Fenêtre de publicité intempestive
Résolu/Fermé
A voir également:
- Fenêtre de publicité intempestive
- Les bloqueurs de publicité ne sont pas autorisés sur youtube - Guide
- Raccourci agrandir fenetre - Guide
- Fenetre privée - Guide
- Youtube sans publicité - Guide
- Netflix avec publicité avis - Guide
36 réponses
Utilisateur anonyme
9 mars 2008 à 11:15
9 mars 2008 à 11:15
Bonjour , relance Navilog1 > option2 >poste le rapport.
********************************************
→ Télécharge sur ton bureau HJT.
→ Double clique sur le fichier d'installation ' HJTInstall ' , et place Hijackthis dans le repertoire dédié , c'est a dire :" C:\Programme\Trend Micro\Hijackthis "
→ Télécharge ce fichier sur ton bureau. Double clique dessus ( l'icône en forme d'engrenage ). La fenêtre principale d'Hijackthis va s'ouvrire , choisi ' Do a system scan and save a logfile '
→ Poste moi le rapport ( qui apparait sur le bloc-note )
***********************************
Bonne chance
A+
********************************************
→ Télécharge sur ton bureau HJT.
→ Double clique sur le fichier d'installation ' HJTInstall ' , et place Hijackthis dans le repertoire dédié , c'est a dire :" C:\Programme\Trend Micro\Hijackthis "
→ Télécharge ce fichier sur ton bureau. Double clique dessus ( l'icône en forme d'engrenage ). La fenêtre principale d'Hijackthis va s'ouvrire , choisi ' Do a system scan and save a logfile '
→ Poste moi le rapport ( qui apparait sur le bloc-note )
***********************************
Bonne chance
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:03, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
C:\Logiciel\Antivitus\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Quik Touch\EzdMontr.exe
C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe
C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Logiciel\Postit\PsnLite.exe
C:\Logiciel\Postit\PSNGive.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
C:\Logiciel\Antivitus\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\AOL 9.0\waol.exe
C:\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Fichiers communs\AOL\1165520545\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\logiciel\acrobat writer\AcrWr\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [EzdMontr] C:\Program Files\Quik Touch\EzdMontr.exe install
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [site rule] C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Logiciel\Postit\PsnLite.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Logiciel\OmniPage\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5D5EFC-BBA1-42A2-8D29-F9AA05E89C23}: NameServer = 84.103.237.142 86.64.145.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D28B7F8-C8B2-4239-976D-F4C127B9DAAA}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashWebSv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Scan saved at 11:19:03, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
C:\Logiciel\Antivitus\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Quik Touch\EzdMontr.exe
C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe
C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Logiciel\Postit\PsnLite.exe
C:\Logiciel\Postit\PSNGive.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
C:\Logiciel\Antivitus\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\AOL 9.0\waol.exe
C:\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Fichiers communs\AOL\1165520545\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\logiciel\acrobat writer\AcrWr\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [EzdMontr] C:\Program Files\Quik Touch\EzdMontr.exe install
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [site rule] C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Logiciel\Postit\PsnLite.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Logiciel\OmniPage\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5D5EFC-BBA1-42A2-8D29-F9AA05E89C23}: NameServer = 84.103.237.142 86.64.145.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D28B7F8-C8B2-4239-976D-F4C127B9DAAA}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashWebSv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Utilisateur anonyme
9 mars 2008 à 11:25
9 mars 2008 à 11:25
Re ,
Met à jour JAVA --> https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80
******************************************************
Poste le rapport Navilog stp.
********************************************
Télécharge SDFix et sauvegarde le sur ton Bureau.
Redémarre en MSE
→ Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
→ Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
→ Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
→ Poste moi le rapport.
Met à jour JAVA --> https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80
******************************************************
Poste le rapport Navilog stp.
********************************************
Télécharge SDFix et sauvegarde le sur ton Bureau.
Redémarre en MSE
→ Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
→ Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
→ Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
→ Poste moi le rapport.
Déjà merci pour tes réponses !
Voici le rapport :
[b]SDFix: Version 1.154 [/b]
Run by El Nabife on 09/03/2008 at 11:50
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 11:59:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Jeux\\Battlefield 1942\\BF1942.exe"="D:\\Jeux\\Battlefield 1942\\BF1942.exe:*:Enabled:Battlefield 1942"
"D:\\Jeux\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"="D:\\Jeux\\EA GAMES\\Need for Speed Most Wanted\\speed.exe:*:Enabled:speed"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\AOL 9.0\\waol.exe"="C:\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"D:\\Jeux\\Sid Meier's Civilization 4\\Civilization4.exe"="D:\\Jeux\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Enabled:RealPlayer"
"D:\\Jeux\\Civilization 4\\Civilization4.exe"="D:\\Jeux\\Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"="C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe:*:Enabled:LiveUpdt"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords.exe"="D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\\Jeux\\CivCity Rome\\CivCity Rome.exe"="D:\\Jeux\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"
"D:\\CD_logiciel\\Editeur d equation\\MathCast.exe"="D:\\CD_logiciel\\Editeur d equation\\MathCast.exe:*:Disabled:MathCast Equation Editor"
"C:\\Logiciel\\Editeur d equation\\MathCast.exe"="C:\\Logiciel\\Editeur d equation\\MathCast.exe:*:Disabled:MathCast Equation Editor"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Logiciel\\JVTorrent\\btdownloadgui.exe"="C:\\Logiciel\\JVTorrent\\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\\WINDOWS\\system32\\svcnet.exe"="C:\\WINDOWS\\system32\\svcnet.exe:*:Disabled:Non sp‚cifi‚"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Disabled:PSST.exe"
"C:\\WINDOWS\\System32\\javaw.exe"="C:\\WINDOWS\\System32\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\EA GAMES\\CoD 2\\CoD2MP_s.exe"="C:\\Program Files\\EA GAMES\\CoD 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\\Jeux\\Medieval_IV\\medieval2.exe"="D:\\Jeux\\Medieval_IV\\medieval2.exe:*:Enabled:Medieval 2: Total War"
"C:\\Program Files\\Fichiers communs\\AOL\\1165520545\\EE\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1165520545\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\Java\\jre1.5.0_10\\BIN\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\BIN\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\LXDIMON.EXE"="C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\LXDIMON.EXE:*:Enabled:Device Monitor"
"C:\\Documents and Settings\\El Nabife\\Local Settings\\Temp\\lxdi\\wireless\\FRENCH\\lxdiwpss.exe"="C:\\Documents and Settings\\El Nabife\\Local Settings\\Temp\\lxdi\\wireless\\FRENCH\\lxdiwpss.exe:*:Enabled: "
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe"="C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\LXDItime.exe"="C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\LXDItime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe"="C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe:*:Enabled: "
"C:\\WINDOWS\\System32\\lxdicfg.exe"="C:\\WINDOWS\\System32\\lxdicfg.exe:*:Enabled:Printer Communication System"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe"="C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe:*:Enabled:Lexmark Web Gateway"
"K:\\Black and White\\runblack.exe"="K:\\Black and White\\runblack.exe:*:Disabled:lh"
"C:\\Program Files\\EasyPHP1-8\\Apache\\Apache.exe"="C:\\Program Files\\EasyPHP1-8\\Apache\\Apache.exe:*:Disabled:Apache"
"C:\\WINDOWS\\System32\\lxdicoms.exe"="C:\\WINDOWS\\System32\\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\lxdiamon.exe"="C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4r.exe"="C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4r.exe:*:Enabled:Lexmark Imaging Studio"
"D:\\Jeux\\CoH Opposing Fronts\\RelicCOH.exe"="D:\\Jeux\\CoH Opposing Fronts\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\AOL 9.0\\waol.exe"="C:\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\app4r.exe"="C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 10 May 2004 156,784 A..H. --- "C:\AOL 9.0\aoltray.exe"
Mon 10 May 2004 54,384 A..H. --- "C:\AOL 9.0\aolphx.exe"
Mon 10 May 2004 31,344 A..H. --- "C:\AOL 9.0\RBM.exe"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\System Volume Information\_restore{BE18087C-848A-4B4E-9B4E-A08A7F2EC561}\RP673\A0253495.exe"
Tue 12 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITC.tmp"
Tue 12 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BITD.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT450.tmp"
Tue 19 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 12 May 2006 408,064 ...H. --- "C:\Documents and Settings\El Nabife\Application Data\Microsoft\ModŠles\~WRL3793.tmp"
Sat 5 Jan 2008 399,360 ...H. --- "C:\Documents and Settings\El Nabife\Application Data\Microsoft\Word\~WRL3013.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\El Nabife\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished![/b]
Voici le rapport :
[b]SDFix: Version 1.154 [/b]
Run by El Nabife on 09/03/2008 at 11:50
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 11:59:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Jeux\\Battlefield 1942\\BF1942.exe"="D:\\Jeux\\Battlefield 1942\\BF1942.exe:*:Enabled:Battlefield 1942"
"D:\\Jeux\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"="D:\\Jeux\\EA GAMES\\Need for Speed Most Wanted\\speed.exe:*:Enabled:speed"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\AOL 9.0\\waol.exe"="C:\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"D:\\Jeux\\Sid Meier's Civilization 4\\Civilization4.exe"="D:\\Jeux\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Enabled:RealPlayer"
"D:\\Jeux\\Civilization 4\\Civilization4.exe"="D:\\Jeux\\Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"="C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe:*:Enabled:LiveUpdt"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords.exe"="D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\\Jeux\\CivCity Rome\\CivCity Rome.exe"="D:\\Jeux\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"
"D:\\CD_logiciel\\Editeur d equation\\MathCast.exe"="D:\\CD_logiciel\\Editeur d equation\\MathCast.exe:*:Disabled:MathCast Equation Editor"
"C:\\Logiciel\\Editeur d equation\\MathCast.exe"="C:\\Logiciel\\Editeur d equation\\MathCast.exe:*:Disabled:MathCast Equation Editor"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\Pmc.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Logiciel\\JVTorrent\\btdownloadgui.exe"="C:\\Logiciel\\JVTorrent\\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\\WINDOWS\\system32\\svcnet.exe"="C:\\WINDOWS\\system32\\svcnet.exe:*:Disabled:Non sp‚cifi‚"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Disabled:PSST.exe"
"C:\\WINDOWS\\System32\\javaw.exe"="C:\\WINDOWS\\System32\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\EA GAMES\\CoD 2\\CoD2MP_s.exe"="C:\\Program Files\\EA GAMES\\CoD 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\\Jeux\\Medieval_IV\\medieval2.exe"="D:\\Jeux\\Medieval_IV\\medieval2.exe:*:Enabled:Medieval 2: Total War"
"C:\\Program Files\\Fichiers communs\\AOL\\1165520545\\EE\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1165520545\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\Java\\jre1.5.0_10\\BIN\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\BIN\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\LXDIMON.EXE"="C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\LXDIMON.EXE:*:Enabled:Device Monitor"
"C:\\Documents and Settings\\El Nabife\\Local Settings\\Temp\\lxdi\\wireless\\FRENCH\\lxdiwpss.exe"="C:\\Documents and Settings\\El Nabife\\Local Settings\\Temp\\lxdi\\wireless\\FRENCH\\lxdiwpss.exe:*:Enabled: "
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe"="C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\LXDItime.exe"="C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\LXDItime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe"="C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe:*:Enabled: "
"C:\\WINDOWS\\System32\\lxdicfg.exe"="C:\\WINDOWS\\System32\\lxdicfg.exe:*:Enabled:Printer Communication System"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe"="C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe:*:Enabled:Lexmark Web Gateway"
"K:\\Black and White\\runblack.exe"="K:\\Black and White\\runblack.exe:*:Disabled:lh"
"C:\\Program Files\\EasyPHP1-8\\Apache\\Apache.exe"="C:\\Program Files\\EasyPHP1-8\\Apache\\Apache.exe:*:Disabled:Apache"
"C:\\WINDOWS\\System32\\lxdicoms.exe"="C:\\WINDOWS\\System32\\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\lxdiamon.exe"="C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4r.exe"="C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4r.exe:*:Enabled:Lexmark Imaging Studio"
"D:\\Jeux\\CoH Opposing Fronts\\RelicCOH.exe"="D:\\Jeux\\CoH Opposing Fronts\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\AOL 9.0\\waol.exe"="C:\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\app4r.exe"="C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 10 May 2004 156,784 A..H. --- "C:\AOL 9.0\aoltray.exe"
Mon 10 May 2004 54,384 A..H. --- "C:\AOL 9.0\aolphx.exe"
Mon 10 May 2004 31,344 A..H. --- "C:\AOL 9.0\RBM.exe"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\System Volume Information\_restore{BE18087C-848A-4B4E-9B4E-A08A7F2EC561}\RP673\A0253495.exe"
Tue 12 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITC.tmp"
Tue 12 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BITD.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT450.tmp"
Tue 19 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 12 May 2006 408,064 ...H. --- "C:\Documents and Settings\El Nabife\Application Data\Microsoft\ModŠles\~WRL3793.tmp"
Sat 5 Jan 2008 399,360 ...H. --- "C:\Documents and Settings\El Nabife\Application Data\Microsoft\Word\~WRL3013.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\El Nabife\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished![/b]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
9 mars 2008 à 12:13
9 mars 2008 à 12:13
Re ,
Il n'a rien trouvé ... aRF !
