Explorateur Windows planté
Dernière réponse : dans Sécurité
Salut
En cherchant sur le forum j'ai bien trouvé un topic qui parlait de ca mais j'avoue que je n'ai pas réussi a suivre le fil de la procédure pour me sortir de ce petrain =/
En fait j'ai le même souci avec les fermetures des fenetre explorateur windows; càd que dés que j'ouvre la moindre fenêtre ca plante.
Quelqu'un pourrait me recapituler la procédure pour arranger ca ? =s
Vraiment merci d'avance
En cherchant sur le forum j'ai bien trouvé un topic qui parlait de ca mais j'avoue que je n'ai pas réussi a suivre le fil de la procédure pour me sortir de ce petrain =/
En fait j'ai le même souci avec les fermetures des fenetre explorateur windows; càd que dés que j'ouvre la moindre fenêtre ca plante.
Quelqu'un pourrait me recapituler la procédure pour arranger ca ? =s
Vraiment merci d'avance
Autres pages sur : explorateur windows plante
Lassé par la pub ? Créez un compte
voici le rapport avec hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:02, on 15/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NeroRichPreview.exe
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byvst.dll,#1
O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\hp\AppData\Local\Temp\iiiii.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll",run
O4 - HKCU\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12983 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:02, on 15/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NeroRichPreview.exe
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byvst.dll,#1
O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\hp\AppData\Local\Temp\iiiii.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll",run
O4 - HKCU\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12983 bytes
Hello,
Télécharge Combofix (de sUBs) sur ton Bureau.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
Télécharge Combofix (de sUBs) sur ton Bureau.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
Saperlipopette.
On ressaiera plus tard.
Télécharge VundoFix.exe (d’ Atribune):
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
On ressaiera plus tard.
Télécharge VundoFix.exe (d’ Atribune):
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
Ok.
Beaucoup de trop de Toolbars (inutiles) installées :
Prends connaissance de ceci
Désinstalle via ajout/suppression de programmes :
Megaupload Toolbar
Windows Live Toolbar
Freecorder Toolbar
Puis supprime les dossiers correspondants :
C:\PROGRA~1\MEGAUP~1
C:\Program Files\Windows Live Toolbar
C:\Program Files\Freecorder
Et les autres si tu trouves via la fonction recherche.
***********
Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
Puis Fix Checked !
*********
Télécharger OTMoveIt2. ( de OldTimer)
Enregistrece fichier sur le Bureau.
Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller.
Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
Retourne dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisis Coller.
Clique sur le bouton rouge Moveit!.
Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
Ferme OTMoveIt2
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l%u2019outil.
********
Puis relance Combofix en mode sans échec, poste le rapport.
Beaucoup de trop de Toolbars (inutiles) installées :
Prends connaissance de ceci
Désinstalle via ajout/suppression de programmes :
Puis supprime les dossiers correspondants :
Et les autres si tu trouves via la fonction recherche.
***********
Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byvst.dll,#1
O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\hp\AppData\Local\Temp\iiiii.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll",run
O4 - HKCU\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byvst.dll,#1
O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\hp\AppData\Local\Temp\iiiii.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll",run
O4 - HKCU\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
Puis Fix Checked !
*********
Télécharger OTMoveIt2. ( de OldTimer)
C:\Windows\system32\byvst.dll
C:\Users\hp\AppData\Local\Temp\*.* /s
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l%u2019outil.
********
Puis relance Combofix en mode sans échec, poste le rapport.
[Custom Input]
< C:\Windows\system32\byvst.dll >
File/Folder C:\Windows\system32\byvst.dll not found.
< C:\Users\hp\AppData\Local\Temp\*.* /s >
C:\Users\hp\AppData\Local\Temp\ASPNET.bmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Av-test.txt moved successfully.
C:\Users\hp\AppData\Local\Temp\b120x240.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b120x600.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b120x90.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b125x125.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b160x600.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b180x150.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b234x60.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b240x400.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b250x250.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b300x100.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b300x250.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b336x280.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b468x60.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b720x300.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b728x90.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll
C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll
C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll moved successfully.
File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
C:\Users\hp\AppData\Local\Temp\fla53D3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\hp.bmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\iiiii.dll
C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
C:\Users\hp\AppData\Local\Temp\iiiii.ini moved successfully.
C:\Users\hp\AppData\Local\Temp\iiiii.ini2 moved successfully.
