PDA

View Full Version : Virtumonde help


jothunder
2007-09-17, 20:14
Here is the HJT, for you, Iwas'nt able to collect the Kapersky analysis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:31, on 2007-09-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\system32\zfreqfibhu.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\system32\gebxwxw.dll (disabled by BHODemon)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B7B951E-F5F0-4C68-AFA0-556DB698BC12} - C:\WINDOWS\system32\urqpp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (disabled by BHODemon)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\beeupyxp.dll (disabled by BHODemon)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\nkckvupr.dll",forkonce
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [zfreqfibhu] c:\windows\system32\zfreqfibhu.exe zfreqfibhu
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Windows Media Player Tray Control.lnk = C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://groscolismine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: gebxwxw - gebxwxw.dll (file missing)
O20 - Winlogon Notify: urqpp - C:\WINDOWS\system32\urqpp.dll (file missing)
O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\system32\eeuydc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11103 bytes
So please help me :bigthumb:
Angelfire777
2007-09-18, 12:27
Hi, welcome to Safer Networking!

Please download Navilog1 by IL-MAFIOSO:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Extract its contents to the desktop.
Double click on navilog1.exe to install it on your computer.
When the installation is complete, the tool will start automatically.
If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
Press E for English from the language Menu.
Type 1 in the next Menu to select Search and press Enter.
Wait for the Scan to finish (It may take a reasonable amount of time)
Press any key as requested .
A new document will be produced: fixnavi.txt.
Please copy/paste the contents of this report in your next reply.


The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)
jothunder
2007-09-19, 01:15
Here is what you asked me for, thanks for the time you give me.

Search Navipromo version 3.0.4 began on 2007-09-18 at 19:04:59,84

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 16.09.2007 at 13h00 by IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Version Internet Explorer : 7.0.5730.11

Done in normal mode

*** Searching for installed Software ***




*** Search folders in C:\WINDOWS ***



*** Search folders in C:\Program Files ***



*** Search folders in C:\Documents and Settings\All Users\Application Data ***




*** Search folders in C:\Documents and Settings\Joel\Application Data ***


*** Search with BlackLight Engine/F-secure ***
BlackLight Engine is a product of F-secure, for more info:
http://www.f-secure.com/blacklight/blacklight_help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 09/18/07 at 19:05:08.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .........................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 09/18/07 at 19:13:01 (return code = 0).


*** Search with GenericNaviSearch ***
!!! Possibility of legitims files in the result !!!
!!! To be always checked before manually deleting !!!

* Scan C:\WINDOWS\system32 *

Files found :

No File found !

Suspicious Files :

No Suspicious File found !



*** Search files ***




*** Search registry keys ***



*** Complementary Search ***
(Search specifics files)

1)Search known files:
C:\WINDOWS\system32\ppqru.ini2 found ! Possible vundo infection, not cleaned with this tool !
C:\WINDOWS\system32\ppqru.bak1 found ! Possible vundo infection, not cleaned with this tool !
C:\WINDOWS\system32\ppqru.bak2 found ! Possible vundo infection, not cleaned with this tool !

2)Heuristic Search :






3)Certificates Search :

Certificate Egroup not found !


*** Search completed on 2007-09-18 at 19:13:32,54 ***
Angelfire777
2007-09-19, 11:21
Hi,

Download combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)

1. Save it to your desktop.
2. Make sure you save and close ALL open windows and programs that you are running in the taskbar as combofix will attempt to end all non-windows processes for a faster and more successful cleaning.

Click start > run > copy and paste:

"%userprofile%\desktop\combofix.exe" /killall

3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
______

Please download SmitfraudFix (http://72.232.135.12/siri/SmitfraudFix.php) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run any other options except for Option # 1.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
______

HJT Uninstall list
Open HijackThis > Click "Misc Tools Section"
Click "Open Uninstall Manager".
Click "Save List".
Save it to your Desktop.
Copy the contents of the file to your next reply.

On your next reply, please include a
Fresh HijackThis log.
combofix log
smitfraudfix log
HJT uninstall list.
jothunder
2007-09-20, 01:25
Hi, here is what you asked me for and by the way, i would like to say to you that I don't have anymore pages that appears for nothing:

1-a fresh HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:26, on 2007-09-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXBVPSWX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B7B951E-F5F0-4C68-AFA0-556DB698BC12} - C:\WINDOWS\system32\urqpp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (disabled by BHODemon)
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Windows Media Player Tray Control.lnk = C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://groscolismine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: gebxwxw - gebxwxw.dll (file missing)
O20 - Winlogon Notify: urqpp - C:\WINDOWS\system32\urqpp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8827 bytes

2- Combofix log
ComboFix 07-09-19.8 - "Joel" 2007-09-19 18:58:09.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.115 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-08-19 to 2007-09-19 ))))))))))))))))))))))))))))))))))))
.

2007-09-18 19:03 <REP> d-------- C:\Program Files\Navilog1
2007-09-17 14:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 13:20 <REP> d-------- C:\Program Files\Trend Micro
2007-09-17 12:04 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-15 18:17 <REP> d-------- C:\Program Files\Safer Networking
2007-09-08 16:43 189,952 --a------ C:\WINDOWS\Qcard32.dll
2007-09-08 16:42 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-09-08 16:42 118,784 --a------ C:\WINDOWS\system32\vbalNCSM6.dll
2007-09-08 16:42 101,888 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-09-08 16:41 <REP> d-------- C:\Program Files\eGames
2007-09-02 22:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 19:03 --------- d-------- C:\Program Files\Kaspersky Lab
2007-09-19 19:02 8329248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-19 18:59 355360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-19 11:34 35216 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-19 11:34 163256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-18 07:21 --------- d-------- C:\Program Files\Google
2007-09-17 12:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-13 22:01 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-02 22:59 --------- d-------- C:\Program Files\MSN Messenger
2007-08-20 20:14 --------- d-------- C:\DOCUME~1\Joel\APPLIC~1\IMVU
2007-08-17 19:22 --------- d-------- C:\DOCUME~1\Joel\APPLIC~1\Winamp
2007-08-17 19:18 --------- d-------- C:\Program Files\Winamp
2007-08-10 21:16 --------- d-------- C:\DOCUME~1\Joel\APPLIC~1\Apple Computer
2007-08-10 21:09 --------- d-------- C:\Program Files\QuickTime
2007-08-10 21:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-10 20:29 --------- d-------- C:\Program Files\18 Wheels of Steel Haulin
2007-08-05 19:46 --------- d-------- C:\Program Files\Microsoft.NET
2007-08-05 16:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-08-05 16:01 --------- d-------- C:\DOCUME~1\Joel\APPLIC~1\WinRAR
2007-08-05 13:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
2007-08-03 20:29 --------- d-------- C:\Program Files\Fichiers communs\Apple
2007-08-03 19:54 --------- d-------- C:\Program Files\Apple Software Update
2007-08-03 19:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 20:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-07-22 20:40 --------- d-------- C:\Program Files\32BITCVT
2007-07-20 21:08 1185909 --------- C:\WINDOWS\system32\ppqru.ini2
2007-07-20 21:03 1205665 --------- C:\WINDOWS\system32\ppqru.bak2
2007-07-20 20:10 --------- d-------- C:\Program Files\InstallShield Installation Information
2007-07-20 20:06 --------- d-------- C:\DOCUME~1\Joel\APPLIC~1\Bell
2007-07-20 20:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell
2007-07-20 18:20 --------- d-------- C:\DOCUME~1\Joel\APPLIC~1\MSNInstaller
2007-07-14 20:36 1348388 --------- C:\WINDOWS\system32\ppqru.bak1
2007-07-07 21:33 147456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-07-02 21:15 171520 --a------ C:\WINDOWS\system32\cncs32.dll
2007-06-26 02:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-20 20:45 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-06-19 09:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B7B951E-F5F0-4C68-AFA0-556DB698BC12}]
C:\WINDOWS\system32\urqpp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotiveReportAgent"="C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"StandardInstall"="" []
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Motive SmartBridge"="C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2004-10-22 14:44]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 09:13]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 11:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" []
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 08:00]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-16 20:36:15]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-02-23 22:19:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxwxw]
gebxwxw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpp]
C:\WINDOWS\system32\urqpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-14 02:33:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 19:02:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-19 19:04:34
C:\ComboFix-quarantined-files.txt ... 2007-09-19 19:04
C:\ComboFix2.txt ... 2007-09-17 14:43
.
--- E O F ---
jothunder
2007-09-20, 01:26
3- Smithfraud
SmitFraudFix v2.226