Tant pi , on fait a la main.
************************************
Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe >
→ Enregistre-le sur ton bureau
→ Lancer 'OAD.exe' en faisant un double clique sur le fichier
→ Saisir la valeur recherchée -> ' svcnet.exe ' ( fait un copier/coller )
→ Type de recherche : sélectionner l'option 6 puis valide [entrée]
→ OAD va maintenant rechercher le fichier.
→ Laisse-le travailler jusqu'à ce qu'il en ait terminé.
→ Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.
------------- Patienter. --------------
→ Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
→ Faire un copier/coller de ce rapport dans ton prochain post.
Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore
************************************
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\
1)Télécharge OTMoveIt2 ( de Old Timer )
2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
3)puis copie les lignes en gras qui se trouvent en dessous :
C:\WINDOWS\system32\lnaccess.exe
et colle-les dans le cadre de gauche de OTMoveIt : "Paste Standard List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )
/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.
*****************************
Poste le rapport OAD , et celui de OTmoveIT
A+
Il n'a rien trouvé ... aRF !
Tant pi , on fait a la main.
************************************
Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe >
→ Enregistre-le sur ton bureau
→ Lancer 'OAD.exe' en faisant un double clique sur le fichier
→ Saisir la valeur recherchée -> ' svcnet.exe ' ( fait un copier/coller )
→ Type de recherche : sélectionner l'option 6 puis valide [entrée]
→ OAD va maintenant rechercher le fichier.
→ Laisse-le travailler jusqu'à ce qu'il en ait terminé.
→ Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.
------------- Patienter. --------------
→ Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
→ Faire un copier/coller de ce rapport dans ton prochain post.
Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore
************************************
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\
1)Télécharge OTMoveIt2 ( de Old Timer )
2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
3)puis copie les lignes en gras qui se trouvent en dessous :
C:\WINDOWS\system32\lnaccess.exe
et colle-les dans le cadre de gauche de OTMoveIt : "Paste Standard List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )
/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.
*****************************
Poste le rapport OAD , et celui de OTmoveIT
A+
Alors mes rapports sont respectivement :
09/03/2008 ---- 12:21:35,09
----------------------------------
§§§§§§ [svcnet.exe] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"="svcnet.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"="C:\\WINDOWS\\system32\\svcnet.exe:*:Disabled:Non spécifié"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"="C:\\WINDOWS\\system32\\svcnet.exe:*:Disabled:Non spécifié"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"="C:\\WINDOWS\\system32\\svcnet.exe:*:Disabled:Non spécifié"
[HKEY_USERS\S-1-5-21-2546019508-3129205422-186421535-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"="svcnet.exe"
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
/////////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
C:\WINDOWS\system32\lnaccess.exe moved successfully.
OTMoveIt2 v1.0.20 log created on 03092008_122606
09/03/2008 ---- 12:21:35,09
----------------------------------
§§§§§§ [svcnet.exe] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"="svcnet.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"="C:\\WINDOWS\\system32\\svcnet.exe:*:Disabled:Non spécifié"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"="C:\\WINDOWS\\system32\\svcnet.exe:*:Disabled:Non spécifié"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"="C:\\WINDOWS\\system32\\svcnet.exe:*:Disabled:Non spécifié"
[HKEY_USERS\S-1-5-21-2546019508-3129205422-186421535-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"="svcnet.exe"
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
/////////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
C:\WINDOWS\system32\lnaccess.exe moved successfully.
OTMoveIt2 v1.0.20 log created on 03092008_122606
Utilisateur anonyme
9 mars 2008 à 12:40
9 mars 2008 à 12:40
Re ,
Dans OtmoveIt , copie/colle cette ligne :
C:\\WINDOWS\\system32\\svcnet.exe
> MoveIt !
> poste le rapport.
*******************************************************
Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation en gras ci-dessous, (copie tout d'un trait) : ( y compris Regedit4, et la ligne vide en dessous )
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"=-
[HKEY_USERS\S-1-5-21-2546019508-3129205422-186421535-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"=-
Puis "fichier" -> "enregistrer sous" :
dans : sur le bureau
Nom du fichier : reglop.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
Cela doit ressembler à ça
Redémarre en MSE
Double clique sur reglop.reg
→ tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
*****************************************
Reposte un rapport Hijackthis par la suite ( en mode normal )
A+
Dans OtmoveIt , copie/colle cette ligne :
C:\\WINDOWS\\system32\\svcnet.exe
> MoveIt !
> poste le rapport.
*******************************************************
Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation en gras ci-dessous, (copie tout d'un trait) : ( y compris Regedit4, et la ligne vide en dessous )
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\svcnet.exe"=-
[HKEY_USERS\S-1-5-21-2546019508-3129205422-186421535-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"=-
Puis "fichier" -> "enregistrer sous" :
dans : sur le bureau
Nom du fichier : reglop.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
Cela doit ressembler à ça
Redémarre en MSE
Double clique sur reglop.reg
→ tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
*****************************************
Reposte un rapport Hijackthis par la suite ( en mode normal )
A+
J'ai fait OtmoveIt mais il me dit qu'il ne le trouve pas
Pour le .reg ça fonctionné. Voici le nouveau rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:03, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
C:\Logiciel\Antivitus\Avast\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Quik Touch\EzdMontr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Logiciel\Postit\PsnLite.exe
C:\Logiciel\Postit\PSNGive.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
C:\Logiciel\Antivitus\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\logiciel\acrobat writer\AcrWr\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [EzdMontr] C:\Program Files\Quik Touch\EzdMontr.exe install
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [site rule] C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Logiciel\Postit\PsnLite.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Logiciel\OmniPage\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashWebSv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Pour le .reg ça fonctionné. Voici le nouveau rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:03, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
C:\Logiciel\Antivitus\Avast\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Quik Touch\EzdMontr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Logiciel\Postit\PsnLite.exe
C:\Logiciel\Postit\PSNGive.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
C:\Logiciel\Antivitus\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\logiciel\acrobat writer\AcrWr\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [EzdMontr] C:\Program Files\Quik Touch\EzdMontr.exe install
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [site rule] C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Logiciel\Postit\PsnLite.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Logiciel\OmniPage\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashWebSv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Utilisateur anonyme
9 mars 2008 à 13:11
9 mars 2008 à 13:11
Re ,
/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne comptétente /!\
Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\
Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl
AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\
Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.
Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
a+
/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne comptétente /!\
Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\
Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl
AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\
Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.
Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
a+
L'analyse fut plutot court il ma dit que l'analyse était fini et que le rapport était disponible. Le voici:
ComboFix 08-03-08.2 - El Nabife 2008-03-09 13:18:25.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.180 [GMT 1:00]
Endroit: C:\Documents and Settings\El Nabife\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\El Nabife\Application Data\macromedia\Flash Player\#SharedObjects\77LW3XJD\iforex.com
C:\Documents and Settings\El Nabife\Application Data\macromedia\Flash Player\#SharedObjects\77LW3XJD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\El Nabife\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\El Nabife\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\El Nabife\Application Data\MessengerSkinner
C:\Documents and Settings\El Nabife\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\El Nabife\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\El Nabife\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Program Files\instant access
C:\Program Files\instant access\Center\CrazyGirls.upd
C:\Program Files\instant access\Center\LastSoftwares.upd
C:\Program Files\instant access\Center\SerialPlayers.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\Dialer\1001943504\external-api.dlv4.com\hits\949db82c305d27d156c6d02baec905ea
C:\Program Files\instant access\Dialer\1001943504\external-api.dlv4.com\js\4e2d50fb55558bdf8a2798789fcf0549
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\26a381215d554225d9f29f543edef7fa.html
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\26a381215d554225d9f29f543edef7fa.html_0.loginvis
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\button.gif
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_01.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_02.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_03.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_04.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_05.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_07.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\product.ico
C:\Program Files\instant access\Dialer\1016348971\external-api.dlv4.com\hits\3a09d3061d588605a5be761a60fb4e7e
C:\Program Files\instant access\Dialer\1016348971\external-api.dlv4.com\js\77b4955d29f50d8b3cddc97ff31bdf15
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\1eb746f9494cba12b265290f82d66486.html
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\1eb746f9494cba12b265290f82d66486.html_0.loginvis
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\bckg.gif
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\button.gif
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_01.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_02.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_04.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_05.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_06.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_07.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\product.ico
C:\Program Files\instant access\Dialer\1042213666\external-api.dlv4.com\hits\86fed3a16d8b0f8ba13c183ce9db9926
C:\Program Files\instant access\Dialer\1042213666\external-api.dlv4.com\js\86c17ffcd7dfbd89def9050f5b17e6f5
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html_0.loginvis
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\bckg.gif
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\button.gif
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_01.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_02.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_03.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_04.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_05.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_07.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_08.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\product.ico
C:\Program Files\instant access\Dialer\1106080735\external-api.dlv4.com\hits\c1f78eea7a6c8b01432f8be26981f9e7
C:\Program Files\instant access\Dialer\1106080735\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\1111480138\external-api.dlv4.com\hits\1d98b26f4565955237d27a008c8c8018
C:\Program Files\instant access\Dialer\1111480138\external-api.dlv4.com\js\6f2791430a1d0844df528fab9223e50b
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\button.gif
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\index_01.jpg
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\index_02.jpg
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\index_03.jpg
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\index_04.gif
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\product.ico
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\d700356c5edc6712bad9827877e2211c.html
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\d700356c5edc6712bad9827877e2211c.html_0.loginvis
C:\Program Files\instant access\Dialer\1118955904\external-api.dlv4.com\hits\bb304e3b27ac2ec85686bcd094e7c1c1
C:\Program Files\instant access\Dialer\1118955904\external-api.dlv4.com\js\b9818eeed5a892d0190f5d0310f7c113
C:\Program Files\instant access\Dialer\1118955904\fp.pc-on-internet.com\50246\images\index_01.jpg
C:\Program Files\instant access\Dialer\1118955904\fp.pc-on-internet.com\50246\images\product.ico
C:\Program Files\instant access\Dialer\1118955904\fp.pc-on-internet.com\c434885ab5d8fcde89d11d0accd120e9.html
C:\Program Files\instant access\Dialer\1118955904\fp.pc-on-internet.com\c434885ab5d8fcde89d11d0accd120e9.html_0.loginvis
C:\Program Files\instant access\Dialer\1132247587\external-api.dlv4.com\hits\beb23035c27bae065e83f0e434b62f5b
C:\Program Files\instant access\Dialer\1132247587\external-api.dlv4.com\hits\ff46e005c7a5bef1d02c1d4721113ade
C:\Program Files\instant access\Dialer\1132247587\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\1154503539\external-api.dlv4.com\hits\a20fe0a7a52c8f7d7a405ab390c37d8f
C:\Program Files\instant access\Dialer\1154503539\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\1179876439\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\1179876439\external-api.dlv4.com\hits\d6c22630f4ea6f2b9921e6b3cc22dd78
C:\Program Files\instant access\Dialer\1179876439\external-api.dlv4.com\js\f9bf336ba2e8106d2006619f49f18c37
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\320e6e9bd77d47988bb1cd7590b51f97.html
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\320e6e9bd77d47988bb1cd7590b51f97.html_0.loginvis
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\50169\images\button.gif
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\50169\images\index_01.jpg
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\50169\images\index_02.jpg
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\50169\images\index_03.jpg
C:\Program Files\instant access\Dialer\1188543228\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\1188543228\external-api.dlv4.com\hits\b4eb947341a93d0ac26d6ae807023752
C:\Program Files\instant access\Dialer\1188543228\external-api.dlv4.com\js\6a61e7364799072367f7347c2b99a338
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\4167756865579bf6082e3f9d3813304b.html
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\4167756865579bf6082e3f9d3813304b.html_0.loginvis
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\50169\images\button.gif
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\50169\images\index_01.jpg
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\50169\images\index_02.jpg
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\50169\images\index_03.jpg
C:\Program Files\instant access\Dialer\130158546\external-api.dlv4.com\hits\c8d32257613324594e867657e4373ad0
C:\Program Files\instant access\Dialer\130158546\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\136549299\external-api.dlv4.com\hits\4d283cab39d8583fcbf591c8737a8293