C:\Users\hp\AppData\Local\Temp\int1BA1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int1BA2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int1BA3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2192.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2193.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int232A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int232B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int232C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2558.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2569.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int256A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int288F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2890.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2AE2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2AE3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2AE4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BD6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BD7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BD8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BD9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BDA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BF3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BF4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2C43.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2C44.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DDA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DFA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DFB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DFC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2F68.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2F69.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int314E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int314F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3150.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3166.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3167.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3196.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3197.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3198.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int323A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int323B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int324C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int324D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int324E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3250.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3251.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3271.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3272.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3273.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int342E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int342F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int359E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int35BE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int35D5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int35E5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int35E6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3744.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3754.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int384.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int385.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int386D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int386E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int387F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B14.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B15.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B6A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B6B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B6C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BA0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BA1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BA2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BC2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BC3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BD3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3D66.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3D67.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3D7F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3D80.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3EC8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3EC9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3ECA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F3F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F6F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F70.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F71.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F82.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FC8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FC9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FCA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FCC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FDD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int41C2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int41C3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int41C4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4221.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4222.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4255.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4256.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4267.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4268.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4269.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int42EC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int42FC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int430D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int430E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int431E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43A1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43B2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43E2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43F2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43F3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int44E1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int44F2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int44F3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4552.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4553.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int46DA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int46DB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int46DC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int475F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4760.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4769.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int476A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47A0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47A1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47B1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47E0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47E1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4810.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4811.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4812.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4871.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4872.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int49AC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int49AD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int49AE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4B1B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4B1C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4BD0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C00.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C20.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C21.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C22.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C64.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C65.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C66.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D41.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D61.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D72.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D73.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D74.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D81.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D82.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DE7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4E0A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4E8E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4E8F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EDB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EDC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EFC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EFD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EFE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4F6F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4F8F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4FA0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4FB0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4FB1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int503C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int505C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5074.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5075.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5076.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int50EF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5100.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int513F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5140.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5141.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5195.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5196.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5197.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int52BD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int52BE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int53D6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int53F7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int543D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int543E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int544E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int544F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5450.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int54B2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int54B3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int54B4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5531.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5532.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5552.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5553.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5554.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int55C7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int55C8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5620.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5630.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5631.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5632.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5633.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56C3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56C4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56C5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56FB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56FC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5761.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5762.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5763.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5796.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int57A6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int57D6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int57D7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int57D8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int592F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5930.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5941.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5945.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5965.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int59E3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int59E4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int59E5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5B97.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5B98.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CA9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CAA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CDA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CDB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CDC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D14.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D24.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D3F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D50.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D60.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D61.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D62.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E4E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E4F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E50.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E81.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E92.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5EA2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5EB3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5EB4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6050.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6051.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6090.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6091.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6092.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6105.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6106.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6115.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6116.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6117.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6136.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6137.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6138.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int617F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6180.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6181.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int621D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int622E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6266.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6267.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int62A7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int62A8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int62A9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6301.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6302.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6338.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6339.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int633A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6416.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6417.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int646A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int646B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int646C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int64B4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int64B5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int64B6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int650A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int650B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65C9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65E6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65E7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65E8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65F9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int664C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int664D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6667.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6668.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6669.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int669C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int669D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int669E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int66A9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int66BA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int66EC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int66ED.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int67FB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int682B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6855.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6856.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6857.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6899.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int689A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int689B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68AB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68AC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68DB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68DC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68DD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int69D9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A09.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A89.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A96.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A97.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A98.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A99.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6AF8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6AF9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6AFA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6B88.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6BB8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6BF9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6BFA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C0A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C38.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C39.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C45.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C46.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C47.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CA7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CA8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CA9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CDA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CDB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CFB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6D0B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6D0C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6DA6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6DA7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6DE7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6DE8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E1C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E3C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E7B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E7C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E7D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EA4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EA5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EA6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EE0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EF0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EF1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6F48.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6F49.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6FAC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6FAD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6FF8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int703A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int703B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int703C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7076.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70AF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70C0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70C1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70C2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70C3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7136.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7146.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int717C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int717D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int717E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int71C5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int71D6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7231.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7232.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7233.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int725F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7260.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int729F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int72A0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int72A1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int73D9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int73DA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int73DB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int748C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int748D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int748E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int74F8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int74F9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7642.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7662.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int76C1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int76C2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int76D2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7779.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int777A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int777B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int79F7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int79F8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7B48.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7B59.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7BC5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7BC6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7C63.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7C64.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7C65.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7CE8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7CE9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7DBB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7DBC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7DBD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7F68.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7F69.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FB7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FB8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FB9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FD7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FD8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FE9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int804F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8050.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8051.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8136.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8137.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int81A5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int81A6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int81A7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8333.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8334.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8345.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8346.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8357.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8480.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int84CF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int85C3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int85E4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int862A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int862B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8826.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8827.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8828.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int882A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int882B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int882C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8B6A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8B6B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8B6C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8BC6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8BD7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8D00.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8D01.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8D02.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8FD6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8FE6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9229.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int922A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int922B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int93A7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int93C7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9481.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9482.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9510.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9511.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9512.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9686.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9687.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9688.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int97A7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int97A8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int98C0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int990F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9A86.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9A87.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9A88.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA06F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA070.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA071.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA321.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA322.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA799.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA7AA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intB8E4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intB8E5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intB8F5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intCE1C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intCE1D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB5C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB5D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB5E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB5F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB60.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC5A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC5B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC6C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC6D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC6E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD2F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD6E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD6F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD80.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD81.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDB6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDB7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDC7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDC8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDC9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE0E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE0F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE10.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE11.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE12.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE47.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE48.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE49.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE4A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE4B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE8F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE90.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE91.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE92.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE93.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDED7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDED8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDEE9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDEEA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDEEB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF2F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF30.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF41.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF42.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF43.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF78.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF79.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF7A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF8A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF8B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFDF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFE0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFE1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFE2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFF3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE028.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE029.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE039.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE03A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE03B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE080.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE081.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE082.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE083.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE084.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0D8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0D9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0DA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0EA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0EB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE16E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE1AE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE1FD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE1FE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE1FF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE2C0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE2F0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE2F1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE2F2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE302.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE395.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE396.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE397.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE398.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE399.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3ED.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3EE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3EF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3F0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3F1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4B2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4B3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4D3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4D4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4D5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE558.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE568.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE5F6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE5F7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE5F8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE726.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE850.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE851.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE852.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE853.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA6B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA9B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA9C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA9D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA9E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED33.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED34.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED45.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED46.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED47.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE56.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE57.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE77.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE78.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE79.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF3A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF4B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF4C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF4D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF4E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF04D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF04E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF04F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF050.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF051.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF24B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF27B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF28B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF28C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF28D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Invité.bmp moved successfully.
C:\Users\hp\AppData\Local\Temp\jusched.log moved successfully.
C:\Users\hp\AppData\Local\Temp\mcrh.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\mso8BB2.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\pmddowks.dll
C:\Users\hp\AppData\Local\Temp\pmddowks.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\pmddowks.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\qomljki.dll
C:\Users\hp\AppData\Local\Temp\qomljki.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\qomljki.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\removalfile.bat moved successfully.
C:\Users\hp\AppData\Local\Temp\setB53C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\skwoddmp.ini moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0001a939 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0001a9a6 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0001de0e moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp00022ecc moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp000246b0 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp00026a65 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0005732c moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0005bd65 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp000630fe moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\tspubqhp.dll
C:\Users\hp\AppData\Local\Temp\tspubqhp.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\tspubqhp.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\vovxavgy.ini moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll
C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\wmplog00.sqm moved successfully.
