQ 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\CAQ1D7AX 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\carmen.pick1.thumb[1].jpg 14195 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\9110009544[1].jpg 9524 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\91faf6[1].jpg 19900 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\ban[1].gif 14879 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bg-nav[1].gif 505 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bg[2].gif 2124 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bg_gn_end[1].gif 306 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bg_gn_end_on[1].gif 177 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bg_page[1].gif 1123 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\big-screen2[1].jpg 21178 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bigtits2[1].jpg 26370 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bislePA_gallery01_03[1].jpg 1411 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\black[2].jpg 18475 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bloc_react[1].htm 3485 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\bl_19[1].gif 284 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60468[1].jpg 14360 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60487[1].jpg 7886 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60500[1].jpg 17218 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60505[1].jpg 17308 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60512[1].jpg 15000 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60513[1].jpg 10336 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60520[1].jpg 20693 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\60526[1].jpg 15721 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\605395[1].jpg 8946 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\centre[1].gif 51 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\classes[1].css 5440 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\clips-gratuits.3x.fm_88x31[1].gif 2933 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\cochonnes_09[1].gif 246 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\count[1].htm 0 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\Croatie-Split-1©F[1].jpg 18750 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\cul[1].jpg 13193 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\cumshot[1].jpg 37328 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\d05_bg05[1].jpg 20052 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\d32bd3[1].jpg 12832 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\d33cad[1].jpg 14971 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\d3c56c[1].jpg 18353 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\d59783[1].jpg 17190 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\da05a0[1].jpg 17282 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\dac133823d5980e3a446adb9e0678b00[1].jpg 17291 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\51397[1].jpg 1989 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\51635[1].jpg 3372 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\51746[1].jpg 4183 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\526521[1].jpg 6433 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\709-18254-3830-160_valentine_men-for-women_728x90[1].js 3174 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\709-18254-3830-160_valentine_women-for-men_728x90[1].js 3168 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\713743[1].jpg 33749 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\7190fc[1].jpg 20007 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\o[1].css 15122 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn175026[1].jpg 7094 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\lisa3_04[1].jpg 8760 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\list[1].gif 996 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\list[1].png 7449 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\logo-look-voyage[1].jpg 1615 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\logo_partenaire_int[1].gif 3460 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\lq650[1].jpg 9976 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\lq674[1].jpg 21190 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\madthumbs-trade7[1].jpg 13750 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\mbsh931[1].jpg 19859 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\menu_new[1].css 3458 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\title_03[1].jpg 17043 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\title_04[1].gif 3849 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\title_05[1].jpg 25612 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\title_back_cover[1].gif 2051 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn137190[1].jpg 9905 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn137868[1].jpg 7753 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn138471[1].jpg 9306 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn143466[1].jpg 8111 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn144983[1].jpg 7510 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn145037[1].jpg 9347 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn145595[1].jpg 9383 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn145733[1].jpg 8335 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn148473[1].jpg 9576 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn152207[1].jpg 13189 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn153583[1].jpg 6846 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\tn156192[1].jpg 9369 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\pussygirl.110.150[1].jpg 8117 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\resell[1].gif 4388 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\screen[1].css 51091 bytes

C:\Documents and Settings\Joss\Local Settings\Temporary Internet Files\Content.IE5\TI6V5LTM\search[1].htm 3844 bytes

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 368

 

 

Remaining Services:

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files:

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"

Wed 27 Sep 2006 56 ..SHR --- "C:\WINDOWS\system32\D5A0622284.sys"

Wed 27 Sep 2006 5,278 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Wed 1 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 7 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BITE.tmp"

Wed 1 Nov 2006 4,348 ...H. --- "C:\Documents and Settings\Joss\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"

Wed 1 Nov 2006 20 A..H. --- "C:\Documents and Settings\Joss\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"

Wed 1 Nov 2006 400 A.SH. --- "C:\Documents and Settings\Joss\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

 

Finished!

 

Voilà le rapport! Merci beaucoup

 

ps: je ne peux plus aller sur outlook et je ne peux lire les videos de youtube et dailymotion....

[cauxboy]

Steff,

 

Le rapport est bon

 

The below files have been patched by Trojan.Agent to load users32.dat and should be replaced:

 

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.exe

C:\Program Files\Dell Photo AIO Printer 944\memcard.exe

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.exe

C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

C:\Program Files\MSN Messenger\MsnMsgr.exe

Le Tojan a modifié ces exécutables et la restauration a du poser probleme.

Il faut que tu resinstallle Realplayer et MSN car il existe, de memoire, une liaison entre MSN et Outlook.

 

TMAC de la suite.

 

Cauxboy

Modifié le 25 février 2008 par cauxboy

[steff2]

Steff,

 

Le rapport est bon

Le Tojan a modifié ces exécutables et la restauration a du poser probleme.

Il faut que tu resinstallle Realplayer et MSN car il existe, de memoire, une liaison entre MSN et Outlook.

 

TMAC de la suite.

 

Cauxboy

Merci encore à vous tous!

mon ordi va beaucoup mieux maintenant grâce à vous

[cauxboy]

Steff,

 

Merci encore à vous tous!

mon ordi va beaucoup mieux maintenant grâce à vous

C'est normal on est la pour ça.

 

Par contre n'oublie pas de mettre [Résolu] en entete de ton sujet pour le signaler a d'éventuelles personnes qui recherchent une solution a un probleme similaire et eviter ainsi des sujets redondants.

 

Bonne chance dans la suite.

Si tu as un autre souci n'hésites pas, ou contacte moi dans la messagerie Perso de zébulon.

 

Cauxboy

Modifié le 26 février 2008 par cauxboy