Rapport fait à 19:09:48,29, 2007-09-19
Executé à partir de C:\Documents and Settings\Joel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXBVPSWX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Joel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Joel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Joel\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCCEBA0B-5FC5-4154-8D39-2604430BFB40}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BCCEBA0B-5FC5-4154-8D39-2604430BFB40}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BCCEBA0B-5FC5-4154-8D39-2604430BFB40}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

4- finally, the uninstall list of HJT

18 Wheels of Steel: Haulin'
32bit Convert It
ABBYY FineReader 5.0 Sprint Plus
Adobe Reader 8.1.0 - Français
Adobe Shockwave Player
Adobe® Photoshop® Album Edition Découverte 3.2
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
Assistant Internet
Card and Board Games
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Hearts
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InterActual Player
ISEngineUpdate
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Jeux de Casse-Briques
Kaspersky Anti-Virus 6.0
Kaspersky Internet Security 6.0
Kaspersky Online Scanner
K-Lite Mega Codec Pack 1.65
Lecteur Windows Media 11
Lexmark 2200 Series
Logitech SetPoint
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Standard Edition 2003
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB938828)
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Navilog1 3.0.4
Nero Suite
NVIDIA Drivers
Personal License Update Wizard for Windows Media Player
QuickTime
Quik 21
Report Agent
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Solitaire 2 Special Edition
Spybot - Search & Destroy 1.4
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
WinZip

Thank you in advance
Angelfire777
2007-09-20, 11:28
Hi,

Did you try to clean your own machine while waiting for my instructions?

Click start > control panel > add/remove programs:

Uninstall the following item:

J2SE Runtime Environment 5.0 Update 11
Trymedia

Exit control panel.
_____

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {0B7B951E-F5F0-4C68-AFA0-556DB698BC12} - C:\WINDOWS\system32\urqpp.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (disabled by BHODemon)
O20 - Winlogon Notify: gebxwxw - gebxwxw.dll (file missing)
O20 - Winlogon Notify: urqpp - C:\WINDOWS\system32\urqpp.dll (file missing)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
_____

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type clean.bat in the File name and save it to your desktop.


@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
C:\WINDOWS\system32\ppqru.bak1
C:\WINDOWS\system32\ppqru.ini2
C:\WINDOWS\system32\ppqru.bak2
) do (
attrib -s -h -r %%g
del /s/f/q %%g
if exist %%g echo.%%g >>"%temp%\log.txt"
)>nul 2>&1

for %%g in (
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia"
) do (
attrib -s -h -r %%g
rd /s/q %%g
if exist %%g echo.%%g >>"%temp%\log.txt"
)>nul 2>&1

if exist "%temp%\log.txt" (start notepad "%temp%\log.txt"
) else echo.Deleted Successfully!
echo.
pause
del %0

Locate clean.bat on your Desktop and double-click on it. Tell me what it says.
______

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


On your next reply, please include a
Fresh HijackThis log.
Kaspersky log
results of clean.bat
jothunder
2007-09-21, 01:21
Hi,

I did'nt deleted anything whitout you to ask me something

Here's a fresh HJT log and the program clean.bat say "deleted succesfully"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:56, on 2007-09-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Windows Media Player Tray Control.lnk = C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://groscolismine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8777 bytes
Angelfire777
2007-09-21, 16:29
Did you run the online scanner?
jothunder
2007-09-22, 05:52
Im not able to perform this action...

It tells me that: "Update process FAILED. No further Antivirus actions can be performed! Attention, you must be online to activate Kapersky Online Scanner...."
jothunder
2007-09-22, 05:59
Her's the Total message that Kapersky online scan is telling me:

"Update process FAILED. No further antivirus actions can be performed!

Attention, you must be online to activate Kaspersky Online Scanner, since the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. [21]"

I don't know if it will be good for you to know, but I have the Kapersky Anti-Virus 6.0 scanner. Just tell me if it is or not.
Angelfire777
2007-09-22, 06:13
Yes I know that but I'm not sure if they're related.

Let's try another scanner:

Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html


http://img.photobucket.com/albums/v666/sUBs/BitDefenderA.gif
http://img.photobucket.com/albums/v666/sUBs/BitDefenderB.gif


Under SCANNING OPTIONS, use the following Settings:
Action options - Report only
Second option - Report only

Once finished, click on the Details button to view the results.
To the upper right of the results you will see an option saying "Click here to export the scan results" Post the log of the scan results in your next reply
jothunder
2007-09-22, 15:26
Here's the log of BitDefender

BitDefender Online Scanner



Scan report generated at: Sat, Sep 22, 2007 - 09:08:32





Scan path: C:\Documents and Settings\Joel\Mes documents;C:\Documents and Settings\Joel\Bureau\SmitfraudFix;







Statistics

Time
00:08:17

Files
1253

Folders
165

Boot Sectors
3

Archives
1

Packed Files
75




Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
823338

Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

No virus found.
Angelfire777
2007-09-22, 15:31
Hi, Bitdefender only scanned your document files.

Please repeat the scan and this time, follow the instructions carefully.
jothunder
2007-09-22, 20:25
Now it should be good