C:\Users\hp\AppData\Local\Temp\wmplog01.sqm moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{0030C3E0-F9B8-4989-8CD2-E7C5D4B9E718}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{006104A3-C416-46E8-8992-B2DFD4321FD3}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{01B84B14-835C-4505-BB17-6F205E4D9356}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{0383C9BC-3C1D-4B47-917E-8DBC5C5937CF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{061D3469-D4F2-49C0-AE85-4EA21530EB00}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{065A471D-E668-4A20-9DDE-200A8CCAEDD4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{077C8212-064A-40B0-ABC8-D2E206D18C35}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{0A493BC5-97F1-4487-AAB4-90CBCED00792}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{1343090F-4DDB-42E1-90E4-E783E0ABE7AD}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{1AC79830-5071-4569-916C-990A3CF279F7}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{1CAB9114-10D5-4EEB-96E5-DFC1CDC4942E}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{2176536F-6032-467B-B830-1FC6610B60E0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{24FA7BCD-2BBD-4DE0-961A-4F119DEF260A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{2583AFBB-5F23-4A18-B7FF-38AF31EC8599}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{26813DFB-75BE-4332-BA3D-DD7BD73D3208}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{2A068530-D71E-4C89-BFBC-75B8A4C3E189}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{2EFCB9ED-9977-48F0-90D1-680A7E5F5B04}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{3036F16E-CF05-4A53-AF61-E584473AB1DB}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{349AB205-6C91-4E50-AC07-9C0246A9AC63}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{35820B09-9DE2-46F6-8CB5-860DDA757F9A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{36A87A61-C79B-4E76-8D1B-1B9FF711B28D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{3F41B878-2E19-4A46-B8F9-10B89FC54DBB}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{484B7275-0A3A-4168-8720-9C237F88A0F2}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{49026DB4-DB6F-4DAF-B78D-E34D4B6436A0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{4B1B1ABA-18F3-4B21-BD10-B32425E95F9E}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{4D0E0F9D-DEC6-4C59-B4A3-45F1500662C1}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{51399971-F85D-4FE1-A4E0-699E70C19660}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5154CC8E-E817-43EF-B5DD-D12CFDC4B170}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5180E26C-B2CD-42B3-8026-33644D8474F4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{51E81144-72FF-484B-952E-235C7D2E4037}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{521F06EE-FDBD-4D87-8398-F4D82D4FE1EA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{52DA9CEC-350A-4164-8F46-92B035C14B34}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{53D5515E-687E-42A3-8BF0-427C2B058474}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{568781E0-BCDE-457F-905C-C43E3613CCF8}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{58FBBDA5-B8C5-4DF3-8B46-F5D85DD342FC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5ACE9DD9-45A3-4C34-B2DF-12B15B7D1EDA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5B63379A-78F6-4FC5-BD07-D63740374746}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5BBF0620-E095-4B6F-BF79-3BC661174641}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5E8CE4A6-3BC2-447D-B6CF-8C965710742E}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5EFBF1C4-C55C-43D1-8973-4557302169DF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5FA81E9A-80C2-4916-AD9B-EEC04648F491}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6396845E-1FB6-4504-BF30-8124EC4940BC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{654D91A9-B61E-485C-B134-72AB45CDCCF9}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{67615C2D-7466-48CA-A706-4DC349A0CB56}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6819A8E1-55D3-4526-B3D4-4EB54CFEB0AC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{69E6B103-2853-4FB7-BFF6-B170967F55BE}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6E045BCD-2A75-4793-806C-B41931000110}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6E1F5CB6-82B8-4B66-A1F9-6B7A4749E5F4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6F5632FE-2F1A-4F19-A8AC-C81AA4EAF041}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{7493465E-C20E-4993-B4B1-AFD7517BCBA8}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{74DDDA4A-EC79-4E63-9C57-561D62319432}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{788FA752-4E85-41C4-BC6E-8FD6F74B2D17}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{819937A4-7BFA-4D27-B26A-D510336C7BBA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{83FEFEE7-5550-48EB-AEFE-5BFC9396892D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{852BF090-29DA-43B4-AB36-10F6D6B3DFE3}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{858E3423-A614-41E1-8F31-88FD44F1D8DC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{863F55A9-F0FF-4C08-AFEF-0351C629A05A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{866B732C-B3C1-475D-9F71-6EDCA622D1EF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{86DAAEB6-A594-40C9-8944-292303476A8D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{86F28D74-695D-460A-9BC2-F2D3E477BFA0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{881068A9-FE84-4452-9FEA-9F7D37A8F7E4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{888DF1E9-B83D-470D-9327-04C39FB9FB7F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{8B1084C6-0ED1-4780-AB13-25E7E32BB5D1}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{8B1A8674-6548-4264-BA82-8837BD57D4C3}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{8D60E34C-8663-446F-B0D2-6EE4F08EC9CC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{907ADA8B-EC82-41D3-A8E3-EF84008C57A9}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{90A93A05-F280-47FC-80E9-BF28C0A80320}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{96A155AA-72C8-4718-AB2A-81327734009C}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9746C08D-6B00-4412-A038-A0A8E9025659}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{97FF6E3F-0132-4CAC-A373-DB141D3034FB}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9942E3AF-0389-44F0-A7CA-AC45775D8362}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9A664BD6-2D7F-44E7-B117-253AFD31D15F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9D02389B-D560-402D-8D80-A5E7A951D64F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9D9C0993-CA28-453D-AD7F-EF89E26B71BF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9EDEBF42-C664-4DB9-82F4-EC9B482CD0F7}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{A65EA863-E8BA-428B-9B40-A4F22FE73315}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{A997FA50-98E2-4986-8D52-F3506DFD22CF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{B319F8EC-3FC0-4056-8EAE-5B1C087F22FA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{B4706277-BA83-47A2-A987-9A209654F44A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{B5D36EE4-3876-4138-BB6B-E6BA4C3806E4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C0488474-C1E0-4126-8E0E-1F6AA5852735}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C1D15D47-6CD7-4FF4-89A2-77630A97B3EA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C2B7F996-02C6-45E8-A621-168D0EC8A2DD}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C44F1E6D-E1A0-48AA-AFB1-87FB9FF8F0AA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C5B9CD51-B407-42E0-A06E-C2E23C785A7F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C7D83160-B91F-4828-9FD4-4BDF954A829D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C876BBB9-EB97-4A04-B91C-A98531AF950D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{D08A9255-A2D2-4DF6-A794-796D309DB1E2}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{D710F0C8-FB96-453F-99E7-C1B7897704A9}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DAF575BD-4F74-4E97-8C99-2D537D89EB38}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DB196E7B-942B-47CE-B72E-FF7B6F73AC7D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DC6624E5-D3D4-4467-A610-7183E5F1C9E0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DD1437AA-E2FC-41AE-9463-88D2FE738D79}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DE591943-4E42-4273-AAB2-9B3F80EA372F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DE84BADC-2860-42C5-AFEB-5B031303DC8B}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E041798F-9C01-4EAC-99C1-14E4AF5DB041}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E054C383-8639-4E4D-ABAD-3D891D8077BA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E1EAFA73-2A7A-437F-BDCD-5EBC8BB45E6A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E2F034D2-A7F6-4778-92F8-9F78F9ABF92B}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E39FC253-B83E-448A-9CBA-F8932ABE3486}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E3FB2E78-2782-4AF6-BD02-8ABFF6A3F4E2}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E49AE542-D922-4EF3-B374-F4F3CFACBF58}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E4F20CDB-C733-4EDA-A2E5-58F3F84D81BE}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E621A136-8BD8-40AF-BFDA-A25BCB4B4367}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E9D30AC6-9036-4799-9C9E-5826A163B30B}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{EB869070-3276-4604-BDEB-F9BA3450E212}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{EFAE6B36-B039-4AC1-9F72-FB74DA95A6AC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{F21721E8-9FE6-44F0-803A-2E12430FF5A4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{F2BA664B-5780-4542-94A6-6B5C99B7CAC0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{F2D3E57D-ED07-4E83-9F08-26CC8126A7C8}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{F2E67B74-F76F-4ABA-9485-92136A577A9D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{FA741230-9C7C-4B84-8C1C-F2116D342A92}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{FABA98C8-C96D-4549-8401-DC6D228C766E}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{FC140033-F45E-425F-AC15-AE1D78449D98}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{FD7470D9-6EF4-4783-B7AA-FC30AC2A9E0B}.