C:\Program Files\instant access\Dialer\136549299\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\136549299\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\140491160\external-api.dlv4.com\hits\f39b41eb995ab00b0e099887f13afccf
C:\Program Files\instant access\Dialer\140491160\external-api.dlv4.com\js\9dfdd07289e9b3d7e54fc0a243b2f8f6
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\[u]0[/u]0818f719ff194c7d77cda0f28a9c6a3.html
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\[u]0[/u]0818f719ff194c7d77cda0f28a9c6a3.html_0.loginvis
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\bckg.gif
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\button.gif
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_01.gif
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_02.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_03.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_05.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_06.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_07.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\product.ico
C:\Program Files\instant access\Dialer\147402622\external-api.dlv4.com\hits\bef7801880cb6b945a9c8769a326aa20
C:\Program Files\instant access\Dialer\147402622\external-api.dlv4.com\js\86c17ffcd7dfbd89def9050f5b17e6f5
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html_0.loginvis
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\bckg.gif
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\button.gif
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_01.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_02.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_03.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_04.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_05.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_07.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_08.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\product.ico
C:\Program Files\instant access\Dialer\221391347\external-api.dlv4.com\hits\9a6ccc04bed2e1b12532c160307c4735
C:\Program Files\instant access\Dialer\221391347\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\263783454\external-api.dlv4.com\hits\eb0a279e2b631897e19e828f1ea13a6e
C:\Program Files\instant access\Dialer\263783454\external-api.dlv4.com\js\1b25bde17b5cbfd58be2cb356913c024
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\button.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_01.jpg
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_02.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_03.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_04.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_05.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_06.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_07.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_08.jpg
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_10.jpg
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\product.ico
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\d6134a5fec475af81a2d5b9518be5f04.html
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\d6134a5fec475af81a2d5b9518be5f04.html_0.loginvis
C:\Program Files\instant access\Dialer\283244599\external-api.dlv4.com\hits\f2921b756fc165f6a1dface765b41312
C:\Program Files\instant access\Dialer\283244599\external-api.dlv4.com\js\e88829b3d3432a1bc3e9e088babcf15f
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\4ed157372f7da0adeefc432f266bd5ac.html
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\4ed157372f7da0adeefc432f266bd5ac.html_0.loginvis
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\283244599\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\310186435\external-api.dlv4.com\hits\b6281b5a299391bee525aae6a4062e40
C:\Program Files\instant access\Dialer\310186435\external-api.dlv4.com\js\5886eb4c5daafe1b27ad9152c532c3bf
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\4e598c5f0d6a3fed015ccccfeeff408e.html
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\4e598c5f0d6a3fed015ccccfeeff408e.html_0.loginvis
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\button.gif
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\index_01.jpg
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\index_02.jpg
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\index_03.jpg
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\index_04.gif
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\product.ico
C:\Program Files\instant access\Dialer\313563365\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\313563365\external-api.dlv4.com\hits\172465a41d63ded4c7d1c31667e3ff74
C:\Program Files\instant access\Dialer\313563365\external-api.dlv4.com\js\5da008b16553dcbfa3f6bbd2faed8d85
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\button.gif
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_01.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_02.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_03.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_04.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_05.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\product.ico
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\c769cdb3e7f39bd8b66f57546d467d7e.html
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\c769cdb3e7f39bd8b66f57546d467d7e.html_0.loginvis
C:\Program Files\instant access\Dialer\33330018\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\33330018\external-api.dlv4.com\hits\4e70a25e847eb67e0076084fe721c436
C:\Program Files\instant access\Dialer\33330018\external-api.dlv4.com\js\[u]0[/u]0884e34ce09cf366cd795eb532a2389
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\button.gif
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_01.jpg
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_02.jpg
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_03.gif
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_04.gif
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_05.gif
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\ebbcd293dd2f9f8b00d287639fa99d8f.html
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\ebbcd293dd2f9f8b00d287639fa99d8f.html_0.loginvis
C:\Program Files\instant access\Dialer\34103278\external-api.dlv4.com\hits\8496bf4150933c6ae000f6ddfd44bbe9
C:\Program Files\instant access\Dialer\34103278\external-api.dlv4.com\js\6ee750a84e2d56e649b2fc86c2e90873
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\button.gif
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_01.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_02.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_04.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_05.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_06.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\product.ico
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\801893b831ac32272c92785b8f4401fe.html
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\801893b831ac32272c92785b8f4401fe.html_0.loginvis
C:\Program Files\instant access\Dialer\347557444\external-api.dlv4.com\hits\a521871d17a898b94aa085938828bfcf
C:\Program Files\instant access\Dialer\347557444\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\353219912\external-api.dlv4.com\hits\97ebeb3f67a4d3d65ea01cd088c04cc4
C:\Program Files\instant access\Dialer\353219912\external-api.dlv4.com\hits\d11dca42ccabae95fd8736bf6dd9ccfe
C:\Program Files\instant access\Dialer\353219912\external-api.dlv4.com\js\64325272bfdf3cf0bbd7cdc26fda24a1
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\button.gif
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_01.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_02.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_03.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_04.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_05.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_07.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\product.ico
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\a951635e2250f13fe5713a4d498e7648.html
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\a951635e2250f13fe5713a4d498e7648.html_0.loginvis
C:\Program Files\instant access\Dialer\375343575\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\375343575\external-api.dlv4.com\hits\5b03e8e0b3954b4bcd0673b1587319bf
C:\Program Files\instant access\Dialer\375343575\external-api.dlv4.com\js\8402a9d56c79a7c0e2c4f0cb90296ed4
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\button.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_01.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_02.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_03.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_04.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_05.jpg
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_07.jpg
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_09.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_10.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\product.ico
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\6d2bc7f8156f12352dd153c18dc81aef.html
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\6d2bc7f8156f12352dd153c18dc81aef.html_0.loginvis
C:\Program Files\instant access\Dialer\396886822\external-api.dlv4.com\hits\e48ed2e82ecbf836441e8c577cd6c152
C:\Program Files\instant access\Dialer\396886822\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\40640121\external-api.dlv4.com\hits\dedb14f6d974962e79f87200b12e27be
C:\Program Files\instant access\Dialer\40640121\external-api.dlv4.com\js\d3515298d4a3993197f8e926297cc8ec
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\485e59376e6f47e997960b422d1f4483.html
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\485e59376e6f47e997960b422d1f4483.html_0.loginvis
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\bckg.gif
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\button.gif
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_01.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_02.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_04.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_05.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_06.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_07.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\product.ico
C:\Program Files\instant access\Dialer\469565747\external-api.dlv4.com\hits\c4cfd85668535468c2a046611e53b2e1
C:\Program Files\instant access\Dialer\469565747\external-api.dlv4.com\js\1e9b9d6b245a48e866470888740caa58
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\button.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_01.jpg
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_02.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_03.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_04.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_05.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_06.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_07.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_08.jpg
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_10.jpg
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\product.ico
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\9e0a5909c976eaa74ad7ab30df4f1a46.html
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\9e0a5909c976eaa74ad7ab30df4f1a46.html_0.loginvis
C:\Program Files\instant access\Dialer\476813893\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\476813893\external-api.dlv4.com\hits\1d0e033fc6908009c4782795ca367638
C:\Program Files\instant access\Dialer\476813893\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\48728098\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\48728098\external-api.dlv4.com\hits\1ef1764b754bb347e868fe32892b6218
C:\Program Files\instant access\Dialer\48728098\external-api.dlv4.com\js\86c17ffcd7dfbd89def9050f5b17e6f5
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html_0.loginvis
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\bckg.gif
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\button.gif
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_01.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_02.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_03.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_04.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_05.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_07.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_08.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\product.ico
C:\Program Files\instant access\Dialer\507490181\external-api.dlv4.com\hits\5de442b090aa2f073f27b839b5d65a86
C:\Program Files\instant access\Dialer\507490181\external-api.dlv4.com\hits\d2ac528013ddd5a79843935b14236dae
C:\Program Files\instant access\Dialer\507490181\external-api.dlv4.com\js\390b32612f12d9e45038f85d27c19883
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\bckg.gif
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\button.gif
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\index_01.gif
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\index_02.gif
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\index_03.jpg
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\index_05.jpg
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\product.ico
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\b961d7747310766ff80ac2c096b1337a.html
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\b961d7747310766ff80ac2c096b1337a.html_0.loginvis
C:\Program Files\instant access\Dialer\507490181\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\548358681\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\548358681\external-api.dlv4.com\hits\6dcc1341d1f195a1218764b03677d55a
C:\Program Files\instant access\Dialer\548358681\external-api.dlv4.com\js\d49f50174f2510b38543d58a3ce713d4
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\button.gif
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\index_01.jpg
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\index_02.jpg
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\index_03.jpg
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\index_04.jpg
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\9767f7b5d32c28948a1411204df20d94.html
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\9767f7b5d32c28948a1411204df20d94.html_0.loginvis
C:\Program Files\instant access\Dialer\567973748\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\567973748\external-api.dlv4.com\hits\a77475d0bcc8f5cc2a47ba0a2bad9303
C:\Program Files\instant access\Dialer\567973748\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\571946685\external-api.dlv4.com\hits\89e6f808681991db791aa67de9576ddf
C:\Program Files\instant access\Dialer\571946685\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\577096008\external-api.dlv4.com\hits\20e2602f9cef752824c0b9a293e0437e
C:\Program Files\instant access\Dialer\577096008\external-api.dlv4.com\js\1b25bde17b5cbfd58be2cb356913c024
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\button.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_01.jpg
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_02.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_03.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_04.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_05.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_06.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_07.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_08.jpg
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_10.jpg
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\product.ico
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\d6134a5fec475af81a2d5b9518be5f04.html
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\d6134a5fec475af81a2d5b9518be5f04.html_0.loginvis
C:\Program Files\instant access\Dialer\616209340\external-api.dlv4.com\hits\860977f53eb6477e4bd199d7a9265e7c
C:\Program Files\instant access\Dialer\616209340\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\649439361\external-api.dlv4.com\hits\[u]0[/u]abf674d6723e447db0099011b6292a8
C:\Program Files\instant access\Dialer\649439361\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\649439361\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\706679038\external-api.dlv4.com\hits\da132dfcca20903d39141d6f69d2ebe8
C:\Program Files\instant access\Dialer\706679038\external-api.dlv4.com\js\de49b9d69381344603d9e24ebe030fcd
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\bckg.gif
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\button.gif
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\index_01.jpg
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\index_02.jpg