BitDefender Online Scanner



Scan report generated at: Sat, Sep 22, 2007 - 13:25:18





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:13:00

Files
194833

Folders
5533

Boot Sectors
3

Archives
1810

Packed Files
15740




Results

Identified Viruses
3

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
823344

Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Report

Second Action
None

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk51.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk52.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk53.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk54.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk55.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk56.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk57.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk58.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk59.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk5A.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk5B.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk5C.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk5D.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk5E.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk5F.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk6.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk60.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk61.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk62.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk63.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk64.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk65.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk66.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk67.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk68.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk69.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk6A.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk6B.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk6C.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk6D.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk6E.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk6F.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk7.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk70.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk71.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk72.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk73.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk74.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk75.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk76.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk77.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk78.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk79.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk7A.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk7B.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk7C.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk7D.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk7E.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk7F.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk8.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk80.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 1)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 2)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 5)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 6)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 7)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 8)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 9)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 10)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 13)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 33)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 34)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 35)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 36)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 37)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 38)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 46)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 47)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 48)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 49)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 50)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 51)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 52)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 53)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 55)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 56)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk81.tmp=>(JAVASCRIPT 57)
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk83.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk85.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk87.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk89.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk8B.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk8D.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk8F.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk9.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk91.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk93.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk95.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk97.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk99.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk9B.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk9D.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbk9F.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkA.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkA1.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkA3.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkA5.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkA7.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkA9.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkAB.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkAD.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkAF.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkB.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkB1.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkB3.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkB5.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkB7.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkB9.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkBB.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkBD.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkBF.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkC.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkC1.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkC3.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkC5.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkC7.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkC9.tmp
Clean
jothunder
2007-09-22, 20:26