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll
C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF16B1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF16BB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF1A6D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF1A78.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF257A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF477D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF4841.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF5B8B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF5D63.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF5DA3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF6083.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF7F76.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF9CA9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFBB38.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFD41A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFD533.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFE09.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFE47.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFEAEA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFF36F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFF3BB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~PI527D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~PI528D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~PIC49E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~PIC52B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\76ZYGTVZ\legend_1[1].jpg moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\CA5J1CE3 moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\legend_2[1].jpg moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[1] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[2] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[3] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[4] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[5] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[6] moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\~DFB355.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\~DFBEFA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\~DFBF44.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn feed 0 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn update moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn upgrade status moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 0 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 1 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 2 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn upgrade status moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 0 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.news.btn upgrade status moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\3y7OQlQLVA85zKgLnAPkMbeXvHg= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\79tuoV3bbY7QB+JA7MNMrmZfT4A= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\79xFnigXNhmUk4DZ0XdmoV1CHx4= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\7aq1FVSoDdqrtwE+hFcJWXbh9sE= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\AAl2FVV26r1yz0mn8bWgMZltZyX0= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\AVbhD2FGfQpdY6XsHJreWPl8rTuc= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\debO4FVUrjZ8wOSIM62Fph0IZXss= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\DlmwX4FRKrfopP0m6TGhX2FCMQTo= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\fCEdemWrT3LGg4I1WiovMHRuJXY= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\kiS5yYccENToCxhwosQIoJOVM2FQ= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\oj7YyHwqA5ZKHNw052Y7cAkBR94= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\oQFlDUJEjc8FFXSwejT7vV2Fgg50= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\p0y8smjxDpHzzDoSaX5ImRpeF30= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\PKhgY6gi3HD2FrlAWWgsxiQ6vR3E= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\qJRjAu3j2FYIXrFEhzQVE2F70APvU= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\smDZ3YZbr3bPODhUEcxtWnyItnA= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\TCA0bhK07KRN54Tu+8qXzvl10cI= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\vk6YDuRPZgP5MfLQktFXsw1aEQw= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\xNWZ3WcRLHElYyHZE5UD8ydnZB0= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\XnyD8vPIRM5idsV6Qkfu+lczgIQ= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\YK3tT4vRdupH5lp0sncICqvXy0I= moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\AdvrCntr3.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\AdvrCntr3.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\NEROINST.DB moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ROLLBACK.DB moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ShellManager3.dll unregistered successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ShellManager3.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\Nero\NPS\nero.xml.{7042FC7D-ED2E-4C93-B3AA-63D117D31036} moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\NeroBar.exe moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\NeroBar.txt moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\SetupX.exe moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Toolbar.exe moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\003178B2.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0060D479.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0091DFA6.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0093A6D4.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00A7E2A4.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00ABC901.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00AF7559.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0127CF1C.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\015E5F3E.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\017BC0DB.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\D
< C:\Windows\system32\byvst.dll >
File/Folder C:\Windows\system32\byvst.dll not found.
< C:\Users\hp\AppData\Local\Temp\*.* /s >
C:\Users\hp\AppData\Local\Temp\ASPNET.bmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Av-test.txt moved successfully.
C:\Users\hp\AppData\Local\Temp\b120x240.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b120x600.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b120x90.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b125x125.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b160x600.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b180x150.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b234x60.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b240x400.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b250x250.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b300x100.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b300x250.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b336x280.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b468x60.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b720x300.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\b728x90.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll
C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll
C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll moved successfully.
File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
C:\Users\hp\AppData\Local\Temp\fla53D3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\hp.bmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\iiiii.dll
C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
C:\Users\hp\AppData\Local\Temp\iiiii.ini moved successfully.
C:\Users\hp\AppData\Local\Temp\iiiii.ini2 moved successfully.