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\index_03.jpg
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\index_05.jpg
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\78787829e08f3c598fcf778b3d6bdcde.html
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\78787829e08f3c598fcf778b3d6bdcde.html_0.loginvis
C:\Program Files\instant access\Dialer\733163924\external-api.dlv4.com\hits\adb414d8e81e643974faa322190d42c9
C:\Program Files\instant access\Dialer\733163924\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\737339905\external-api.dlv4.com\hits\16f821067883589cd30f3cd9fc559942
C:\Program Files\instant access\Dialer\737339905\external-api.dlv4.com\js\7bfb3058b0bdcd19c5e6ff59ec3ddd44
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\bckg.gif
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\button.gif
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_01.gif
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_02.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_03.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_05.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_06.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_07.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\product.ico
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\66f285c0ac046bb07267e32d1456b14d.html
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\66f285c0ac046bb07267e32d1456b14d.html_0.loginvis
C:\Program Files\instant access\Dialer\759670510\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\759670510\external-api.dlv4.com\hits\cbe267a64e1677a3de3ebf5cc0f5f04a
C:\Program Files\instant access\Dialer\759670510\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\815844610\external-api.dlv4.com\hits\cda19725b506864b641b896b617bd9ec
C:\Program Files\instant access\Dialer\815844610\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\815844610\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\838286980\external-api.dlv4.com\hits\[u]0[/u]3eefde82788ef5df26ca23c273f9000
C:\Program Files\instant access\Dialer\838286980\external-api.dlv4.com\hits\b1e97d9523bd4ee643436bdc436faf73
C:\Program Files\instant access\Dialer\838286980\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\838286980\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\843757923\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\843757923\external-api.dlv4.com\hits\e25ab15e7c4af30a433d23a2aa754c81
C:\Program Files\instant access\Dialer\843757923\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\87993379\external-api.dlv4.com\hits\8c1546618b0337ad8eac243c346f33a9
C:\Program Files\instant access\Dialer\87993379\external-api.dlv4.com\js\9dfdd07289e9b3d7e54fc0a243b2f8f6
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\bckg.gif
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\button.gif
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_01.gif
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_02.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_03.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_05.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_06.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_07.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\product.ico
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\f7b14511f1d94d2765c305884341a8a0.html
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\f7b14511f1d94d2765c305884341a8a0.html_0.loginvis
C:\Program Files\instant access\Dialer\909063025\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\909063025\external-api.dlv4.com\hits\30d23b93305160791c9b1794ee8d1b18
C:\Program Files\instant access\Dialer\909063025\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\960152565\external-api.dlv4.com\hits\7ee44e551c3ef59f4509d0fdaf6ab3fa
C:\Program Files\instant access\Dialer\960152565\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\981479454\external-api.dlv4.com\hits\3931e16be2b2fa312ca7b308736c434b
C:\Program Files\instant access\Dialer\981479454\external-api.dlv4.com\js\d239ddd8c9a0a3a5d9aebafad53af612
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\bckg.gif
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\button.gif
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_01.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_02.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_04.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_05.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_06.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_07.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_08.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\product.ico
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\9a32fa7a2f102ab0559196c26b38ee45.html
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\9a32fa7a2f102ab0559196c26b38ee45.html_0.loginvis
C:\Program Files\instant access\Dialer\992952622\external-api.dlv4.com\hits\c572e0c4316a5c0734a231a82e7fc72a
C:\Program Files\instant access\Dialer\992952622\external-api.dlv4.com\js\e88829b3d3432a1bc3e9e088babcf15f
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\4ed157372f7da0adeefc432f266bd5ac.html
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\4ed157372f7da0adeefc432f266bd5ac.html_0.loginvis
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\992952622\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\996219511\external-api.dlv4.com\hits\d22a39beb07c64d8bd393d1f19bd0811
C:\Program Files\instant access\Dialer\996219511\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\996219511\SerialPlayers.lnk
C:\temp\unins000.dat
C:\WINDOWS\pack.epk
c:\WINDOWS\system32\hyofgfm.dat
c:\windows\system32\hyofgfm.exe
C:\WINDOWS\system32\hyofgfm_nav.dat
c:\WINDOWS\system32\hyofgfm_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\vuedckkrrz_navtmp.dat
C:\WINDOWS\tmlpcert2007
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 12:26 . 2008-03-09 12:26 <REP> d-------- C:\_OTMoveIt
2008-03-09 11:47 . 2008-03-09 11:47 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-09 11:44 . 2005-09-02 11:41 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-09 11:44 . 2005-09-02 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-09 11:44 . 2005-09-02 11:23 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-09 11:44 . 2005-09-02 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-09 11:44 . 2005-09-02 11:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-09 11:44 . 2005-09-02 11:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-03-09 11:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-09 11:30 . 2008-03-08 19:40 <REP> d-------- C:\SDFix
2008-03-09 11:17 . 2008-03-09 11:17 <REP> d-------- C:\Program Files\Trend Micro
2008-03-09 10:01 . 2008-03-09 10:02 <REP> d-------- C:\Program Files\Navilog1
2008-02-27 18:13 . 2008-02-27 18:13 <REP> d-------- C:\Program Files\ElcomSoft
2008-02-27 18:13 . 2008-02-27 18:37 1,060 --a------ C:\WINDOWS\ARCHPR4.INI
2008-02-25 15:32 . 2007-03-30 15:13 344,064 --a------ C:\WINDOWS\system32\lxdicoin.dll
2008-02-25 15:32 . 2006-08-01 06:53 40,960 --a------ C:\WINDOWS\system32\lxdivs.dll
2008-02-25 15:31 . 2007-03-23 20:44 692,224 --a------ C:\WINDOWS\system32\lxdidrs.dll
2008-02-25 15:31 . 2007-02-09 19:07 69,632 --a------ C:\WINDOWS\system32\lxdicnv4.dll
2008-02-25 15:31 . 2007-01-24 00:40 65,536 --a------ C:\WINDOWS\system32\lxdicaps.dll
2008-02-25 15:29 . 2008-02-25 15:29 <REP> d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-02-23 18:02 . 2008-02-23 18:02 67,856 --a------ C:\WINDOWS\PhotoDeluxe.bmp
2008-02-22 12:37 . 2006-06-28 14:24 509,920 --a------ C:\WINDOWS\system32\SEGOEUI.TTF
2008-02-22 12:37 . 2006-06-28 14:24 490,852 --a------ C:\WINDOWS\system32\SEGOEUIB.TTF
2008-02-22 12:37 . 2006-06-28 14:24 393,068 --a------ C:\WINDOWS\system32\SEGOEUIZ.TTF
2008-02-22 12:37 . 2006-06-28 14:24 380,456 --a------ C:\WINDOWS\system32\SEGOEUII.TTF
2008-02-09 13:01 . 2008-02-09 13:01 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-02-09 09:37 . 2008-02-09 09:37 <REP> d--hs---- C:\FOUND.020
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-12 08:39 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-11 18:38 1,811,559 ----a-w C:\Program Files\Instant Access.rar
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTW
ComboFix 08-03-08.2 - El Nabife 2008-03-09 13:18:25.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.180 [GMT 1:00]
Endroit: C:\Documents and Settings\El Nabife\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\El Nabife\Application Data\macromedia\Flash Player\#SharedObjects\77LW3XJD\iforex.com
C:\Documents and Settings\El Nabife\Application Data\macromedia\Flash Player\#SharedObjects\77LW3XJD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\El Nabife\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\El Nabife\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\El Nabife\Application Data\MessengerSkinner
C:\Documents and Settings\El Nabife\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\El Nabife\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\El Nabife\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Program Files\instant access
C:\Program Files\instant access\Center\CrazyGirls.upd
C:\Program Files\instant access\Center\LastSoftwares.upd
C:\Program Files\instant access\Center\SerialPlayers.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\Dialer\1001943504\external-api.dlv4.com\hits\949db82c305d27d156c6d02baec905ea
C:\Program Files\instant access\Dialer\1001943504\external-api.dlv4.com\js\4e2d50fb55558bdf8a2798789fcf0549
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\26a381215d554225d9f29f543edef7fa.html
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\26a381215d554225d9f29f543edef7fa.html_0.loginvis
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\button.gif
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_01.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_02.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_03.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_04.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_05.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\index_07.jpg
C:\Program Files\instant access\Dialer\1001943504\fp.pc-on-internet.com\50201\images\product.ico
C:\Program Files\instant access\Dialer\1016348971\external-api.dlv4.com\hits\3a09d3061d588605a5be761a60fb4e7e
C:\Program Files\instant access\Dialer\1016348971\external-api.dlv4.com\js\77b4955d29f50d8b3cddc97ff31bdf15
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\1eb746f9494cba12b265290f82d66486.html
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\1eb746f9494cba12b265290f82d66486.html_0.loginvis
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\bckg.gif
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\button.gif
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_01.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_02.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_04.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_05.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_06.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\index_07.jpg
C:\Program Files\instant access\Dialer\1016348971\fp.pc-on-internet.com\50265\images\product.ico
C:\Program Files\instant access\Dialer\1042213666\external-api.dlv4.com\hits\86fed3a16d8b0f8ba13c183ce9db9926
C:\Program Files\instant access\Dialer\1042213666\external-api.dlv4.com\js\86c17ffcd7dfbd89def9050f5b17e6f5
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html_0.loginvis
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\bckg.gif
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\button.gif
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_01.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_02.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_03.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_04.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_05.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_07.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\index_08.jpg
C:\Program Files\instant access\Dialer\1042213666\fp.pc-on-internet.com\50188\images\product.ico
C:\Program Files\instant access\Dialer\1106080735\external-api.dlv4.com\hits\c1f78eea7a6c8b01432f8be26981f9e7
C:\Program Files\instant access\Dialer\1106080735\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\1106080735\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\1111480138\external-api.dlv4.com\hits\1d98b26f4565955237d27a008c8c8018
C:\Program Files\instant access\Dialer\1111480138\external-api.dlv4.com\js\6f2791430a1d0844df528fab9223e50b
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\button.gif
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\index_01.jpg
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\index_02.jpg
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\index_03.jpg
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\index_04.gif
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\50153\images\product.ico
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\d700356c5edc6712bad9827877e2211c.html
C:\Program Files\instant access\Dialer\1111480138\fp.pc-on-internet.com\d700356c5edc6712bad9827877e2211c.html_0.loginvis
C:\Program Files\instant access\Dialer\1118955904\external-api.dlv4.com\hits\bb304e3b27ac2ec85686bcd094e7c1c1
C:\Program Files\instant access\Dialer\1118955904\external-api.dlv4.com\js\b9818eeed5a892d0190f5d0310f7c113
C:\Program Files\instant access\Dialer\1118955904\fp.pc-on-internet.com\50246\images\index_01.jpg
C:\Program Files\instant access\Dialer\1118955904\fp.pc-on-internet.com\50246\images\product.ico
C:\Program Files\instant access\Dialer\1118955904\fp.pc-on-internet.com\c434885ab5d8fcde89d11d0accd120e9.html
C:\Program Files\instant access\Dialer\1118955904\fp.pc-on-internet.com\c434885ab5d8fcde89d11d0accd120e9.html_0.loginvis
C:\Program Files\instant access\Dialer\1132247587\external-api.dlv4.com\hits\beb23035c27bae065e83f0e434b62f5b
C:\Program Files\instant access\Dialer\1132247587\external-api.dlv4.com\hits\ff46e005c7a5bef1d02c1d4721113ade
C:\Program Files\instant access\Dialer\1132247587\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\1132247587\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\1154503539\external-api.dlv4.com\hits\a20fe0a7a52c8f7d7a405ab390c37d8f
C:\Program Files\instant access\Dialer\1154503539\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\1154503539\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\1179876439\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\1179876439\external-api.dlv4.com\hits\d6c22630f4ea6f2b9921e6b3cc22dd78
C:\Program Files\instant access\Dialer\1179876439\external-api.dlv4.com\js\f9bf336ba2e8106d2006619f49f18c37
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\320e6e9bd77d47988bb1cd7590b51f97.html
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\320e6e9bd77d47988bb1cd7590b51f97.html_0.loginvis
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\50169\images\button.gif
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\50169\images\index_01.jpg
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\50169\images\index_02.jpg
C:\Program Files\instant access\Dialer\1179876439\fp.pc-on-internet.com\50169\images\index_03.jpg
C:\Program Files\instant access\Dialer\1188543228\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\1188543228\external-api.dlv4.com\hits\b4eb947341a93d0ac26d6ae807023752
C:\Program Files\instant access\Dialer\1188543228\external-api.dlv4.com\js\6a61e7364799072367f7347c2b99a338
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\4167756865579bf6082e3f9d3813304b.html
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\4167756865579bf6082e3f9d3813304b.html_0.loginvis
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\50169\images\button.gif
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\50169\images\index_01.jpg
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\50169\images\index_02.jpg
C:\Program Files\instant access\Dialer\1188543228\fp.pc-on-internet.com\50169\images\index_03.jpg
C:\Program Files\instant access\Dialer\130158546\external-api.dlv4.com\hits\c8d32257613324594e867657e4373ad0
C:\Program Files\instant access\Dialer\130158546\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\130158546\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\136549299\external-api.dlv4.com\hits\4d283cab39d8583fcbf591c8737a8293
C:\Program Files\instant access\Dialer\136549299\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\136549299\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\136549299\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\140491160\external-api.dlv4.com\hits\f39b41eb995ab00b0e099887f13afccf