C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkCB.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkCD.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkCF.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkD.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkD1.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkD3.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkD5.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkD7.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkD9.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkDB.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkDD.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkDF.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkE.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkE1.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkE3.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkE5.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkE7.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkE9.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkEB.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkED.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkEF.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkF.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkF1.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkF3.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkF5.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkF7.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkF9.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkFB.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\wbkFD.tmp
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WC2FLMCA9SXUJ1CA1XHBCVCAL3OSUFCA83S1I4CALFD8RYCA7G3WWBCA5MYU1BCA2QP3TACAAS5EILCAA6BWOCCA21CMXGCA7HR9VBCAUII65OCA4XFJOUCAFFHUSFCAFQ2637CAHPJKW1CA6PT82R
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WDWTrack_FY07AnnPass_Dwarves_160x600[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WEAUTGCAAOKCTHCAJ98Q3RCAXP7NKXCAEDBN6ICAR1ZIX5CAP8HLF5CAT2WNKOCAW56E4ECADLI7SMCARVAGXWCAZP7RYPCA56WLFUCA2MMUD3CAQXGS93CAYITARMCA2HU6GGCA9WMXPDCA050P2A
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WJ21W5CAPLBJP3CAQVOX5LCAFHMRZ6CAESDYSRCACZEF9KCA6DTIIFCA9E7E44CA1EZK46CAIR62QGCARKEGGZCAURV3H1CA2B56UXCAK9QAJYCAFN66J4CAGE3SYQCAL6DBGBCA7ALU6VCAED99XF
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WJMGA2CAMDQPLCCALO524PCAA2IY57CAAKMFTXCA8UVZHKCARXERFXCAVVFLTSCACJS90ZCAQBYFA5CAWWHQQCCA5MUCD7CA5I6CC2CA39XAN2CACB4557CADE1HSECAYPFFMOCAJ1JOJ4CAFS4B3U
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WNDYPJCAZZDLNJCAOH5QPACAURXKIKCAU24F40CAVWN665CAWZX12RCAEVGZ9BCAVA40AFCATV1330CA5DOQOSCA8W8M3NCAEC5LMMCALDIBRGCA9RNW5GCAHECPRQCA912J3ACAI3WN5UCAVHDRP0
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WO0ZHPCASSDRN1CAR2FE6HCA5WF3GDCASSHX6KCAPCM3FUCA9XBZORCA0VW8W3CACIUUGMCAIOSZJKCA80ZWIVCA4XDW0MCAA21LBDCA11HREHCAAQPU0MCA7ID1JGCA0GL6QWCAOM0OYFCAYZS7LZ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WPK11FCA6580GJCAHOFOOACAZEB46ICASTKT7FCA6TSYRVCAJMM459CA562YTNCAMVHCG0CAP988Q0CAFO335YCABTCZWXCATPPK3QCAX82WD6CA6JY1ORCAQEPN03CA8Z3C06CAZWIN95CANZDAQL
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WUVDVRCASJM73OCA69BB7SCAZATLC2CAA01CCOCA0Q17FBCAEETZMLCAASYJA9CA6CISEICA533EINCAUPN14QCAE40YGDCAKXZ396CA2J99JECAONIO3NCA7KNNRZCA83KALLCAAUIBI7CA7VXHCC
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\WXD62VCA548SX9CADEFX2FCAGCHW1QCAVALQ2JCA0NMC21CATYOR18CA59L8TSCA41XAR0CAGTW17MCARILE5DCAY8ZLB9CAFK6YQ6CAH1273UCAMS837WCAGY2U1ECAOMZEBRCA9XGMLUCAJ4N4ZN
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\X40IVECAFHB2I2CA8SUAPWCAJ0TDF3CAYVT7JXCA5304GJCAAUZO6DCAE8AD80CAS10G3VCA5P0QP3CAWVUEAHCATQHOQ1CA64LRD7CAX2HA7SCAY9Z5MQCASA2ANCCA3JLSVUCADLT2RXCA9TUUZY
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\X4JJ3XCA8Q28SOCAMYV7YRCAZ1VJUCCAHV5IV0CAEXR6PBCA1M58K6CA4IVYMECAENET6ICAIU5Y7PCAJ5C7MKCAS5GF8GCAI54ESLCA7COIPZCAPBSH0LCA1URI5QCA8GCQ6TCAJK4RMBCANJ0JA5
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\X6W4RACAN7SJWKCACNDT0ECA27IRTKCASLJD82CANWPMA1CA2B4A15CA2X13M6CADM4CGFCAXJUBKECAGC6TSVCA3SAAHHCABJM3YFCATTG0YQCA27SBGYCA1A92O3CALIYTEICAQ061AJCAENUIYE
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\X890OQCAK2POTSCAO6BTQZCA2C9GG1CALJ4WG4CALP83Y9CAECGYPHCA66D6BBCAM160SGCAQQYJHNCAQ8Y565CA9U9AK1CAYH7NJ4CAPB480LCAK91Z6VCA9AICAECABVNF52CARW7LOZCA76NTYP
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\X8O6XOCANJBOPACAZBS3I3CAUKMK43CAHY7ASOCALT4LRRCA3J07N8CA25VIQRCAB118FBCA8U00LYCAIHNBK5CA3N0PLICA15CMJ0CAE1MPKZCAXSJ8G6CAYQRO1FCAEMWF1BCASVIHQPCAIRTT5O
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\X9FRMGCAWI1MGFCADJF5MDCADFHHVZCA05VXRNCA1YWYCPCAOGNIV5CA2900WACAQASP0QCA9PRWAHCAV0ODUYCAWWXYG2CAB70CW7CAIOGK90CA73LTL3CACISPMICAZREM7LCAORDHIOCAPP8M16
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\X9IUXSCA8SNGS9CAXU9W65CAB1CQ1ZCA7X2DU8CABB1G9ACAHQTJVFCA5Z40L1CAAG29MGCA0E41FACA5MZ669CACHHI48CARJLMGECA3RE6N6CA4VUPTPCAN1BOZXCAU20B4YCAFEA1PZCAPS9M6C
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XA8KX4CAL7SL03CA3NLSFGCAJV2AC2CAMRE020CARWMUJLCAWXLPI7CAQQ9DGYCA98GSF1CAP9WFSTCAMOCGC4CAIDTNGVCAF1GZLJCA4G7V5CCAJCABCKCASCH2SICAB1696ECAA7IDH6CAVSTR0F
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XB9U3GCAIXJPILCAT7CRAHCA5296VQCAVJ0K45CA9H9QIOCAY5BW7JCAH3Z6DCCA6R8V9UCADLTYRUCARYGD89CA8B19GXCAE5IQ7SCAXFO4RNCACSOX09CAGXRPTQCAWIGWYLCAK3JXBCCACCU41T
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XBBKX8CA2ZBW5YCA01XWX6CAQBHP35CA1624PWCAW1KR4FCA7XR22SCAH81IC2CAAEKUVHCAQYY769CA96G46KCAMSIVKBCAPL32MVCAP72IFWCAZ43MH2CAVNIJ5ECASQGQWRCAVQSAEHCATHI51J
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XD9592CAW9KHADCAFIKGT4CAB1CY0QCADGKNE6CAZ5N175CAPQ7EESCA9LKFA2CAHEAKY8CA1HHNCLCA3KWK22CA0WMEGWCAS0EN3KCAAGLK69CARY5GBQCAERAJ2SCAG6HNHDCA1V3LP0CAG79CD1
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XDFNWGCAY4PA24CAV2KPPHCA0EA3EACALK9VWUCAX8HYFFCALS0ROTCAO8EKHMCAWWACNTCAW8I95ACA92YEUACA674NJECALQ86IYCAIH4WPBCAVZQUTZCA61B6E2CA2W1T91CAXAG607CAZ9C0TF
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XIU1POCAL2MOALCA27916XCAG0A6CXCAJ83WBYCA6E71U2CANLEYLPCAG81ZARCAUQ5CZ3CAPM1BYKCAV8IAAACAO24610CAY81LU8CAXLI89GCAHXCB43CAMI5BMJCAJB96MXCA4W6KMMCAXN95CZ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XIVI3ECAXJ4WZGCAZE8IN6CAV6UBX2CANKJLOGCANS24N2CAO4H9S4CAH3UZJBCAR4EBR0CACMRXG3CAMWBMV9CA518PDUCAAEGRXACAG8RLV1CAFNIOQBCAJ2AEBWCAJ9T966CABT6BS8CA4YT5HJ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XKO181CAMAE39ICAIREDJZCALF3KANCA2I5O4KCALC8AB7CA07FEL2CAK9LU8VCAUHPOWNCAQA098JCAFUP2S5CAARG21UCAKPSXHRCAFLWIMMCAZDLBIFCAKP0OGOCAJF34JMCA30D5OQCAQYNMBL
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\xml;sz=640x480;ord=35830754621633964[1].xml
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\xml;sz=640x480;ord=38665573088809210[1].xml
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\xml;sz=640x480;ord=68586854857991610[1].xml
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XNUCWQCA7U7UZXCA4YRLWRCA5BWB3VCAYOISBICAPATB5XCAO9T25LCAYC7P8PCAQ39XH6CA5QBR0YCAX04X6VCAHNS73MCAR79M8JCAFSY7XFCA0OIEXVCACYVBIECA7ME3JUCAAERDYUCA0PWDO7
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XOOIROCAPBGB32CANO7NFICAYN3O28CAUTG5JLCAYZINTICA36LC1UCAXPZLSYCAHZ038VCA0ZQXFECARI3CBNCA04153TCAG46NTMCA1FFTDPCA8R3338CA3CZ9XGCA9B587BCA64CI1XCACANQDJ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XP3OSZCAYIRUAPCARS1UVUCA2M9E0BCAGH3IWOCA2468X8CA483KYGCAAX2OLOCAWVO2XYCAEFE5Y3CA3NO3WRCAIXNN74CALU9IZRCATP9YG2CAHDNZTECAPC2GKRCA1V1F3VCALV93AXCAGFICOC
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XRC0KICALQN6MSCAGMMIWOCAN9POYECAVDX9D6CAGX4RQECA0F1DZHCAR0BWM6CAAE41PGCAFX59A2CA6JYCNOCAEDLZZ2CA2M0DQ9CADURZJJCACGEMEOCA5DJECACAYZZQCQCA6W1BXHCAPZPAXU