C:\Users\hp\AppData\Local\Temp\int1BA1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int1BA2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int1BA3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2192.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2193.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int232A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int232B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int232C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2558.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2569.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int256A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int288F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2890.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2AE2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2AE3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2AE4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BD6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BD7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BD8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BD9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BDA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BF3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2BF4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2C43.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2C44.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DD9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DDA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DFA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DFB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2DFC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2F68.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int2F69.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int314E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int314F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3150.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3166.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3167.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3196.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3197.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3198.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int323A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int323B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int324C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int324D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int324E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3250.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3251.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3271.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3272.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3273.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int342E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int342F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int359E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int35BE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int35D5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int35E5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int35E6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3744.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3754.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int384.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int385.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int386D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int386E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int387F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B14.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B15.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B6A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B6B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3B6C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BA0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BA1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BA2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BC2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BC3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3BD3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3D66.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3D67.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3D7F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3D80.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3EC8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3EC9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3ECA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F3F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F6F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F70.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F71.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3F82.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FC8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FC9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FCA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FCC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int3FDD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int41C2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int41C3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int41C4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4221.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4222.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4255.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4256.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4267.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4268.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4269.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int42EC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int42FC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int430D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int430E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int431E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43A1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43B2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43E2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43F2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int43F3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int44E1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int44F2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int44F3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4552.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4553.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int46DA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int46DB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int46DC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int475F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4760.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4769.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int476A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47A0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47A1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47B1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47E0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int47E1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4810.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4811.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4812.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4871.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4872.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int49AC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int49AD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int49AE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4B1B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4B1C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4BD0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C00.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C20.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C21.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C22.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C64.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C65.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4C66.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D41.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D61.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D72.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D73.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D74.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D81.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4D82.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DE7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4DF9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4E0A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4E8E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4E8F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EDB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EDC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EFC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EFD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4EFE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4F6F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4F8F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4FA0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4FB0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int4FB1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int503C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int505C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5074.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5075.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5076.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int50EF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5100.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int513F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5140.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5141.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5195.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5196.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5197.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int52BD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int52BE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int53D6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int53F7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int543D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int543E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int544E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int544F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5450.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int54B2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int54B3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int54B4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5531.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5532.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5552.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5553.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5554.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int55C7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int55C8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5620.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5630.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5631.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5632.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5633.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56C3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56C4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56C5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56FB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int56FC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5761.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5762.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5763.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5796.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int57A6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int57D6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int57D7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int57D8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int592F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5930.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5941.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5945.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5965.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int59E3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int59E4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int59E5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5B97.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5B98.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CA9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CAA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CDA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CDB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5CDC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D14.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D24.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D3F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D50.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D60.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D61.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5D62.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E4E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E4F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E50.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E81.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5E92.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5EA2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5EB3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int5EB4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6050.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6051.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6090.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6091.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6092.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6105.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6106.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6115.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6116.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6117.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6136.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6137.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6138.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int617F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6180.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6181.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int621D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int622E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6266.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6267.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int62A7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int62A8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int62A9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6301.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6302.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6338.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6339.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int633A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6416.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6417.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int646A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int646B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int646C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int64B4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int64B5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int64B6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int650A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int650B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65C9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65E6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65E7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65E8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int65F9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int664C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int664D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6667.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6668.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6669.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int669C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int669D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int669E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int66A9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int66BA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int66EC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int66ED.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int67FB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int682B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6855.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6856.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6857.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6899.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int689A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int689B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68AB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68AC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68DB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68DC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int68DD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int69D9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A09.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A89.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A96.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A97.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A98.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6A99.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6AF8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6AF9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6AFA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6B88.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6BB8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6BF9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6BFA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C0A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C38.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C39.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C45.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C46.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6C47.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CA7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CA8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CA9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CDA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CDB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6CFB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6D0B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6D0C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6DA6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6DA7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6DE7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6DE8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E1C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E3C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E7B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E7C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6E7D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EA4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EA5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EA6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EE0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EF0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6EF1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6F48.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6F49.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6FAC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6FAD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int6FF8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int703A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int703B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int703C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7076.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70AF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70C0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70C1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70C2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int70C3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7136.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7146.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int717C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int717D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int717E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int71C5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int71D6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7231.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7232.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7233.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int725F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7260.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int729F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int72A0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int72A1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int73D9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int73DA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int73DB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int748C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int748D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int748E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int74F8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int74F9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7642.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7662.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int76C1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int76C2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int76D2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7779.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int777A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int777B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int79F7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int79F8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7B48.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7B59.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7BC5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7BC6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7C63.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7C64.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7C65.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7CE8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7CE9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7DBB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7DBC.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7DBD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7F68.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7F69.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FB7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FB8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FB9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FD7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FD8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int7FE9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int804F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8050.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8051.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8136.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8137.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int81A5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int81A6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int81A7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8333.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8334.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8345.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8346.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8357.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8480.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int84CF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int85C3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int85E4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int862A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int862B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8826.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8827.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8828.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int882A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int882B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int882C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8B6A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8B6B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8B6C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8BC6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8BD7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8D00.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8D01.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8D02.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8FD6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int8FE6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9229.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int922A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int922B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int93A7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int93C7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9481.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9482.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9510.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9511.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9512.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9686.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9687.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9688.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int97A7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int97A8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int98C0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int990F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9A86.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9A87.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\int9A88.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA06F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA070.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA071.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA321.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA322.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA799.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intA7AA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intB8E4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intB8E5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intB8F5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intCE1C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intCE1D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB5C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB5D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB5E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB5F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDB60.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDBF7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC5A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC5B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC6C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC6D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDC6E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD2F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD6E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD6F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD80.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDD81.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDB6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDB7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDC7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDC8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDDC9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE0E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE0F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE10.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE11.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE12.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE47.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE48.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE49.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE4A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE4B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE8F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE90.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE91.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE92.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDE93.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDED7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDED8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDEE9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDEEA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDEEB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF2F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF30.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF41.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF42.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF43.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF78.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF79.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF7A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF8A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDF8B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFDF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFE0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFE1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFE2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intDFF3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE028.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE029.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE039.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE03A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE03B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE080.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE081.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE082.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE083.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE084.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0D8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0D9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0DA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0EA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE0EB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE16E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE1AE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE1FD.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE1FE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE1FF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE2C0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE2F0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE2F1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE2F2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE302.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE395.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE396.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE397.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE398.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE399.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3ED.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3EE.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3EF.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3F0.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE3F1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4B2.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4B3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4D3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4D4.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE4D5.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE558.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE568.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE5F6.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE5F7.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE5F8.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE726.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE850.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE851.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE852.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intE853.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA6B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA9B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA9C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA9D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEA9E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED33.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED34.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED45.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED46.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intED47.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE56.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE57.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE77.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE78.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEE79.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF3A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF4B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF4C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF4D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intEF4E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF04D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF04E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF04F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF050.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF051.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF24B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF27B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF28B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF28C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\intF28D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Invité.bmp moved successfully.