C:\Program Files\instant access\Dialer\140491160\external-api.dlv4.com\js\9dfdd07289e9b3d7e54fc0a243b2f8f6
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\[u]0[/u]0818f719ff194c7d77cda0f28a9c6a3.html
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\[u]0[/u]0818f719ff194c7d77cda0f28a9c6a3.html_0.loginvis
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\bckg.gif
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\button.gif
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_01.gif
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_02.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_03.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_05.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_06.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\index_07.jpg
C:\Program Files\instant access\Dialer\140491160\fp.pc-on-internet.com\50238\images\product.ico
C:\Program Files\instant access\Dialer\147402622\external-api.dlv4.com\hits\bef7801880cb6b945a9c8769a326aa20
C:\Program Files\instant access\Dialer\147402622\external-api.dlv4.com\js\86c17ffcd7dfbd89def9050f5b17e6f5
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html_0.loginvis
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\bckg.gif
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\button.gif
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_01.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_02.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_03.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_04.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_05.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_07.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\index_08.jpg
C:\Program Files\instant access\Dialer\147402622\fp.pc-on-internet.com\50188\images\product.ico
C:\Program Files\instant access\Dialer\221391347\external-api.dlv4.com\hits\9a6ccc04bed2e1b12532c160307c4735
C:\Program Files\instant access\Dialer\221391347\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\221391347\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\263783454\external-api.dlv4.com\hits\eb0a279e2b631897e19e828f1ea13a6e
C:\Program Files\instant access\Dialer\263783454\external-api.dlv4.com\js\1b25bde17b5cbfd58be2cb356913c024
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\button.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_01.jpg
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_02.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_03.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_04.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_05.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_06.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_07.gif
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_08.jpg
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\index_10.jpg
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\50251\images\product.ico
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\d6134a5fec475af81a2d5b9518be5f04.html
C:\Program Files\instant access\Dialer\263783454\fp.pc-on-internet.com\d6134a5fec475af81a2d5b9518be5f04.html_0.loginvis
C:\Program Files\instant access\Dialer\283244599\external-api.dlv4.com\hits\f2921b756fc165f6a1dface765b41312
C:\Program Files\instant access\Dialer\283244599\external-api.dlv4.com\js\e88829b3d3432a1bc3e9e088babcf15f
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\4ed157372f7da0adeefc432f266bd5ac.html
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\4ed157372f7da0adeefc432f266bd5ac.html_0.loginvis
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\283244599\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\283244599\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\310186435\external-api.dlv4.com\hits\b6281b5a299391bee525aae6a4062e40
C:\Program Files\instant access\Dialer\310186435\external-api.dlv4.com\js\5886eb4c5daafe1b27ad9152c532c3bf
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\4e598c5f0d6a3fed015ccccfeeff408e.html
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\4e598c5f0d6a3fed015ccccfeeff408e.html_0.loginvis
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\button.gif
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\index_01.jpg
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\index_02.jpg
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\index_03.jpg
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\index_04.gif
C:\Program Files\instant access\Dialer\310186435\fp.pc-on-internet.com\50153\images\product.ico
C:\Program Files\instant access\Dialer\313563365\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\313563365\external-api.dlv4.com\hits\172465a41d63ded4c7d1c31667e3ff74
C:\Program Files\instant access\Dialer\313563365\external-api.dlv4.com\js\5da008b16553dcbfa3f6bbd2faed8d85
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\button.gif
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_01.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_02.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_03.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_04.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\index_05.jpg
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\50203\images\product.ico
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\c769cdb3e7f39bd8b66f57546d467d7e.html
C:\Program Files\instant access\Dialer\313563365\fp.pc-on-internet.com\c769cdb3e7f39bd8b66f57546d467d7e.html_0.loginvis
C:\Program Files\instant access\Dialer\33330018\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\33330018\external-api.dlv4.com\hits\4e70a25e847eb67e0076084fe721c436
C:\Program Files\instant access\Dialer\33330018\external-api.dlv4.com\js\[u]0[/u]0884e34ce09cf366cd795eb532a2389
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\button.gif
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_01.jpg
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_02.jpg
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_03.gif
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_04.gif
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\50275\images\index_05.gif
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\ebbcd293dd2f9f8b00d287639fa99d8f.html
C:\Program Files\instant access\Dialer\33330018\fp.pc-on-internet.com\ebbcd293dd2f9f8b00d287639fa99d8f.html_0.loginvis
C:\Program Files\instant access\Dialer\34103278\external-api.dlv4.com\hits\8496bf4150933c6ae000f6ddfd44bbe9
C:\Program Files\instant access\Dialer\34103278\external-api.dlv4.com\js\6ee750a84e2d56e649b2fc86c2e90873
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\button.gif
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_01.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_02.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_04.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_05.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\index_06.jpg
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\50246\images\product.ico
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\801893b831ac32272c92785b8f4401fe.html
C:\Program Files\instant access\Dialer\34103278\fp.pc-on-internet.com\801893b831ac32272c92785b8f4401fe.html_0.loginvis
C:\Program Files\instant access\Dialer\347557444\external-api.dlv4.com\hits\a521871d17a898b94aa085938828bfcf
C:\Program Files\instant access\Dialer\347557444\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\347557444\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\353219912\external-api.dlv4.com\hits\97ebeb3f67a4d3d65ea01cd088c04cc4
C:\Program Files\instant access\Dialer\353219912\external-api.dlv4.com\hits\d11dca42ccabae95fd8736bf6dd9ccfe
C:\Program Files\instant access\Dialer\353219912\external-api.dlv4.com\js\64325272bfdf3cf0bbd7cdc26fda24a1
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\button.gif
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_01.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_02.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_03.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_04.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_05.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\index_07.jpg
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\50201\images\product.ico
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\a951635e2250f13fe5713a4d498e7648.html
C:\Program Files\instant access\Dialer\353219912\fp.pc-on-internet.com\a951635e2250f13fe5713a4d498e7648.html_0.loginvis
C:\Program Files\instant access\Dialer\375343575\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\375343575\external-api.dlv4.com\hits\5b03e8e0b3954b4bcd0673b1587319bf
C:\Program Files\instant access\Dialer\375343575\external-api.dlv4.com\js\8402a9d56c79a7c0e2c4f0cb90296ed4
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\button.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_01.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_02.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_03.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_04.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_05.jpg
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_07.jpg
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_09.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\index_10.gif
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\50287\images\product.ico
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\6d2bc7f8156f12352dd153c18dc81aef.html
C:\Program Files\instant access\Dialer\375343575\fp.pc-on-internet.com\6d2bc7f8156f12352dd153c18dc81aef.html_0.loginvis
C:\Program Files\instant access\Dialer\396886822\external-api.dlv4.com\hits\e48ed2e82ecbf836441e8c577cd6c152
C:\Program Files\instant access\Dialer\396886822\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\396886822\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\40640121\external-api.dlv4.com\hits\dedb14f6d974962e79f87200b12e27be
C:\Program Files\instant access\Dialer\40640121\external-api.dlv4.com\js\d3515298d4a3993197f8e926297cc8ec
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\485e59376e6f47e997960b422d1f4483.html
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\485e59376e6f47e997960b422d1f4483.html_0.loginvis
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\bckg.gif
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\button.gif
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_01.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_02.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_04.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_05.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_06.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\index_07.jpg
C:\Program Files\instant access\Dialer\40640121\fp.pc-on-internet.com\50239\images\product.ico
C:\Program Files\instant access\Dialer\469565747\external-api.dlv4.com\hits\c4cfd85668535468c2a046611e53b2e1
C:\Program Files\instant access\Dialer\469565747\external-api.dlv4.com\js\1e9b9d6b245a48e866470888740caa58
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\button.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_01.jpg
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_02.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_03.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_04.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_05.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_06.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_07.gif
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_08.jpg
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\index_10.jpg
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\50251\images\product.ico
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\9e0a5909c976eaa74ad7ab30df4f1a46.html
C:\Program Files\instant access\Dialer\469565747\fp.pc-on-internet.com\9e0a5909c976eaa74ad7ab30df4f1a46.html_0.loginvis
C:\Program Files\instant access\Dialer\476813893\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\476813893\external-api.dlv4.com\hits\1d0e033fc6908009c4782795ca367638
C:\Program Files\instant access\Dialer\476813893\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\476813893\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\48728098\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\48728098\external-api.dlv4.com\hits\1ef1764b754bb347e868fe32892b6218
C:\Program Files\instant access\Dialer\48728098\external-api.dlv4.com\js\86c17ffcd7dfbd89def9050f5b17e6f5
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\4b965361a0272ace5a23f73ec854be0a.html_0.loginvis
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\bckg.gif
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\button.gif
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_01.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_02.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_03.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_04.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_05.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_07.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\index_08.jpg
C:\Program Files\instant access\Dialer\48728098\fp.pc-on-internet.com\50188\images\product.ico
C:\Program Files\instant access\Dialer\507490181\external-api.dlv4.com\hits\5de442b090aa2f073f27b839b5d65a86
C:\Program Files\instant access\Dialer\507490181\external-api.dlv4.com\hits\d2ac528013ddd5a79843935b14236dae
C:\Program Files\instant access\Dialer\507490181\external-api.dlv4.com\js\390b32612f12d9e45038f85d27c19883
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\bckg.gif
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\button.gif
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\index_01.gif
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\index_02.gif
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\index_03.jpg
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\index_05.jpg
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\50255\images\product.ico
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\b961d7747310766ff80ac2c096b1337a.html
C:\Program Files\instant access\Dialer\507490181\fp.pc-on-internet.com\b961d7747310766ff80ac2c096b1337a.html_0.loginvis
C:\Program Files\instant access\Dialer\507490181\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\548358681\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\548358681\external-api.dlv4.com\hits\6dcc1341d1f195a1218764b03677d55a
C:\Program Files\instant access\Dialer\548358681\external-api.dlv4.com\js\d49f50174f2510b38543d58a3ce713d4
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\button.gif
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\index_01.jpg
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\index_02.jpg
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\index_03.jpg
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\50220\images\index_04.jpg
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\9767f7b5d32c28948a1411204df20d94.html
C:\Program Files\instant access\Dialer\548358681\fp.pc-on-internet.com\9767f7b5d32c28948a1411204df20d94.html_0.loginvis
C:\Program Files\instant access\Dialer\567973748\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\567973748\external-api.dlv4.com\hits\a77475d0bcc8f5cc2a47ba0a2bad9303
C:\Program Files\instant access\Dialer\567973748\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\567973748\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\571946685\external-api.dlv4.com\hits\89e6f808681991db791aa67de9576ddf
C:\Program Files\instant access\Dialer\571946685\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\571946685\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\577096008\external-api.dlv4.com\hits\20e2602f9cef752824c0b9a293e0437e
C:\Program Files\instant access\Dialer\577096008\external-api.dlv4.com\js\1b25bde17b5cbfd58be2cb356913c024
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\button.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_01.jpg
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_02.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_03.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_04.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_05.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_06.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_07.gif
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_08.jpg
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\index_10.jpg
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\50251\images\product.ico
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\d6134a5fec475af81a2d5b9518be5f04.html