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XSJLCYCA2VSDCMCAGM4C2HCARJ9EGZCAGQUS0MCA313O4RCA3FCBD5CAMHNKLZCAPNVEPMCASIM437CA8B2O6VCAFLY298CAF0FTH9CAT5HYDSCAJLR17JCA7YIK3FCA9BW37UCAZMNJ93CA3AN80S
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XWW4UPCAN0VT4HCA63YNSLCAAHU39KCAVUJ45MCAGN6GGPCAIK28D0CACRE5O1CASQ650BCA9E0BGBCAP5YTYGCA342VPYCAL2EONFCAT70H5DCA5YLP7PCAWUO1GWCAALVVIJCA0TD13YCA8P3WQX
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\XZD3RJCAPNFXV0CAS5VHR2CAWWLZBVCAXZ1JEJCAG6RYV3CAFLP8GHCAKOO6SBCA2JGL7YCAKWVUVPCAUFJS0DCAG84UJHCA8KAYQJCAJRQZSYCAVNQBIOCA22180ECAHXH339CAMYITUFCAU4I4F6
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y0CGHCCAMV4E1BCA6O1NK1CA07KEF2CADXPR7LCA1CLIHCCAECPUBDCA9D7VC5CAB69F43CA3TBK66CAKIZYPMCAWA4S25CARXNKZXCAO4MUMJCALY3V33CAFH6O60CANM6PXACAWNM0DACAHRQW82
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y1GQYBCAD7KIC0CA6VPGCHCA8RW7T0CAV0ZF9FCA6HAVOFCAJQ8ZCDCA51FNIYCAV7SIXZCA5RX3F0CARXE7A0CAOOOLSMCA139CUGCA7GSMYNCAG8JTDZCA7O8139CAVDUMI7CASCKZQOCAKM3T6B
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y2QB3WCA8K75BQCA4AR8OKCAAR2L8QCAWVYKNJCAB828S9CAZWUZ9FCA6M4QEMCAGKLV45CA110UIECA0N2KZ8CAT08SWRCATJHWW8CAT9QRN8CAR4OVZACAYCM4CZCASPI2SYCAAAB45KCADX7YCT
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y3EH3ZCAP182V3CAX0TA59CA3M4XXUCAZRKIXKCAPYAJI0CANBL0GRCA8NW19BCAXY47QYCARF6IG8CAZTSWJ3CAEH5UARCACETEAWCAYLSBU2CAYWW01LCAN7WBOECAWIEW1OCAB58OACCA4F8J6V
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y6BQ1JCAQWG8XGCADRCEAGCAF3ZZ5BCAD6I2QBCAI0CAITCAF18GGDCAG6OGAOCAEDWO8GCAM0ZNT4CAS94P6PCA4Z4I9MCA7ATDWPCAKJZPY1CAWE6N05CAQJV0YGCAMK8MO2CANT55ZDCA0S4EEH
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y6TBBBCASKZGX6CAIW6KJVCAXUPFZUCAVNMF85CAZPCSOUCAAAOFSOCA3WHFL4CADSZUICCA79P8ADCAD934GSCANUFZR0CAD0NXFXCAH9CAFTCA2O33FXCAZHDWQBCAEBV838CAL5I63OCA964QY5
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y6VYYOCAQ3K7C2CAO6G7X3CAL9XZ1DCACRQFPICABRX09GCAZI6W0VCA8TT0DCCA2Z81LECAHR3WGBCAS94X1CCAG4YSPDCA62O1GCCA559MHQCAIQ1W8NCAPDG0HQCAL0XR8ACAS68E8BCAGFBX08
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y7EXJJCA8X7YRKCAXMZ91NCAGGQRUSCAH8QR4XCASMRCBUCAND6GJLCA3KYMCZCA9C2OL1CAFGHGY9CAIXJGMGCAPB9NU4CAEHWB81CA4ABCFXCAYN4YSUCAPLU21KCAKKDP40CA99NSMBCAMQV5G8
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y8W0KUCA1NW76MCA2NFGVACAOQDUFOCALCQG4OCA1OKCUTCALS7G6HCAV3QIM8CAS4O4X3CA5GTE7ECAUCWCEJCA16ASKPCAAB12DPCAPUIN7UCAJWDISKCA0GZ1SWCALL6KTFCAKWXCBXCAN7IQP6
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Y9J4UPCABO309XCAU9CK75CAF0F3ANCAGZ7RPHCAITVR0ACAPZO9U0CAVLRCBGCA6G1R2KCA60TAQOCATB4XWACA3HB9FJCA0AGPY8CAS762NMCASVPC38CABCYGJVCAK9Z2ICCAM7DXVZCA2464SF
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YB2PB3CAQKEADOCALYZP5NCA6C39Y7CARD3WQSCATW603PCAGDO8XDCAGMSK73CAVQR32YCAXC3PAGCAVLHCJ3CAN7W01JCAN89F7MCA6Y0FQUCAHS5OJWCA0NIV1ACAEOVVSLCAJCIBY0CAFRJMOC
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YH7FMFCAZSIBMFCAXUXUYOCA02SJT6CAH34ZI2CAOHGUYTCAYZF039CARMM0C7CA3666N1CAVPNV6UCAC3XTYTCA18EUQECALUQQNBCAY99KBWCAACJWNACAOPE3EWCAUJOPHBCADWMDG2CA2N8IAF
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YJ2U19CAO2VJLYCAAIG7HOCA307F80CAZC2C26CAQJN2TOCAU0G86FCAUB3NIYCAN3OXV3CAWYG6SUCANMMUA9CAYNGCICCA5599HACA023T55CA1EXXUICAVJZZVKCA8DFCE2CARMLXR3CADAESFC
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YKTYL3CA01HQNNCAC7Z2GXCA3K3MN8CARFETH6CA3C6J0PCA9YEN51CAGGV4JQCA37Q342CA7VPDZSCA1MK0YYCAEE9EK1CASEH4ZCCAI5LKH5CABABWRTCALPO80ZCAE9MMI0CAK2AJOLCAA6HAVF
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YMA7QECAA3C1YRCAPOZYLCCANQBWZQCATCI505CA4RBGWLCATKFWVOCA2Y7GI0CA2933PCCAOO99WUCAMICI0WCA4UIMOTCAL43CS1CAKJFISECACDRU00CAHCDT92CALBLYLUCAXNFQMLCAQWKUGA
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YML2D6CA9MMOQ3CA79H0FSCAUFMCG8CAWSSOFICAVKYG7GCAHOSZ8LCAL7GRO4CAFEL5JCCA6A83BPCA071NYMCAN7CM8TCAUYZVD1CATK0P5NCA5DVIADCAKJ4XF9CAME8EN9CAA5TKEPCA50A412
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YT10K0CASLX00YCA2UZ5FTCA511Z0CCATLH1HWCANL8WIICADIKMNHCA55201LCAGNY790CAZQLSKTCA4BQDQICABW3MCGCAFC0YUICAZOVJLFCA975UPFCAN670S5CA6OH5WCCA5AAGWDCAOBFC33
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YWAMV6CAMGEW7WCAH4GU5XCAV598LNCAL3D5MVCAPTOSEZCAQVT5FVCAEYBAADCACN96AOCAQBZZLOCAL7R4IDCASW6IQ3CA592A13CA0LERVOCADS1M0NCAEHXG68CAQQ0DHPCAM92IPJCAT1EN6C
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YWC5RLCAFE5M7QCA1KF02ACA9V5YJUCA16ORKFCADH5B3SCAZDVXXRCAS971QHCATUOJUMCA8IAN3DCATLK07LCA22OT0DCA7QUOXKCAFDGPH6CARO8U3BCAO5GG11CAO7EU0TCA6GI905CA77U05M
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YYUS3QCAS9062WCA8UBKY1CA5HRCPBCAAMTAAUCAJA0PRUCA3KG8RXCA7OPTGSCABXXVJLCA6AQM4RCA9I9PMZCAUNP325CA06GKGJCAYUP9RMCAA3VNF2CANPKY5KCAPTDNRWCAYLXNTOCAM5EDRQ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\YZKLEMCAMSEDMPCAUSWLXWCA62RLA0CARV6HW3CAB430BLCACTPEZKCAVNPII2CAQFW5DJCAWAX25ECAYW83A4CA4NWGGZCA3VIACSCAUBMUGGCAO2IFA3CAE1Z7OGCAMLJM75CA3FNG8TCA6Q5JD6
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\z01_120x600_0807[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Z1NIY0CA31OZ29CAATNN8CCAIVSLRZCAWMICONCA9CW1HWCAVRTH95CA1EVFZPCAGT65KJCACRUPEMCAVZOHTDCAS4A5EECAZ1RXNUCAZWBDRBCA0LR6HOCAB43O1XCA6SQ9HYCAYNWP5CCAQ8C9B8
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Z4XE6LCAIEYPM6CAYYN0FWCA370C1WCAQ8H47UCAI0I6HCCAW4YJR4CATX5T8BCAVGWAK7CAM1R307CAXGJW1ACALEC245CAO1FXAXCAAZ4BT9CAPBG119CAOM8DEQCADYR9SICAX1DHCUCARQ0KOD
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Z5B04PCA75JZ1BCA0BM4OOCA1Z3Y37CA692E55CAJIF9EUCAUQAZU1CAUUVBIFCA3KB1L4CA1Y2HXCCA9H6BUUCATTRWZYCA3ZS9BOCASOWTS8CA9OBQBUCARYT860CAK6T218CABK90R1CA42DVGD
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Z5NEQ5CATMRGBZCAGURMX7CASQAQZHCAF92NYUCAA6ZZIKCAVPRRPRCAT1P23ECAOUWJB0CA7ZHOHZCAO0ASPICAFYNQYBCAA12W7NCAXC7IHDCAYPZHQRCA0U5T7ICAGCIV5OCA068TSPCASPKT2K
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Z7P47JCA2N909OCA4706PLCA62K138CAP2PRILCAB9RWL6CAPBKXNWCATEODK8CAH5VV3ECAV3HXSFCA9GY1JXCAF63BGSCABD1O18CAHS98ILCADZ43GFCA9VBV4NCAWHNVGECA0P706YCA3L17I3
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\Z9PI00CAJP0JZ7CA6QWJMUCAKINNX6CA1WZ9TKCA22US8FCAK797H5CAH7463KCAW83KFUCAOUS6L2CAEF2AJFCASDYV30CAK44TLVCAQANCNGCA3G3M40CAV61X9ACA8EDKYNCAD4S2CRCAL1BWF2
Clean
jothunder
2007-09-22, 20:27
C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZA6F17CALOY3WTCAYPJETBCAINFX95CA4CP5LFCA2K7J1KCADXV5QOCAGXIUKOCA5Q3FX1CALWB6IDCA8NL4SACARB2OFICAJW3IV2CAB0NJAJCAPCH9ERCA10493SCA9QCK6ZCAEOXU59CAQUBIKO
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZCHQC1CA1753VOCAEEGAE5CA4L7R5HCARZ3HWOCA5Z101SCANRD39WCA4A79ITCABNRJQACARCOOTJCA2BQT36CA3XM5AQCA3HV3CGCA7DBSM8CA6XUF20CA5K5ZJKCALS7ESWCA7I5M8UCAR8ZJHY
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZCRIR6CA5FJOTFCATN5WGSCA27FNCPCA01N4WKCA0F027CCAENEMSFCALG2VCICAU4BG2VCAI2FGJICA4A33DVCAM8ZNNACAOEWXNSCA83686BCATPF4UECALXCWNJCAXN24PVCA9G15EYCAJDI469
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZD3WMYCAL7ONE8CAB131O7CAMAVX8RCAJTKFFACAQJDFPQCA2KEKL5CA60EYYTCAH4DX4FCA5DCL6ECAXCD2Z1CAEUZDZ7CAITSM76CAW4DECMCAH6RIU6CA0IJ7RJCA0GD1BGCAS865BQCA0AWJAD
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZD6BTZCA0GD4J2CA7LDSIPCAV19B5VCABPL3QSCAR2PBRXCA53QNZKCAJEZCGFCAN671ITCAZMIG66CAPY6B6SCAXR0DZGCAG9ENOHCASW47B2CAUMNKIBCAMD7DTPCAL31WTOCA0LGBUYCAVKPXNB