C:\Users\hp\AppData\Local\Temp\jusched.log moved successfully.
C:\Users\hp\AppData\Local\Temp\mcrh.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\mso8BB2.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\pmddowks.dll
C:\Users\hp\AppData\Local\Temp\pmddowks.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\pmddowks.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\qomljki.dll
C:\Users\hp\AppData\Local\Temp\qomljki.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\qomljki.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\removalfile.bat moved successfully.
C:\Users\hp\AppData\Local\Temp\setB53C.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\skwoddmp.ini moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0001a939 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0001a9a6 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0001de0e moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp00022ecc moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp000246b0 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp00026a65 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0005732c moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp0005bd65 moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp000630fe moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\tspubqhp.dll
C:\Users\hp\AppData\Local\Temp\tspubqhp.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\tspubqhp.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\vovxavgy.ini moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll
C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\wmplog00.sqm moved successfully.
C:\Users\hp\AppData\Local\Temp\wmplog01.sqm moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{0030C3E0-F9B8-4989-8CD2-E7C5D4B9E718}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{006104A3-C416-46E8-8992-B2DFD4321FD3}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{01B84B14-835C-4505-BB17-6F205E4D9356}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{0383C9BC-3C1D-4B47-917E-8DBC5C5937CF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{061D3469-D4F2-49C0-AE85-4EA21530EB00}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{065A471D-E668-4A20-9DDE-200A8CCAEDD4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{077C8212-064A-40B0-ABC8-D2E206D18C35}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{0A493BC5-97F1-4487-AAB4-90CBCED00792}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{1343090F-4DDB-42E1-90E4-E783E0ABE7AD}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{1AC79830-5071-4569-916C-990A3CF279F7}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{1CAB9114-10D5-4EEB-96E5-DFC1CDC4942E}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{2176536F-6032-467B-B830-1FC6610B60E0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{24FA7BCD-2BBD-4DE0-961A-4F119DEF260A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{2583AFBB-5F23-4A18-B7FF-38AF31EC8599}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{26813DFB-75BE-4332-BA3D-DD7BD73D3208}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{2A068530-D71E-4C89-BFBC-75B8A4C3E189}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{2EFCB9ED-9977-48F0-90D1-680A7E5F5B04}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{3036F16E-CF05-4A53-AF61-E584473AB1DB}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{349AB205-6C91-4E50-AC07-9C0246A9AC63}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{35820B09-9DE2-46F6-8CB5-860DDA757F9A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{36A87A61-C79B-4E76-8D1B-1B9FF711B28D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{3F41B878-2E19-4A46-B8F9-10B89FC54DBB}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{484B7275-0A3A-4168-8720-9C237F88A0F2}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{49026DB4-DB6F-4DAF-B78D-E34D4B6436A0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{4B1B1ABA-18F3-4B21-BD10-B32425E95F9E}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{4D0E0F9D-DEC6-4C59-B4A3-45F1500662C1}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{51399971-F85D-4FE1-A4E0-699E70C19660}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5154CC8E-E817-43EF-B5DD-D12CFDC4B170}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5180E26C-B2CD-42B3-8026-33644D8474F4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{51E81144-72FF-484B-952E-235C7D2E4037}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{521F06EE-FDBD-4D87-8398-F4D82D4FE1EA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{52DA9CEC-350A-4164-8F46-92B035C14B34}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{53D5515E-687E-42A3-8BF0-427C2B058474}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{568781E0-BCDE-457F-905C-C43E3613CCF8}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{58FBBDA5-B8C5-4DF3-8B46-F5D85DD342FC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5ACE9DD9-45A3-4C34-B2DF-12B15B7D1EDA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5B63379A-78F6-4FC5-BD07-D63740374746}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5BBF0620-E095-4B6F-BF79-3BC661174641}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5E8CE4A6-3BC2-447D-B6CF-8C965710742E}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5EFBF1C4-C55C-43D1-8973-4557302169DF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{5FA81E9A-80C2-4916-AD9B-EEC04648F491}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6396845E-1FB6-4504-BF30-8124EC4940BC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{654D91A9-B61E-485C-B134-72AB45CDCCF9}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{67615C2D-7466-48CA-A706-4DC349A0CB56}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6819A8E1-55D3-4526-B3D4-4EB54CFEB0AC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{69E6B103-2853-4FB7-BFF6-B170967F55BE}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6E045BCD-2A75-4793-806C-B41931000110}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6E1F5CB6-82B8-4B66-A1F9-6B7A4749E5F4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{6F5632FE-2F1A-4F19-A8AC-C81AA4EAF041}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{7493465E-C20E-4993-B4B1-AFD7517BCBA8}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{74DDDA4A-EC79-4E63-9C57-561D62319432}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{788FA752-4E85-41C4-BC6E-8FD6F74B2D17}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{819937A4-7BFA-4D27-B26A-D510336C7BBA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{83FEFEE7-5550-48EB-AEFE-5BFC9396892D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{852BF090-29DA-43B4-AB36-10F6D6B3DFE3}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{858E3423-A614-41E1-8F31-88FD44F1D8DC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{863F55A9-F0FF-4C08-AFEF-0351C629A05A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{866B732C-B3C1-475D-9F71-6EDCA622D1EF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{86DAAEB6-A594-40C9-8944-292303476A8D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{86F28D74-695D-460A-9BC2-F2D3E477BFA0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{881068A9-FE84-4452-9FEA-9F7D37A8F7E4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{888DF1E9-B83D-470D-9327-04C39FB9FB7F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{8B1084C6-0ED1-4780-AB13-25E7E32BB5D1}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{8B1A8674-6548-4264-BA82-8837BD57D4C3}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{8D60E34C-8663-446F-B0D2-6EE4F08EC9CC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{907ADA8B-EC82-41D3-A8E3-EF84008C57A9}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{90A93A05-F280-47FC-80E9-BF28C0A80320}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{96A155AA-72C8-4718-AB2A-81327734009C}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9746C08D-6B00-4412-A038-A0A8E9025659}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{97FF6E3F-0132-4CAC-A373-DB141D3034FB}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9942E3AF-0389-44F0-A7CA-AC45775D8362}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9A664BD6-2D7F-44E7-B117-253AFD31D15F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9D02389B-D560-402D-8D80-A5E7A951D64F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