C:\Program Files\instant access\Dialer\577096008\fp.pc-on-internet.com\d6134a5fec475af81a2d5b9518be5f04.html_0.loginvis
C:\Program Files\instant access\Dialer\616209340\external-api.dlv4.com\hits\860977f53eb6477e4bd199d7a9265e7c
C:\Program Files\instant access\Dialer\616209340\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\616209340\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\649439361\external-api.dlv4.com\hits\[u]0[/u]abf674d6723e447db0099011b6292a8
C:\Program Files\instant access\Dialer\649439361\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\649439361\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\649439361\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\706679038\external-api.dlv4.com\hits\da132dfcca20903d39141d6f69d2ebe8
C:\Program Files\instant access\Dialer\706679038\external-api.dlv4.com\js\de49b9d69381344603d9e24ebe030fcd
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\bckg.gif
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\button.gif
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\index_01.jpg
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\index_02.jpg
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\index_03.jpg
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\50230\images\index_05.jpg
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\78787829e08f3c598fcf778b3d6bdcde.html
C:\Program Files\instant access\Dialer\706679038\fp.pc-on-internet.com\78787829e08f3c598fcf778b3d6bdcde.html_0.loginvis
C:\Program Files\instant access\Dialer\733163924\external-api.dlv4.com\hits\adb414d8e81e643974faa322190d42c9
C:\Program Files\instant access\Dialer\733163924\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\733163924\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\737339905\external-api.dlv4.com\hits\16f821067883589cd30f3cd9fc559942
C:\Program Files\instant access\Dialer\737339905\external-api.dlv4.com\js\7bfb3058b0bdcd19c5e6ff59ec3ddd44
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\bckg.gif
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\button.gif
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_01.gif
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_02.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_03.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_05.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_06.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\index_07.jpg
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\50238\images\product.ico
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\66f285c0ac046bb07267e32d1456b14d.html
C:\Program Files\instant access\Dialer\737339905\fp.pc-on-internet.com\66f285c0ac046bb07267e32d1456b14d.html_0.loginvis
C:\Program Files\instant access\Dialer\759670510\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\759670510\external-api.dlv4.com\hits\cbe267a64e1677a3de3ebf5cc0f5f04a
C:\Program Files\instant access\Dialer\759670510\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\759670510\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\815844610\external-api.dlv4.com\hits\cda19725b506864b641b896b617bd9ec
C:\Program Files\instant access\Dialer\815844610\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\815844610\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\815844610\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\838286980\external-api.dlv4.com\hits\[u]0[/u]3eefde82788ef5df26ca23c273f9000
C:\Program Files\instant access\Dialer\838286980\external-api.dlv4.com\hits\b1e97d9523bd4ee643436bdc436faf73
C:\Program Files\instant access\Dialer\838286980\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\838286980\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\838286980\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\843757923\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\843757923\external-api.dlv4.com\hits\e25ab15e7c4af30a433d23a2aa754c81
C:\Program Files\instant access\Dialer\843757923\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\843757923\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\87993379\external-api.dlv4.com\hits\8c1546618b0337ad8eac243c346f33a9
C:\Program Files\instant access\Dialer\87993379\external-api.dlv4.com\js\9dfdd07289e9b3d7e54fc0a243b2f8f6
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\bckg.gif
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\button.gif
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_01.gif
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_02.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_03.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_05.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_06.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\index_07.jpg
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\50238\images\product.ico
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\f7b14511f1d94d2765c305884341a8a0.html
C:\Program Files\instant access\Dialer\87993379\fp.pc-on-internet.com\f7b14511f1d94d2765c305884341a8a0.html_0.loginvis
C:\Program Files\instant access\Dialer\909063025\CrazyGirls.lnk
C:\Program Files\instant access\Dialer\909063025\external-api.dlv4.com\hits\30d23b93305160791c9b1794ee8d1b18
C:\Program Files\instant access\Dialer\909063025\external-api.dlv4.com\js\[u]0[/u]c0de01e98a12d3cf32d1396c6971cca
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\36ca4107c11007b19c633f7d5d3454a0.html_0.loginvis
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\909063025\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\960152565\external-api.dlv4.com\hits\7ee44e551c3ef59f4509d0fdaf6ab3fa
C:\Program Files\instant access\Dialer\960152565\external-api.dlv4.com\js\4050095ef221f307e83320182dae4e04
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\50264\images\button.gif
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\50264\images\loading.gif
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\50264\images\product.ico
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html
C:\Program Files\instant access\Dialer\960152565\fp.pc-on-internet.com\960a4e21ca85d35131c174b7eccce809.html_0.loginvis
C:\Program Files\instant access\Dialer\981479454\external-api.dlv4.com\hits\3931e16be2b2fa312ca7b308736c434b
C:\Program Files\instant access\Dialer\981479454\external-api.dlv4.com\js\d239ddd8c9a0a3a5d9aebafad53af612
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\bckg.gif
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\button.gif
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_01.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_02.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_04.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_05.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_06.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_07.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\index_08.jpg
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\50262\images\product.ico
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\9a32fa7a2f102ab0559196c26b38ee45.html
C:\Program Files\instant access\Dialer\981479454\fp.pc-on-internet.com\9a32fa7a2f102ab0559196c26b38ee45.html_0.loginvis
C:\Program Files\instant access\Dialer\992952622\external-api.dlv4.com\hits\c572e0c4316a5c0734a231a82e7fc72a
C:\Program Files\instant access\Dialer\992952622\external-api.dlv4.com\js\e88829b3d3432a1bc3e9e088babcf15f
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\4ed157372f7da0adeefc432f266bd5ac.html
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\4ed157372f7da0adeefc432f266bd5ac.html_0.loginvis
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\992952622\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\992952622\SerialPlayers.lnk
C:\Program Files\instant access\Dialer\996219511\external-api.dlv4.com\hits\d22a39beb07c64d8bd393d1f19bd0811
C:\Program Files\instant access\Dialer\996219511\external-api.dlv4.com\js\93714e877ad95de2ec6f8d14024eaed2
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\bg.jpg
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\button.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_01.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_02.jpg
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_03.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_04.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_05.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\index_07.gif
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\50256\images\product.ico
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html
C:\Program Files\instant access\Dialer\996219511\fp.pc-on-internet.com\e91a08d799cc04c1f587754ceb29269f.html_0.loginvis
C:\Program Files\instant access\Dialer\996219511\SerialPlayers.lnk
C:\temp\unins000.dat
C:\WINDOWS\pack.epk
c:\WINDOWS\system32\hyofgfm.dat
c:\windows\system32\hyofgfm.exe
C:\WINDOWS\system32\hyofgfm_nav.dat
c:\WINDOWS\system32\hyofgfm_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\vuedckkrrz_navtmp.dat
C:\WINDOWS\tmlpcert2007
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 12:26 . 2008-03-09 12:26 <REP> d-------- C:\_OTMoveIt
2008-03-09 11:47 . 2008-03-09 11:47 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-09 11:44 . 2005-09-02 11:41 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-09 11:44 . 2005-09-02 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-09 11:44 . 2005-09-02 11:23 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-09 11:44 . 2005-09-02 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-09 11:44 . 2005-09-02 11:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-09 11:44 . 2005-09-02 11:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-03-09 11:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-09 11:30 . 2008-03-08 19:40 <REP> d-------- C:\SDFix
2008-03-09 11:17 . 2008-03-09 11:17 <REP> d-------- C:\Program Files\Trend Micro
2008-03-09 10:01 . 2008-03-09 10:02 <REP> d-------- C:\Program Files\Navilog1
2008-02-27 18:13 . 2008-02-27 18:13 <REP> d-------- C:\Program Files\ElcomSoft
2008-02-27 18:13 . 2008-02-27 18:37 1,060 --a------ C:\WINDOWS\ARCHPR4.INI
2008-02-25 15:32 . 2007-03-30 15:13 344,064 --a------ C:\WINDOWS\system32\lxdicoin.dll
2008-02-25 15:32 . 2006-08-01 06:53 40,960 --a------ C:\WINDOWS\system32\lxdivs.dll
2008-02-25 15:31 . 2007-03-23 20:44 692,224 --a------ C:\WINDOWS\system32\lxdidrs.dll
2008-02-25 15:31 . 2007-02-09 19:07 69,632 --a------ C:\WINDOWS\system32\lxdicnv4.dll
2008-02-25 15:31 . 2007-01-24 00:40 65,536 --a------ C:\WINDOWS\system32\lxdicaps.dll
2008-02-25 15:29 . 2008-02-25 15:29 <REP> d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-02-23 18:02 . 2008-02-23 18:02 67,856 --a------ C:\WINDOWS\PhotoDeluxe.bmp
2008-02-22 12:37 . 2006-06-28 14:24 509,920 --a------ C:\WINDOWS\system32\SEGOEUI.TTF
2008-02-22 12:37 . 2006-06-28 14:24 490,852 --a------ C:\WINDOWS\system32\SEGOEUIB.TTF
2008-02-22 12:37 . 2006-06-28 14:24 393,068 --a------ C:\WINDOWS\system32\SEGOEUIZ.TTF
2008-02-22 12:37 . 2006-06-28 14:24 380,456 --a------ C:\WINDOWS\system32\SEGOEUII.TTF
2008-02-09 13:01 . 2008-02-09 13:01 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-02-09 09:37 . 2008-02-09 09:37 <REP> d--hs---- C:\FOUND.020
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-12 08:39 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-11 18:38 1,811,559 ----a-w C:\Program Files\Instant Access.rar
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTW
Utilisateur anonyme
9 mars 2008 à 13:38
9 mars 2008 à 13:38
Re ,
Il n'est pas complet le rapport =/
CTRL+A pour tout selectionner.
A+
Il n'est pas complet le rapport =/
CTRL+A pour tout selectionner.
A+
Désolé, j'ai mis que la suite, je me suis dit qu'il était peut être trop long pour le post
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"="svcnet.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"site rule"="C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-04-12 07:17 102400]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 09:29 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"ZCfgSvc.exe"="c:\WINDOWS\system32\ZCfgSvc.exe" [2004-09-06 05:28 417856]
"EzdMontr"="C:\Program Files\Quik Touch\EzdMontr.exe" [2003-11-12 20:18 2170880]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 12:39 73728]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-03 21:58 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Post-it© Software Notes Lite.lnk - C:\Logiciel\Postit\PsnLite.exe [2004-10-15 14:26:54 2080768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\system32\LgNotify.dll 2004-09-06 05:29 180290 c:\WINDOWS\system32\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Clock v6.5.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk
backup=C:\WINDOWS\pss\OFFICE One Clock v6.5.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^El Nabife^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\El Nabife\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-r------- 2007-06-21 12:01 70952 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2003-09-19 12:54 172032 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-06-28 04:33 57344 C:\Logiciel\Clone CD\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-12-27 20:43 81920 C:\Logiciel\daemon\D-tool\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
--a------ 2004-01-06 16:06 131072 C:\Logiciel\Iomega HotBurn Pro\Autolaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-11-17 14:16 50736 C:\Program Files\Fichiers communs\AOL\1165520545\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-07-16 17:54 25264 C:\Logiciel\Lexmark\Lexmark 3500-4500 Series\lxdiamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-07-16 17:54 434864 C:\Logiciel\Lexmark\Lexmark 3500-4500 Series\lxdimon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-03 20:32 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler]
C:\Logiciel\OmniPage\OpScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
--a------ 2005-07-06 00:58 69632 C:\Logiciel\OmniPage\Opware15.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDAS]
--a------ 2007-02-21 15:52 1294336 C:\Program Files\SpyErazer\pcd-as.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
--a------ 2005-04-12 10:16 106496 C:\Logiciel\OmniPage\PDFConverter3\\RegistryController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2005-11-07 18:43 73728 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--------- 2005-11-08 09:41 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2004-05-10 03:50 102469 c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-03 21:58 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-03 21:56 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-04-07 08:02 877568 C:\AOL 9.0\modem\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-28 16:39 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-28 16:39 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"D:\\Jeux\\Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Logiciel\\Editeur d equation\\MathCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Logiciel\\JVTorrent\\btdownloadgui.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1165520545\\EE\\aolsoftware.exe"=
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\BIN\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\LXDIMON.EXE"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\LXDItime.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"C:\\WINDOWS\\System32\\lxdicfg.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe"=
"C:\\Program Files\\EasyPHP1-8\\Apache\\Apache.exe"=
"C:\\WINDOWS\\System32\\lxdicoms.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4r.exe"=
"D:\\Jeux\\CoH Opposing Fronts\\RelicCOH.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-05-20 12:47]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R1 SSHDRV76;SSHDRV76;C:\WINDOWS\system32\drivers\SSHDRV76.sys [2007-06-25 18:26]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-06-25 18:22]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-06-11 15:14]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 01:27]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 15:14]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53]
S3 Aruba;QuikTouch/USB2 Device;C:\WINDOWS\system32\DRIVERS\Aruba.sys [2003-11-19 07:28]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\ELNABI~1\LOCALS~1\Temp\cdrmkaun.sys []
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 11:36]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 11:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48ddd591-abb5-11dc-ba49-000e503e4673}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 13:22:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Temps d'accomplissement: 2008-03-09 13:23:54
ComboFix-quarantined-files.txt 2008-03-09 12:23:52
.