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\zinky[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZIUD3UCAQ581UFCAIRDICNCAVAMOP6CAR476GGCAGWQNQ9CA10NRT2CASNBZ65CA37AAD6CAIY8IROCALSCRQHCACQX9AECAKBZBEZCAV8SJ60CAWAV6B0CA0WCBX2CAI8EZA1CA4VQE42CAREOHRG
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZJ7PRICAHZK93OCACNGO5ZCAD88M2RCABSNZL0CANPDSPQCAJI52D6CAEKQJLBCAOQTXT7CAJWR4L2CA9G004SCAIE9VGZCA8C15Z7CAQ4RNIOCA0DC0W2CAU3J97QCAHQVYMNCAJ4AK8ZCAFWYM7W
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZKF2MZCA1LHMNOCA2HU0BRCAJ7PVWDCA0S8U43CA1IDDMXCASGM5QLCA39IQY2CAVNZ36WCAUPTUUPCAGA5RMECAADZYA0CAMH6A4MCACAZRX9CA4390X7CAEDWK13CAW40IFTCATJPT7MCA3274TD
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZMCDHVCABNC15HCAOZXE7LCAWS5GL6CAORTYTGCA1E16E2CACGE811CAE3Y8NCCAGE0C6HCA6UGEXXCAHI7LHJCAXFZ77LCA0N9A8QCAZ21M56CAGVSO0XCAF377XVCAAKDA5ZCASO9QN7CA24VOKQ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\zoohaul_hlm[2].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZPY9TCCAMO4Q0DCA4ZENIRCA9QT3AACAYUNHBHCAHBD72ICAQ1TU1WCA9SPY6BCAX13GXJCA11Q841CA3J7YBJCAU2DI6GCAKN6SBCCA4SGX7YCAVEXB32CAGG0TBXCASK8UPCCA7XO1URCAGLXJ8B
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZQ2911CA64HQARCAWR8YOLCAIQA2HSCA66Q1JTCATEKZ7ACAXCRU89CA4Z9YGNCACAK3F1CAL5Q3B0CAH3C7F7CAHILNU0CATW6M98CAV24RWWCAQPYHO6CA7PFGW9CAJVPTMJCAE835HOCA84D2AC
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZS88T5CAISX2TBCA2FU6FRCAD7HKL0CAXJ37C5CA9GKFBMCAR3QOA9CAQASLTQCAZYETE4CAM0EPEHCAVRAJQ0CACNTI9TCAV1R5HYCAZ6L7AVCAJDPWYFCA2ZS0JUCAHJK1YPCAO4ZWH2CAV5236T
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\ZWF3XWCAN066WGCATFM7HDCAX9HCBQCATDT8ENCAPGFEF5CAFS2XBSCAECJQ4VCADHEZ7ACAQXCLDWCAP2JLIUCA9YM2R3CA5YNDWHCA61HSD6CAM7CD6GCA8U8MMNCALP4W74CAUZVB29CA81ZUEP
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\zwin_clk_red_160x600[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[10]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[11]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[1]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[2]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[3]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[4]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[5]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[6]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[7]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[8]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\CBY0DXST\[9]
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\00GAABCAJV3PT0CAD1WS3HCAF2O4Y4CAGZIR88CA37NBS6CAI5C0IECAP1ERZHCA44L5DNCAKW5UDNCAO273DVCA4TV4R4CAGXT97ACASO0XIZCA1CW929CART2KSGCAJGG1QJCABZKP3BCABMXLG7
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\02IPN7CA8YR267CA3PYQ84CAAEO693CAWTZEFDCAWUQ9I3CATAHNE0CAMZWTA2CAEEEB20CANL9DFHCAH1HYYPCA8V2RPHCAX6U8GUCAPJD8CJCA1KA22OCAXNVLWGCAI7OQN6CAG97ENNCAW0Y9BU
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\039LB3CAE5G28WCARN44YECAQO47IQCAH1WTMNCA44U03VCA0K2AIICAQ1KRR7CAKPFWEKCAMQFSBTCA279R5ZCAA2NKBYCAV3SD49CAHBCW3LCA8AZJEDCAD9G39OCAR3R1P0CAXGY79DCAJD3TI7
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\06N2PDCA4F6JHRCA5NIW8YCA7ES1XGCAPYDAAWCAB37V28CA1S4HSQCA3FH5DPCAAWUQN7CAGAKPYUCA1CZGGACA7NMTMZCAOU7OX1CAW4EFTGCAT8ZAWKCAA4YPZFCA33QQRMCAIDTYDDCAWP6UHQ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\081007_728x90_collage[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\0;aid=134446464;ko=0;cid=22595989;rid=22613872;rv=1;×tamp=1190316738598;eid1=2;ecn1=0;etm1=30;eid3=13;ecn3=1;etm3=0;eid4=1091;ecn4=1;etm4=0;[1].gif
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\0BH2YDCA3XXKAVCABRASOZCASKSTC6CAZ9BJCPCAJ1SH69CAIQ43JJCAQ8IO4XCAQ60IBKCAP5P2I6CA62MM9TCAUF57EGCA66QG31CATM8CKMCAH0GR4PCA5PAS5ICAJERPP7CAI25QDUCA23XWC2
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\0DHFLVCA2DTQ6VCAAT14IDCA28Q90ACAXQJ0LQCA139MKQCAHF5AEOCA80L1VBCAJA61F2CA9ZMTRHCAJBJ3TYCASX55LUCAT0JG2FCAGB6UPNCAK4FL44CAQYUP3OCAURLY15CAQOG6NOCAR65F2T
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\0GTY7WCA8AF4DWCAC5XFV1CA9IX7PJCA6H9YBCCAJ6YGVPCAI35XTPCAGRDEN1CAKJU6HMCALB7AXSCAU6QD2HCAGW9P8YCA69OSY3CA0CYZCSCALV2WCPCA55GCBACACREXPVCA7MJ9USCAS692WU
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\0IZKDDCAAYRBVBCAWB0C0RCAZXSZ8GCAW0U5SZCASSK81DCAT9D0CFCA8I3LKUCAF9NQ9FCAPU1HNICAH4B5EMCAMARP8MCA3KE3Z9CAXGNT3GCADWNUG6CAYSJ1MQCAG42JTTCA0Y5J7MCA7H4WI9
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\0SF1XACA024K3ACAHMPHVBCAYXQMHMCAN8E362CAP4VYHCCAMP0CEUCAZNHNWTCAM5JQZ4CA2AFXKCCASDKK6CCASH2H4JCAC4B8P4CAW7PST3CA5YO3MPCATWNQEDCAAM7UI7CA72N6BRCAZS531L
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\0W3DSPCAAGAPHNCAELUKBRCAGL8OXLCAKPTKSECA5PVOTPCAK4GTYFCAOB8HV0CA95BIDGCA4506SICA5UB2BNCAOFQKVFCA8NQ9RSCANPRBULCA83E14RCA2CU7NVCAY2GCH7CALWZ3K3CA9P6K05
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\0YU71DCA1BNLURCA83V6LZCA2VRN8ICAX2FSUXCAQNPJ19CA39QF3NCA9IEPJHCA5OTM2MCA8ROVIMCALHVOS6CACHXKWZCANDR0BICAHT12QNCACSV6Z0CAFNNJ7RCA1Q19OCCAW8E0WLCAJ4GUDB
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\105PIUCAHXA12QCA7ECEK7CA7HCREKCA367UY4CATU12WPCAJC91VHCA1JWK61CAFSN59BCA2GZLI6CAAU68F1CADYJ4MHCAXW4RQQCALUD32BCA3NKLKUCA6PFKNTCA4AD3J5CA50BPWQCAHC1ZUA
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\109DSSCACDC2Y8CAHW93XKCA056EKQCA13P6H8CAMTJ0LFCAR0HZ5HCAU5FZV1CANH9542CABBUWEZCA8D25YTCAX9LTRJCAB0AAOECA6KL2DBCAEKJIQHCA6MAHMACAZABQRRCAYU7Z1ZCAQOBJV9
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\10IJGFCAJ11X43CAXCZN6QCADKETDVCATOMQ2ZCAIVS05CCA3V1U36CAN0GJQ8CAQ118XNCA800YHICAU5KF86CALMGW3TCAY0EQELCAWLR65MCA9YLU0TCA7GG88ZCAV5QIL6CAZGN3ETCAQNGLX0
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\11256a[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\160x600_v2[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\184-7687_OMC_300_r2[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\1JMHY7CAKIWHW3CAPFGUQKCA5XPAEECAAXKC78CA4Z720RCAYS4ZFHCAI2L3U4CAFXHWWGCAODU1IZCACV62IECAKS9NNXCAVBTAS6CAULJPP8CA5GUO2ZCA23A3I6CAFSXVBOCAVDMDP0CAQV0EBC
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\1KHY4NCAS3L64MCA7ZLW2MCAWMOYC2CA8Z1XTBCALRF9FTCA6Q6Z0WCA6ASX1YCAR27BLWCA9KQ8QKCA5RJ3JVCABO3WRVCAB1YHOGCAF7GUXLCA5UD22GCAFPVDKICASX5TLGCAJFKP6OCAL7EDLZ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\1KIAKYCA3TSSFMCA24M061CAUMX4R6CAMEURWSCAHEFODOCAXBZIYOCADEFNSZCA0CHOB3CAKXY33KCADWY1U2CAIVCCM8CAH96WUECAJVE18NCAZH7TPMCAP2VL01CA9L7GKUCA40CMO0CAUGD3Y1
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\1KPB3SCAPKB3NDCABB9B1XCARXQEMQCA7NG4DWCA0YL2MYCAV2FBBVCAWNRZJQCABDNVN7CARPTU4RCANAW67ACAW3CS7MCA5XERKQCAZM320FCAHFLVZYCABV0BIECAKS87FACA8VVUB7CAFS6K6O
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\1PID21CAVSEACRCAGA2RKNCAVE6V5YCA12RHTGCAA3BB3SCA1CWTYKCAXD4PFYCAXYY9ENCAXL6A26CAZ9C9VGCA6778BQCAF3UT4TCAP0G6R3CA0Y3ILDCAC0JK9SCA22PNW6CAMK9DD1CAMQ0VQG
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\1TN3FSCAY738MJCAPNDJGSCAJP2IMVCA8CVIVHCA1FETHCCA77AUCPCA58LDGGCA827J6UCADILATLCAYTLYSCCAIHP4N3CASJJMANCA7AP5RGCA13QYPCCASICS00CANQ2RQDCA5ZK9IOCAKIUFWK
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\1X43X0CABK7F1PCA73WEARCA31QH9HCALDNUVICAP3D1OMCAR1333JCAYUZO13CA7T7P86CAWS4VKKCALFJLJECAWNN7EICARGXDC2CAB2FHZ0CAG5IDJNCA27PJ37CAJSAXIFCAEE2XX0CAEE0GC7
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\204B1UCAI4XST2CAST5AL2CA510J3CCAKLHRZVCAFC3Q34CAQN5OJACAG9T04VCAWRF9LWCARPMD45CA2M1XGGCAXAJE5DCAMF1O86CALE6BNUCAJ332P4CA5Q76XACA6M43INCAFIZ03GCA8Z0FLJ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\25846TCA2UA0VQCAEJ34UCCAEWOAWGCA6I2ZK2CAY2LZ7MCA012MKICAMYBDL1CAR1VS1DCAUYAYU0CAWP3AOMCAPJNJNOCA2S7VRVCA6UHW82CAPLYYIUCA24GOKQCA6HO4O8CAMYAR9ACA4UMRP4