9D9C0993-CA28-453D-AD7F-EF89E26B71BF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{9EDEBF42-C664-4DB9-82F4-EC9B482CD0F7}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{A65EA863-E8BA-428B-9B40-A4F22FE73315}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{A997FA50-98E2-4986-8D52-F3506DFD22CF}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{B319F8EC-3FC0-4056-8EAE-5B1C087F22FA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{B4706277-BA83-47A2-A987-9A209654F44A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{B5D36EE4-3876-4138-BB6B-E6BA4C3806E4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C0488474-C1E0-4126-8E0E-1F6AA5852735}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C1D15D47-6CD7-4FF4-89A2-77630A97B3EA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C2B7F996-02C6-45E8-A621-168D0EC8A2DD}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C44F1E6D-E1A0-48AA-AFB1-87FB9FF8F0AA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C5B9CD51-B407-42E0-A06E-C2E23C785A7F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C7D83160-B91F-4828-9FD4-4BDF954A829D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{C876BBB9-EB97-4A04-B91C-A98531AF950D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{D08A9255-A2D2-4DF6-A794-796D309DB1E2}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{D710F0C8-FB96-453F-99E7-C1B7897704A9}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DAF575BD-4F74-4E97-8C99-2D537D89EB38}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DB196E7B-942B-47CE-B72E-FF7B6F73AC7D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DC6624E5-D3D4-4467-A610-7183E5F1C9E0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DD1437AA-E2FC-41AE-9463-88D2FE738D79}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DE591943-4E42-4273-AAB2-9B3F80EA372F}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{DE84BADC-2860-42C5-AFEB-5B031303DC8B}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E041798F-9C01-4EAC-99C1-14E4AF5DB041}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E054C383-8639-4E4D-ABAD-3D891D8077BA}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E1EAFA73-2A7A-437F-BDCD-5EBC8BB45E6A}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E2F034D2-A7F6-4778-92F8-9F78F9ABF92B}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E39FC253-B83E-448A-9CBA-F8932ABE3486}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E3FB2E78-2782-4AF6-BD02-8ABFF6A3F4E2}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E49AE542-D922-4EF3-B374-F4F3CFACBF58}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E4F20CDB-C733-4EDA-A2E5-58F3F84D81BE}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E621A136-8BD8-40AF-BFDA-A25BCB4B4367}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{E9D30AC6-9036-4799-9C9E-5826A163B30B}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{EB869070-3276-4604-BDEB-F9BA3450E212}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{EFAE6B36-B039-4AC1-9F72-FB74DA95A6AC}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{F21721E8-9FE6-44F0-803A-2E12430FF5A4}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{F2BA664B-5780-4542-94A6-6B5C99B7CAC0}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{F2D3E57D-ED07-4E83-9F08-26CC8126A7C8}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{F2E67B74-F76F-4ABA-9485-92136A577A9D}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{FA741230-9C7C-4B84-8C1C-F2116D342A92}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{FABA98C8-C96D-4549-8401-DC6D228C766E}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{FC140033-F45E-425F-AC15-AE1D78449D98}.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\wpd062674{FD7470D9-6EF4-4783-B7AA-FC30AC2A9E0B}.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll
C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF16B1.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF16BB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF1A6D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF1A78.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF257A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF477D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF4841.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF5B8B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF5D63.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF5DA3.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF6083.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF7F76.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DF9CA9.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFBB38.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFD41A.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFD533.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFE09.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFE47.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFEAEA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFF36F.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~DFF3BB.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~PI527D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~PI528D.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~PIC49E.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\~PIC52B.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\76ZYGTVZ\legend_1[1].jpg moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\CA5J1CE3 moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\legend_2[1].jpg moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[1] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[2] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[3] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[4] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[5] moved successfully.
C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[6] moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\~DFB355.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\~DFBEFA.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\~DFBF44.tmp moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn feed 0 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn update moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn upgrade status moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 0 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 1 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 2 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn upgrade status moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 0 moved successfully.
C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.news.btn upgrade status moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\3y7OQlQLVA85zKgLnAPkMbeXvHg= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\79tuoV3bbY7QB+JA7MNMrmZfT4A= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\79xFnigXNhmUk4DZ0XdmoV1CHx4= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\7aq1FVSoDdqrtwE+hFcJWXbh9sE= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\AAl2FVV26r1yz0mn8bWgMZltZyX0= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\AVbhD2FGfQpdY6XsHJreWPl8rTuc= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\debO4FVUrjZ8wOSIM62Fph0IZXss= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\DlmwX4FRKrfopP0m6TGhX2FCMQTo= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\fCEdemWrT3LGg4I1WiovMHRuJXY= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\kiS5yYccENToCxhwosQIoJOVM2FQ= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\oj7YyHwqA5ZKHNw052Y7cAkBR94= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\oQFlDUJEjc8FFXSwejT7vV2Fgg50= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\p0y8smjxDpHzzDoSaX5ImRpeF30= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\PKhgY6gi3HD2FrlAWWgsxiQ6vR3E= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\qJRjAu3j2FYIXrFEhzQVE2F70APvU= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\smDZ3YZbr3bPODhUEcxtWnyItnA= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\TCA0bhK07KRN54Tu+8qXzvl10cI= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\vk6YDuRPZgP5MfLQktFXsw1aEQw= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\xNWZ3WcRLHElYyHZE5UD8ydnZB0= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\XnyD8vPIRM5idsV6Qkfu+lczgIQ= moved successfully.