2008-03-07 19:39:19 --- E O F ---
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"="svcnet.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"site rule"="C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-04-12 07:17 102400]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 09:29 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"ZCfgSvc.exe"="c:\WINDOWS\system32\ZCfgSvc.exe" [2004-09-06 05:28 417856]
"EzdMontr"="C:\Program Files\Quik Touch\EzdMontr.exe" [2003-11-12 20:18 2170880]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 12:39 73728]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-03 21:58 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Post-it© Software Notes Lite.lnk - C:\Logiciel\Postit\PsnLite.exe [2004-10-15 14:26:54 2080768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\system32\LgNotify.dll 2004-09-06 05:29 180290 c:\WINDOWS\system32\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Clock v6.5.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk
backup=C:\WINDOWS\pss\OFFICE One Clock v6.5.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^El Nabife^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\El Nabife\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-r------- 2007-06-21 12:01 70952 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2003-09-19 12:54 172032 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-06-28 04:33 57344 C:\Logiciel\Clone CD\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-12-27 20:43 81920 C:\Logiciel\daemon\D-tool\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
--a------ 2004-01-06 16:06 131072 C:\Logiciel\Iomega HotBurn Pro\Autolaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-11-17 14:16 50736 C:\Program Files\Fichiers communs\AOL\1165520545\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-07-16 17:54 25264 C:\Logiciel\Lexmark\Lexmark 3500-4500 Series\lxdiamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-07-16 17:54 434864 C:\Logiciel\Lexmark\Lexmark 3500-4500 Series\lxdimon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-03 20:32 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler]
C:\Logiciel\OmniPage\OpScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
--a------ 2005-07-06 00:58 69632 C:\Logiciel\OmniPage\Opware15.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDAS]
--a------ 2007-02-21 15:52 1294336 C:\Program Files\SpyErazer\pcd-as.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
--a------ 2005-04-12 10:16 106496 C:\Logiciel\OmniPage\PDFConverter3\\RegistryController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2005-11-07 18:43 73728 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--------- 2005-11-08 09:41 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2004-05-10 03:50 102469 c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-03 21:58 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-03 21:56 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-04-07 08:02 877568 C:\AOL 9.0\modem\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-28 16:39 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-28 16:39 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"D:\\Jeux\\Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Logiciel\\Editeur d equation\\MathCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Logiciel\\JVTorrent\\btdownloadgui.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1165520545\\EE\\aolsoftware.exe"=
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\BIN\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\LXDIMON.EXE"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\LXDItime.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"C:\\WINDOWS\\System32\\lxdicfg.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe"=
"C:\\Program Files\\EasyPHP1-8\\Apache\\Apache.exe"=
"C:\\WINDOWS\\System32\\lxdicoms.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4r.exe"=
"D:\\Jeux\\CoH Opposing Fronts\\RelicCOH.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-05-20 12:47]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R1 SSHDRV76;SSHDRV76;C:\WINDOWS\system32\drivers\SSHDRV76.sys [2007-06-25 18:26]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-06-25 18:22]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-06-11 15:14]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 01:27]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 15:14]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53]
S3 Aruba;QuikTouch/USB2 Device;C:\WINDOWS\system32\DRIVERS\Aruba.sys [2003-11-19 07:28]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\ELNABI~1\LOCALS~1\Temp\cdrmkaun.sys []
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 11:36]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 11:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48ddd591-abb5-11dc-ba49-000e503e4673}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 13:22:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Temps d'accomplissement: 2008-03-09 13:23:54
ComboFix-quarantined-files.txt 2008-03-09 12:23:52
.
2008-03-07 19:39:19 --- E O F ---
Utilisateur anonyme
9 mars 2008 à 13:44
9 mars 2008 à 13:44
Re , ok rapport long ...
ça va mettre du temps à tout analyser.
Je re dès que possible
A+
ça va mettre du temps à tout analyser.
Je re dès que possible
A+
Utilisateur anonyme
9 mars 2008 à 16:48
9 mars 2008 à 16:48
Re ,
Tu connais "C:\FOUND.020 " ?
**************************************************
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\Program Files\Instant Access.rar
Folder::
C:\SDFix
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"=-
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
**********************************
A+
Tu connais "C:\FOUND.020 " ?
**************************************************
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\Program Files\Instant Access.rar
Folder::
C:\SDFix
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32"=-
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
**********************************
A+
C:\FOUND.020 ne me dit rien
J'ai effectué les manip' voici les rapports :
ComboFix 08-03-08.2 - El Nabife 2008-03-09 17:29:08.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.167 [GMT 1:00]
Endroit: C:\Documents and Settings\El Nabife\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\El Nabife\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\Instant Access.rar
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Instant Access.rar
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 12:26 . 2008-03-09 12:26 <REP> d-------- C:\_OTMoveIt
2008-03-09 11:47 . 2008-03-09 11:47 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-09 11:44 . 2005-09-02 11:41 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-09 11:44 . 2005-09-02 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-09 11:44 . 2005-09-02 11:23 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-09 11:44 . 2005-09-02 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-09 11:44 . 2005-09-02 11:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-09 11:44 . 2005-09-02 11:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-03-09 11:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-09 11:17 . 2008-03-09 11:17 <REP> d-------- C:\Program Files\Trend Micro
2008-03-09 10:01 . 2008-03-09 10:02 <REP> d-------- C:\Program Files\Navilog1
2008-02-27 18:13 . 2008-02-27 18:13 <REP> d-------- C:\Program Files\ElcomSoft
2008-02-27 18:13 . 2008-02-27 18:37 1,060 --a------ C:\WINDOWS\ARCHPR4.INI
2008-02-25 15:32 . 2007-03-30 15:13 344,064 --a------ C:\WINDOWS\system32\lxdicoin.dll
2008-02-25 15:32 . 2006-08-01 06:53 40,960 --a------ C:\WINDOWS\system32\lxdivs.dll
2008-02-25 15:31 . 2007-03-23 20:44 692,224 --a------ C:\WINDOWS\system32\lxdidrs.dll
2008-02-25 15:31 . 2007-02-09 19:07 69,632 --a------ C:\WINDOWS\system32\lxdicnv4.dll
2008-02-25 15:31 . 2007-01-24 00:40 65,536 --a------ C:\WINDOWS\system32\lxdicaps.dll
2008-02-25 15:29 . 2008-02-25 15:29 <REP> d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-02-23 18:02 . 2008-02-23 18:02 67,856 --a------ C:\WINDOWS\PhotoDeluxe.bmp
2008-02-22 12:37 . 2006-06-28 14:24 509,920 --a------ C:\WINDOWS\system32\SEGOEUI.TTF
2008-02-22 12:37 . 2006-06-28 14:24 490,852 --a------ C:\WINDOWS\system32\SEGOEUIB.TTF
2008-02-22 12:37 . 2006-06-28 14:24 393,068 --a------ C:\WINDOWS\system32\SEGOEUIZ.TTF
2008-02-22 12:37 . 2006-06-28 14:24 380,456 --a------ C:\WINDOWS\system32\SEGOEUII.TTF
2008-02-09 13:01 . 2008-02-09 13:01 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-02-09 09:37 . 2008-02-09 09:37 <REP> d--hs---- C:\FOUND.020
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-12 08:39 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-09_13.23.36,68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-09 15:06:34 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_2b0.dat
+ 2008-03-09 15:06:26 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"site rule"="C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-04-12 07:17 102400]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 09:29 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"ZCfgSvc.exe"="c:\WINDOWS\system32\ZCfgSvc.exe" [2004-09-06 05:28 417856]
"EzdMontr"="C:\Program Files\Quik Touch\EzdMontr.exe" [2003-11-12 20:18 2170880]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 12:39 73728]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-03 21:58 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Post-it© Software Notes Lite.lnk - C:\Logiciel\Postit\PsnLite.exe [2004-10-15 14:26:54 2080768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\system32\LgNotify.dll 2004-09-06 05:29 180290 c:\WINDOWS\system32\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Clock v6.5.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk
backup=C:\WINDOWS\pss\OFFICE One Clock v6.5.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^El Nabife^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\El Nabife\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-r------- 2007-06-21 12:01 70952 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2003-09-19 12:54 172032 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-06-28 04:33 57344 C:\Logiciel\Clone CD\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-12-27 20:43 81920 C:\Logiciel\daemon\D-tool\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
--a------ 2004-01-06 16:06 131072 C:\Logiciel\Iomega HotBurn Pro\Autolaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-11-17 14:16 50736 C:\Program Files\Fichiers communs\AOL\1165520545\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-07-16 17:54 25264 C:\Logiciel\Lexmark\Lexmark 3500-4500 Series\lxdiamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-07-16 17:54 434864 C:\Logiciel\Lexmark\Lexmark 3500-4500 Series\lxdimon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-03 20:32 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler]
C:\Logiciel\OmniPage\OpScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
--a------ 2005-07-06 00:58 69632 C:\Logiciel\OmniPage\Opware15.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDAS]
--a------ 2007-02-21 15:52 1294336 C:\Program Files\SpyErazer\pcd-as.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
--a------ 2005-04-12 10:16 106496 C:\Logiciel\OmniPage\PDFConverter3\\RegistryController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2005-11-07 18:43 73728 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--------- 2005-11-08 09:41 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2004-05-10 03:50 102469 c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-03 21:58 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-03 21:56 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-04-07 08:02 877568 C:\AOL 9.0\modem\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-28 16:39 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-28 16:39 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"D:\\Jeux\\Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Logiciel\\Editeur d equation\\MathCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Logiciel\\JVTorrent\\btdownloadgui.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1165520545\\EE\\aolsoftware.exe"=
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\BIN\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\LXDIMON.EXE"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\LXDItime.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"C:\\WINDOWS\\System32\\lxdicfg.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe"=
"C:\\Program Files\\EasyPHP1-8\\Apache\\Apache.exe"=
"C:\\WINDOWS\\System32\\lxdicoms.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4r.exe"=
"D:\\Jeux\\CoH Opposing Fronts\\RelicCOH.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-05-20 12:47]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R1 SSHDRV76;SSHDRV76;C:\WINDOWS\system32\drivers\SSHDRV76.sys [2007-06-25 18:26]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-06-25 18:22]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-06-11 15:14]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 01:27]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 15:14]
S3 Aruba;QuikTouch/USB2 Device;C:\WINDOWS\system32\DRIVERS\Aruba.sys [2003-11-19 07:28]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\ELNABI~1\LOCALS~1\Temp\cdrmkaun.sys []
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 11:36]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 11:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48ddd591-abb5-11dc-ba49-000e503e4673}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - ATWPKT2
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 17:34:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Temps d'accomplissement: 2008-03-09 17:36:03
ComboFix-quarantined-files.txt 2008-03-09 16:35:58
ComboFix2.txt 2008-03-09 12:23:56
.