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\26NYGNCA8LF1VECAYY8J1BCA9Y89H9CAHN53UBCAEAJOIVCAX2YBIBCAWTXLN3CACZB3UFCAZZ7PVCCAK5CFH6CAK4X52NCADUM4RJCA73GV27CALSKINACA455JGXCA8R3N4FCA1N87EVCAW72KYS
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\26S7B8CA7MLIAKCAP813R3CAL1L523CAKGONY9CA4UEDZDCAD1FR8GCANXES50CAZSZ9R9CA57VREPCAKIIKTBCAK01G64CAPPC7X2CA6W37MXCANGF2DDCA5MLTBYCAK9FYBOCAULC853CA4IUHZU
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\296436CAL3FP7GCAYYCT7RCAY6GVCXCAV99H3CCARIYCCZCA2BSRFDCA71EPC4CATYNBIYCAQE39R3CA9OCDNLCA19RJE2CASJ5CYGCAVQI00QCAU33BFMCA9SRU2OCAOEP7WUCA0PMQ5HCAG5UFPE
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\2I8XW9CA9NNGA0CA5CERM9CAJPIEG2CA37SLI9CAF95W52CA6ORU8ECAUDIBHPCA1K96FOCATVY9FECATV4AJ0CA0H6M7HCAJNE4CPCA0F2R6HCAAVI182CA3QGVSFCAQ05Y1ICAUVT8CDCAUCT3YF
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\2RJAUMCARNAS16CAGGF3WPCAIIBP30CAEMN912CAHTB9IXCAUSZYQPCAKSYK60CATW98NECAEXWTC2CAW9C1STCAROZ4H1CAF07TK6CAOH00X8CATLU127CAB2ZY5RCAC0ZGE1CA4GXQA9CAATVZ64
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\2ZLUPDCABROBP9CA7C3N5VCAMH4CE7CAD74OPTCACHDK2JCA22B3YTCAVDWUWNCAJ2A3D7CAP1KERZCAAA7VQ4CA3VSGM7CA4YXVI2CA83F17LCAA1VANWCA4CUO5ECA2XM4GWCAV12TODCA7DUGL8
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\300x250_n_n_allen_opt[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\300x250_n_n_lopeZ_2_opt[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\3585ZCCA9WOVXXCAEYGFKCCAJKLEVLCA0LGROUCAYQV0J4CAV5EL7ACAH5P9JDCA3UOFA3CAAQJY9KCAF5GC61CAG3UWY0CA0N1KE3CAWH0VFFCAUPXXJDCA987H2DCA9NGXL3CA9BPPB4CAS9G7R3
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\3B06XPCAN4ZZSECADM56CGCAJAOEPHCA07J525CASK8X9GCAGJ9B1BCAU312T1CAR2R4ZMCAIKHVKCCAE7HJCOCA6XLI3ZCAEYY2NXCAENZ6X7CAQW76YPCAA1N375CAP6K7AUCAGRMZICCA3GNYQ3
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\3R2Z36CAGVQDEMCAUDBMSVCAB94JZOCAKH6GGJCAOHU9RXCAG2DZ4CCA28AR19CAS2TMA0CA0VFU1MCAEZMO7KCAOO4JALCADH4QSVCAXD9QV6CAQJ82LNCA8LRNKRCAPCH0W9CAOE9NRGCA4VTP71
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\3SAZH1CAMLLYBNCAZK3SB4CAOZIEGJCA53KCC4CAU6CAF1CAX9C2MOCAA8QKFDCA17P72YCA0AXUW3CASDGO5QCA2WEVLICAP2ZV1CCAY709BHCACC8VHCCAMEUR2OCAFLSMK8CAPRP2LJCA1J1EFW
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\3UXVUMCA8XG01XCAP1L43VCAQ1EBUYCAAC7NVNCAVXYFUWCA1JRP25CAO07X2ECAJGKLNGCAQC2P6QCATXPUTWCAM0MZCICA3Z86EVCA7LID2ACAIIBB7XCAWHVLD3CAY4LQ7YCAJH007NCAYLQPXB
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\3Z8VPPCA6RJ9ZWCA4TBFW2CARWZ652CAQP0GWPCAGS4BHCCA2WB3TICA2ECXXHCAWJUQP9CA6IM126CAUYOX6VCAIM2O1ACABE1ET0CAKHJ85NCA6Q9ST1CAYTR04UCAL58HFQCAC3YIOCCA6WDPGZ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\3ZB39NCA0K4JZNCA85KTFXCAXYPHN2CARUZC7WCAW8OO42CAMNNMTPCAO30482CAFWEEZ0CA6TCUFMCAMSEZG9CAEO04EHCAG0MZ6TCA5BWYIICA3QN2S9CAXAXIG6CARAAR6ECAXSB4LACAD8V8D6
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\40MZ56CAPCC5MPCA075YVZCA6EA92ECACSN4F5CAFPK6ZOCAP3LQ7YCALX73YUCAT015E5CAR5STMJCAF4ZT4SCA0VIN02CAHVNPV5CA4DRYYRCA4Q32U6CAD31JOBCAUQKPLPCADAKEBPCAQMXNV8
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\421IU6CAMH2J3XCAJKQVOZCARUDEU0CA61SS8MCATI92NVCA184C97CAZVGUV5CA2PQ9J8CASJFIORCADKAC3JCAUB37RQCAMJRHJMCAVJF4QECAC2AQD3CA3ZRXWYCA6D6EOHCAG89MZ1CAPNUK5V
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\42NW3ZCA5H8ZG2CAK9CUEMCATW1J4TCA6Z0728CAIKYHMDCAMC0RIUCA1TM1W5CA6ESRM0CA088JNXCAU6E9AVCAG9TAUMCAN5ZNC1CA0VI9MPCAPUIE64CA07C7FKCAY6L4OGCAIRIO42CARGM9A1
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\4C962SCAGKDZPXCAK0UAGBCAUJ1MCNCADYCNTVCACZ02ZZCA95XWZ9CAVZJBB2CAXBJ56ECAC03YKACA84MX3ACA4PYP8MCASRN8PHCA0J3C1QCAWCZQB0CAHDUHNCCA8UHIPNCAJ3FZ13CAFCZB8E
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\4QL5DKCAU2L825CAR4QUUBCAS37O4XCADYVQXJCAO3QH35CAIZG7BBCATKSLYWCA94CBWGCATTYQS8CACV2QZ0CABOXFS0CAFTIRWQCAV3GPKACAXCA9Q5CACKHFKMCATW399ICANVCJNRCAI3QWY8
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\4UCBL2CAV0F5X1CAYSR8ZHCA0EIHXACA2LRHUZCAKHN1NWCA4W3K46CAP8L9HYCAGI9NY1CAT90D23CA04S5XBCAAQTB02CA083GXHCAVJ7A81CAHOR60DCAC2K01GCADPDYL0CAHFCCQOCA1I9KTJ
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\4WF9CRCAP58MQTCAKRC2TUCA6LDPXNCAR0YSPACA2NOWLRCA3HXM76CALD041RCA51FR3ACA34ZHA4CA8ELD25CAFAC7S2CAK1OIWJCAGPOU0ECAMLPYMNCAD8BM33CAR4YDR3CARI1XUUCAYEZ9NS
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\50H1GUCAGJPTNRCAPIGI9SCALILJQ0CA1U785ZCA6DVP34CAT0S5QJCAKVYYC5CAKCPVPZCA8ZW0GLCAM4Q72LCALXB38DCAB1D2TECAUW04LNCAXF3QI2CAZ56C15CAV5C14CCAVFORN1CAJGG1L3
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\588FCICAN83GXWCAXV6Q7GCAZ4WDVCCA529D9RCACOIALMCAFKCPG7CA1S7BPBCAE9FBGUCAZW26P6CAPODAFZCAMXBNIMCAQRXNGBCAB51AUUCA23G0CWCAML7NXNCA6BMARICA0KYP19CAZYMRL6
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\5BDXFVCA1GOL2GCAURX78NCASIDD7XCAAWBEOECAI6ANKXCAU07D9ICAM4K5T4CAHPMZY3CAUW7362CAT30KSNCAHO9G7KCAROJBV0CAQ52PR9CALQNCLRCATOL31NCAYZVRTACA3PH5ACCAIHOVAB
Clean
jothunder
2007-09-22, 20:28
C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\5GSBUXCA5A7RRWCA4M040XCAQH5Q7MCAMPDK3OCAGE1Z7XCA1QUWNKCA5DP8KMCAKKZ4QJCAK6EW99CAD1I97UCADAYU61CAJFV45ICA4BX0PFCAKTKPIJCA38JC14CAITJV5LCAO5Q5R9CALZZUU0
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\5JQDBKCANM0H3FCAJ8DKVLCAA15U2SCA24I1PXCA2PTL1FCAJEZESTCAC60HZLCAR15GJ9CA0YDQEUCAG65GP3CAGA6RRXCA12IX85CA68IZBUCAMACZN5CA4VKZ9LCA7INSE6CAQ28RWGCAPTHCVT
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\5NWCSFCAL12RHKCAJFG1VJCAPFMQY6CAYSFPN2CAD8L81SCA6WU1OZCAFKLO5LCAAOJPMACAMEXYUYCAXVIK0JCAO1GGB2CAZZ80MFCA9FSJL1CAPMPI13CA8RQA10CAF06V03CATUTYNDCATPH4PE
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\5TU6KGCAAPOV82CAP2UWHGCAEVJ9BXCAEEMJ35CAOUYYB6CAM8W7CRCAK3LP6TCA8MGLLSCAB0U1FYCAY6C9TXCA611DC2CAMC92JOCAD987E0CAPBGL9QCA7026H5CA2917AECARI2704CAJAL1Q1
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\5TYPCRCAS22ZUFCARB0NKSCA2FRL7BCALXM10ACAQOJ3S7CA2QABOZCA9H50BHCAT2QEJPCAYOHOH4CAK00L50CAXES3FPCA1NKYB1CAR725CACAQAC2N2CA7HPSBRCA6WGJ9ECAG9NHE2CA8HUJ6T
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\5ZWUN7CADUBTISCA82OKSFCA8O0G1VCA5IZ5RACAGY1G4LCAWE0PQFCAEH7IT8CACP5M73CAW5LESXCAZH9QWUCAHADPJCCAQ9QXHECAAXYG5OCA2LRMBRCAHA3ARWCAB33BXACABOIZ85CAMEK04A
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\62ZPFMCAXKC41RCAWB674ACA7N6LFUCA7FGJDPCAW52TOICAHI874ICAPTTUSLCA2YUDBOCAY60P1RCAYQOIP8CAD1D4DICA835K5TCABI5PVXCAIIHT7DCAQHCR45CAZWRYKCCAZSZASWCA7TPQWH
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\638GBGCA59HLIGCAB5M49MCAU8Z4K6CA0I3RB5CABUZIJQCAZF3APICA3AF9UUCAZXMJUTCA0I7REQCAHPUBGKCAIFD5T8CAIROJ8OCA7UPDQ3CAFP9UIBCAFVUBSOCAQKK9TBCA8PVNBSCAWM3R4X
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\6L8GWPCAYE3E41CAZJSR86CAC4G221CAQKX6VNCAYVMR8VCAK328WXCAEEKPGCCAXBRSN0CA6KYONYCAI4B46FCARP37NHCAI2AIRUCAWFHDYGCAW80EWHCAI30RE0CACVCM0TCA8DGH5FCANQHP4H
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\6M68Z8CASZ45DSCAZEYFRLCAOG192CCAHFHARICAYQETKWCAUBW6F2CAKKCBZ5CAUJU59OCA6DZ3GLCA17P9RKCAFMTWC1CACHMR55CAE9T8YHCAK2R25ZCA2WT05JCAFZW1TWCAU5PN7BCAPAGAHF
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\70174VCA12ZK4VCAIG6W8ECAJDVETQCANDQBK0CA72IH3BCALPASDXCAZOX5P2CA9BQO0OCA0XIHLHCAYRF42QCAB3WIA8CAU780PQCAL4IJW7CAYNUTUKCAHZD1DKCA3C0GGGCA1EAMGICA3LRZCU
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\728x90[1].swf
Clean

C:\Documents and Settings\Ginette Chrétien\Local Settings\Temporary Internet Files\Content.IE5\E3GRID7G\728x90[2].swf
Clean

C:\qoobox\Quarantine\C\WINDOWS\system32\nkckvupr.dll.vir
Infected with: Trojan.Vundo.CG

C:\System Volume Information\_restore{48DD0024-65CD-4B4D-BE47-BE060A73C342}\RP189\A0036543.DLL
Detected with: Adware.Mywebsearch.G

C:\System Volume Information\_restore{48DD0024-65CD-4B4D-BE47-BE060A73C342}\RP198\A0038935.dll
Infected with: Trojan.JuanSearch.D

C:\System Volume Information\_restore{48DD0024-65CD-4B4D-BE47-BE060A73C342}\RP204\A0039133.dll
Infected with: Trojan.Vundo.CG
Angelfire777
2007-09-23, 02:51
Hi,

Using windows explorer, please delete the following folder:

C:\qoobox

empty your recycle bin.

Please post a fresh hijackthis log and tell me how is your machine running.
jothunder
2007-09-23, 06:17
Hi,
My machine is fast as she was before and no pop ups appearing frequently without reason.

Here's a fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:14:26, on 2007-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Windows Media Player Tray Control.lnk = C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://groscolismine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9101 bytes
jothunder
2007-09-23, 06:21
Scuse, but, could you explain me what was this file "qoobox" please ??
Angelfire777
2007-09-23, 10:30
Hi,

Qoobox is combofix's quarantine. :)
_____

Congratulations! Your log looks clean!

This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore

Select Create a restore point, and Ok it.

Next, go to Start > Run and type in cleanmgr

Select the More options tab

Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.

MVPS Hosts File
~You can download it from here (http://www.mvps.org/winhelp2002/hosts.zip)
~I highly recommend this hosts file. You can learn more about this here (http://www.mvps.org/winhelp2002/hosts.htm)

IESpyAds
~Instructions on downloading and using it here (http://www.techsupportforum.com/articles-tutorials-reviews/computer-security-articles/168444-installation-guide-ie-spyad.html#post1068846)

Note: This only works for Internet Explorer.

Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
~You can download it from here (http://www.winpatrol.com/download.html)
~You can get some information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)

Happy safe surfing!
jothunder
2007-09-23, 22:46
Thank you very much, :bigthumb:

My machine is running like before, and it does'nt cost me anything, if I have gone into a repair store, it should have cost me easilly 50$!!


A final question, is any problems if I install the programs that you suggest even if I have Kapersky, or if it will improve my security?

So your help was good, it was fast too and effective.

Continue your good job:bigthumb::D:

Thank you
jothunder:)
Angelfire777
2007-09-23, 23:44
You're welcome!


A final question, is any problems if I install the programs that you suggest even if I have Kapersky, or if it will improve my security?

It will improve your security. The programs I have suggested will not conflict with kaspersky, they work by layers:bigthumb:
Angelfire777
2007-09-26, 13:07
Glad we could be of assistance :bigthumb:

Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.