2008-03-07 19:39:19 --- E O F ---
J'ai effectué les manip' voici les rapports :
ComboFix 08-03-08.2 - El Nabife 2008-03-09 17:29:08.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.167 [GMT 1:00]
Endroit: C:\Documents and Settings\El Nabife\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\El Nabife\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\Instant Access.rar
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Instant Access.rar
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 12:26 . 2008-03-09 12:26 <REP> d-------- C:\_OTMoveIt
2008-03-09 11:47 . 2008-03-09 11:47 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-09 11:44 . 2005-09-02 11:41 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-09 11:44 . 2005-09-02 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-09 11:44 . 2005-09-02 11:23 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-09 11:44 . 2005-09-02 11:51 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-09 11:44 . 2005-09-02 11:23 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-09 11:44 . 2005-09-02 11:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-09 11:44 . 2005-09-02 11:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-03-09 11:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-09 11:17 . 2008-03-09 11:17 <REP> d-------- C:\Program Files\Trend Micro
2008-03-09 10:01 . 2008-03-09 10:02 <REP> d-------- C:\Program Files\Navilog1
2008-02-27 18:13 . 2008-02-27 18:13 <REP> d-------- C:\Program Files\ElcomSoft
2008-02-27 18:13 . 2008-02-27 18:37 1,060 --a------ C:\WINDOWS\ARCHPR4.INI
2008-02-25 15:32 . 2007-03-30 15:13 344,064 --a------ C:\WINDOWS\system32\lxdicoin.dll
2008-02-25 15:32 . 2006-08-01 06:53 40,960 --a------ C:\WINDOWS\system32\lxdivs.dll
2008-02-25 15:31 . 2007-03-23 20:44 692,224 --a------ C:\WINDOWS\system32\lxdidrs.dll
2008-02-25 15:31 . 2007-02-09 19:07 69,632 --a------ C:\WINDOWS\system32\lxdicnv4.dll
2008-02-25 15:31 . 2007-01-24 00:40 65,536 --a------ C:\WINDOWS\system32\lxdicaps.dll
2008-02-25 15:29 . 2008-02-25 15:29 <REP> d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-02-23 18:02 . 2008-02-23 18:02 67,856 --a------ C:\WINDOWS\PhotoDeluxe.bmp
2008-02-22 12:37 . 2006-06-28 14:24 509,920 --a------ C:\WINDOWS\system32\SEGOEUI.TTF
2008-02-22 12:37 . 2006-06-28 14:24 490,852 --a------ C:\WINDOWS\system32\SEGOEUIB.TTF
2008-02-22 12:37 . 2006-06-28 14:24 393,068 --a------ C:\WINDOWS\system32\SEGOEUIZ.TTF
2008-02-22 12:37 . 2006-06-28 14:24 380,456 --a------ C:\WINDOWS\system32\SEGOEUII.TTF
2008-02-09 13:01 . 2008-02-09 13:01 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-02-09 09:37 . 2008-02-09 09:37 <REP> d--hs---- C:\FOUND.020
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-12 08:39 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-09_13.23.36,68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-09 15:06:34 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_2b0.dat
+ 2008-03-09 15:06:26 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"site rule"="C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-04-12 07:17 102400]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 09:29 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"ZCfgSvc.exe"="c:\WINDOWS\system32\ZCfgSvc.exe" [2004-09-06 05:28 417856]
"EzdMontr"="C:\Program Files\Quik Touch\EzdMontr.exe" [2003-11-12 20:18 2170880]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 12:39 73728]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-03 21:58 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Post-it© Software Notes Lite.lnk - C:\Logiciel\Postit\PsnLite.exe [2004-10-15 14:26:54 2080768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\system32\LgNotify.dll 2004-09-06 05:29 180290 c:\WINDOWS\system32\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Clock v6.5.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk
backup=C:\WINDOWS\pss\OFFICE One Clock v6.5.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^El Nabife^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\El Nabife\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-r------- 2007-06-21 12:01 70952 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2003-09-19 12:54 172032 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-06-28 04:33 57344 C:\Logiciel\Clone CD\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-12-27 20:43 81920 C:\Logiciel\daemon\D-tool\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
--a------ 2004-01-06 16:06 131072 C:\Logiciel\Iomega HotBurn Pro\Autolaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-11-17 14:16 50736 C:\Program Files\Fichiers communs\AOL\1165520545\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-07-16 17:54 25264 C:\Logiciel\Lexmark\Lexmark 3500-4500 Series\lxdiamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-07-16 17:54 434864 C:\Logiciel\Lexmark\Lexmark 3500-4500 Series\lxdimon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-03 20:32 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler]
C:\Logiciel\OmniPage\OpScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
--a------ 2005-07-06 00:58 69632 C:\Logiciel\OmniPage\Opware15.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDAS]
--a------ 2007-02-21 15:52 1294336 C:\Program Files\SpyErazer\pcd-as.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
--a------ 2005-04-12 10:16 106496 C:\Logiciel\OmniPage\PDFConverter3\\RegistryController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2005-11-07 18:43 73728 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--------- 2005-11-08 09:41 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2004-05-10 03:50 102469 c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-03 21:58 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-03 21:56 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-04-07 08:02 877568 C:\AOL 9.0\modem\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-28 16:39 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-28 16:39 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"D:\\Jeux\\Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Jeux\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Logiciel\\Editeur d equation\\MathCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Logiciel\\JVTorrent\\btdownloadgui.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1165520545\\EE\\aolsoftware.exe"=
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Jeux\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\BIN\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\LXDIMON.EXE"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\LXDItime.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"C:\\WINDOWS\\System32\\lxdicfg.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDIwbgw.exe"=
"C:\\Program Files\\EasyPHP1-8\\Apache\\Apache.exe"=
"C:\\WINDOWS\\System32\\lxdicoms.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Logiciel\\Lexmark\\Lexmark 3500-4500 Series\\App4r.exe"=
"D:\\Jeux\\CoH Opposing Fronts\\RelicCOH.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-05-20 12:47]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R1 SSHDRV76;SSHDRV76;C:\WINDOWS\system32\drivers\SSHDRV76.sys [2007-06-25 18:26]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-06-25 18:22]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-06-11 15:14]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 01:27]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 15:14]
S3 Aruba;QuikTouch/USB2 Device;C:\WINDOWS\system32\DRIVERS\Aruba.sys [2003-11-19 07:28]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\ELNABI~1\LOCALS~1\Temp\cdrmkaun.sys []
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 11:36]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 11:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48ddd591-abb5-11dc-ba49-000e503e4673}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - ATWPKT2
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 17:34:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Temps d'accomplissement: 2008-03-09 17:36:03
ComboFix-quarantined-files.txt 2008-03-09 16:35:58
ComboFix2.txt 2008-03-09 12:23:56
.
2008-03-07 19:39:19 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:41, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
C:\Logiciel\Antivitus\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
C:\Logiciel\Antivitus\Avast\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Quik Touch\EzdMontr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Logiciel\Postit\PsnLite.exe
C:\Logiciel\Postit\PSNGive.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\AOL\1165520545\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\AOL 9.0\waol.exe
C:\AOL 9.0\shellmon.exe
C:\Logiciel\OmniPage\PDFCreate3\PdfCreate3Hook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\logiciel\acrobat writer\AcrWr\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [EzdMontr] C:\Program Files\Quik Touch\EzdMontr.exe install
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [site rule] C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Logiciel\Postit\PsnLite.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Logiciel\OmniPage\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5D5EFC-BBA1-42A2-8D29-F9AA05E89C23}: NameServer = 86.64.145.146 84.103.237.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D28B7F8-C8B2-4239-976D-F4C127B9DAAA}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashWebSv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Scan saved at 17:38:41, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
C:\Logiciel\Antivitus\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
C:\Logiciel\Antivitus\Avast\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Quik Touch\EzdMontr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Logiciel\Postit\PsnLite.exe
C:\Logiciel\Postit\PSNGive.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\AOL\1165520545\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\AOL 9.0\waol.exe
C:\AOL 9.0\shellmon.exe
C:\Logiciel\OmniPage\PDFCreate3\PdfCreate3Hook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\logiciel\acrobat writer\AcrWr\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [EzdMontr] C:\Program Files\Quik Touch\EzdMontr.exe install
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\Logiciel\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [site rule] C:\DOCUME~1\ELNABI~1\APPLIC~1\ACIDTY~1\window locks.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Logiciel\Postit\PsnLite.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Logiciel\OmniPage\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D5D5EFC-BBA1-42A2-8D29-F9AA05E89C23}: NameServer = 86.64.145.146 84.103.237.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D28B7F8-C8B2-4239-976D-F4C127B9DAAA}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Logiciel\Antivitus\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Logiciel\Antivitus\Avast\ashWebSv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Utilisateur anonyme
9 mars 2008 à 17:44
9 mars 2008 à 17:44
Re ,
Créer un nouveau document texte ,
Puis rentre ceci dedans :
dir C:\FOUND.020 >CCM.txt
Enregistre-le sur le bureau sous le nom de CCM.bat ( .bat étant l'extension ) tu dois avoir une icône en forme d'engrenage.
Double clique dessus et poste le rapport qui apparait sur ton bureau ( CCM.txt )
A+
Créer un nouveau document texte ,
Puis rentre ceci dedans :
dir C:\FOUND.020 >CCM.txt
Enregistre-le sur le bureau sous le nom de CCM.bat ( .bat étant l'extension ) tu dois avoir une icône en forme d'engrenage.
Double clique dessus et poste le rapport qui apparait sur ton bureau ( CCM.txt )
A+
excuse moi je n'avais pas attendu la fin de l'analyse la voila complete
Search Navipromo version 3.5.0 commencé le 09/03/2008 à 17:53:35,77
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Recherche dossiers dans c:\users\florence\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Florence\AppData\Local\virtualstore\Program Files ***
*** Recherche dossiers dans C:\Users\Florence\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Fichier(s) caché(s) :
C:\Users\Florence\AppData\Local\ivwzrb.dat
C:\Users\Florence\AppData\Local\ivwzrb.exe
C:\Users\Florence\AppData\Local\ivwzrb_nav.dat
C:\Users\Florence\AppData\Local\ivwzrb_navps.dat
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Florence\AppData\Local\Microsoft *
* Recherche dans C:\Users\Florence\AppData\Local\virtualstore\windows\system32 *
* Recherche dans C:\Users\Florence\AppData\Local *
Fichiers trouvés :
ivwzrb.exe trouvé !
*** Recherche fichiers ***
C:\Windows\system32\nvs2.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Florence\AppData\Local\Microsoft :
* Dans C:\Users\Florence\AppData\Local\virtualstore\windows\system32 :
* Dans C:\Users\Florence\AppData\Local :
ivwzrb.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
4)Recherche fichiers connus :
*** Analyse terminée le 09/03/2008 à 18:09:17,26 ***
Search Navipromo version 3.5.0 commencé le 09/03/2008 à 17:53:35,77
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Recherche dossiers dans c:\users\florence\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Florence\AppData\Local\virtualstore\Program Files ***
*** Recherche dossiers dans C:\Users\Florence\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Fichier(s) caché(s) :
C:\Users\Florence\AppData\Local\ivwzrb.dat
C:\Users\Florence\AppData\Local\ivwzrb.exe
C:\Users\Florence\AppData\Local\ivwzrb_nav.dat
C:\Users\Florence\AppData\Local\ivwzrb_navps.dat
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Florence\AppData\Local\Microsoft *
* Recherche dans C:\Users\Florence\AppData\Local\virtualstore\windows\system32 *
* Recherche dans C:\Users\Florence\AppData\Local *
Fichiers trouvés :
ivwzrb.exe trouvé !
*** Recherche fichiers ***
C:\Windows\system32\nvs2.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Florence\AppData\Local\Microsoft :
* Dans C:\Users\Florence\AppData\Local\virtualstore\windows\system32 :
* Dans C:\Users\Florence\AppData\Local :
ivwzrb.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
4)Recherche fichiers connus :
*** Analyse terminée le 09/03/2008 à 18:09:17,26 ***