C:\Users\hp\AppData\Local\Temp\MessengerCache\YK3tT4vRdupH5lp0sncICqvXy0I= moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\AdvrCntr3.dll NOT unregistered.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\AdvrCntr3.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\NEROINST.DB moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ROLLBACK.DB moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ShellManager3.dll unregistered successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ShellManager3.dll moved successfully.
C:\Users\hp\AppData\Local\Temp\nero.tmp\Nero\NPS\nero.xml.{7042FC7D-ED2E-4C93-B3AA-63D117D31036} moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\NeroBar.exe moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\NeroBar.txt moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\SetupX.exe moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Toolbar.exe moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\003178B2.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0060D479.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0091DFA6.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0093A6D4.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00A7E2A4.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00ABC901.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00AF7559.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0127CF1C.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\015E5F3E.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\Data\017BC0DB.cab moved successfully.
C:\Users\hp\AppData\Local\Temp\NERO14392\D
File/Folder C:\Windows\system32\byvst.dll not found.
[Custom Input]
< C:\Users\hp\AppData\Local\Temp\*.* /s >
File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\iiiii.dll
C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
C:\Users\hp\AppData\Local\Temp\iiiii.ini moved successfully.
C:\Users\hp\AppData\Local\Temp\iiiii.ini2 moved successfully.
C:\Users\hp\AppData\Local\Temp\jusched.log moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp00015b39 moved successfully.
C:\Users\hp\AppData\Local\Temp\hsperfdata_hp\2628 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_122433
[Custom Input]
< C:\Users\hp\AppData\Local\Temp\*.* /s >
File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\iiiii.dll
C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
C:\Users\hp\AppData\Local\Temp\iiiii.ini moved successfully.
C:\Users\hp\AppData\Local\Temp\iiiii.ini2 moved successfully.
C:\Users\hp\AppData\Local\Temp\jusched.log moved successfully.
C:\Users\hp\AppData\Local\Temp\tmp00015b39 moved successfully.
C:\Users\hp\AppData\Local\Temp\hsperfdata_hp\2628 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_122433
Re,
Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller.
Clique sur le bouton rouge Moveit!.
Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
Ferme OTMoveIt2
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
C:\Users\hp\AppData\Local\Temp\iiiii.dll
C:\Users\hp\AppData\Local\Temp\ehmsas.txt
C:\Users\hp\AppData\Local\Temp\ehmsas.txt
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\iiiii.dll
C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_144358
C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_144358
Y a de la résistance ![:o]( ":o")
Sélectionne le contenu du cadre ci-dessous :
Copie-colle le contenu précis de ce cadre dans ton bloc note en l’ouvrant.
Il ne doit manquer aucune ligne !
Enregistre ce fichier sur ton bureau que tu renommeras remove.txt
Télécharge The Avenger (de Swandog46)
Dézippe le sur ton bureau.
Lance le en double cliquant sur l’exe puis fais ok.
Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
Sélectionne ton fichier remove.txt se trouvant sur le bureau.
Clique sur le feu vert puis sur oui.
Le programme va te demander de redémarrer ton pc, accepte.
Poste le rapport qui se trouve ici >>C:\avenger.txt<<
*********
Télécharge DiagHelp.zip (de Malekal) sur ton bureau (Tuto)
Dézippe le ,ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître ! )
Choisis l’option 1 dans la fenêtre qui s’ouvrira.
Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..
ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve également >> C:\resultat.txt <<
Poste le rapport ici.
Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/.
Tuto
Sélectionne le contenu du cadre ci-dessous :
Files to delete:
C:\Users\hp\AppData\Local\Temp\iiiii.dll
C:\Users\hp\AppData\Local\Temp\ehmsas.txt
C:\Users\hp\AppData\Local\Temp\iiiii.dll
C:\Users\hp\AppData\Local\Temp\ehmsas.txt
Copie-colle le contenu précis de ce cadre dans ton bloc note en l’ouvrant.
Il ne doit manquer aucune ligne !
Enregistre ce fichier sur ton bureau que tu renommeras remove.txt
Télécharge The Avenger (de Swandog46)
Dézippe le sur ton bureau.
Lance le en double cliquant sur l’exe puis fais ok.
Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
Sélectionne ton fichier remove.txt se trouvant sur le bureau.
Clique sur le feu vert puis sur oui.
Le programme va te demander de redémarrer ton pc, accepte.
Poste le rapport qui se trouve ici >>C:\avenger.txt<<
*********
Télécharge DiagHelp.zip (de Malekal) sur ton bureau (Tuto)
Dézippe le ,ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître ! )
Choisis l’option 1 dans la fenêtre qui s’ouvrira.
Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..
ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve également >> C:\resultat.txt <<
Poste le rapport ici.
Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/.
Tuto
pour avenger:
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Users\hp\AppData\Local\Temp\iiiii.dll" deleted successfully.
File "C:\Users\hp\AppData\Local\Temp\ehmsas.txt" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Users\hp\AppData\Local\Temp\iiiii.dll" deleted successfully.
File "C:\Users\hp\AppData\Local\Temp\ehmsas.txt" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
DiagHelp version v1.4 - http://www.malekal.com
excute le 2008-03-16 à 15:35:44.53
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\Windows\prefetch\CONIME.EXE-B273009A.pf -->2008-03-16 15:35:43
C:\Windows\prefetch\CMD.EXE-89305D47.pf -->2008-03-16 15:35:41
C:\Windows\prefetch\EXPLORER.EXE-7A3328DA.pf -->2008-03-16 15:35:18
C:\Windows\prefetch\WUAUCLT.EXE-830BCC14.pf -->2008-03-16 15:34:57
C:\Windows\prefetch\LOGONUI.EXE-1BEE4A84.pf -->2008-03-16 15:34:54
C:\Windows\prefetch\WMIPRVSE.EXE-43972D0F.pf -->2008-03-16 15:34:48
C:\Windows\prefetch\WINRAR.EXE-6F42D4E7.pf -->2008-03-16 15:34:18
C:\Windows\prefetch\DLLHOST.EXE-71214090.pf -->2008-03-16 15:34:16
C:\Windows\prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf -->2008-03-16 15:34:11
C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf -->2008-03-16 15:34:05
C:\Windows\System32\drivers\mrxdav.sys -->2008-02-14 17:47:29
C:\Windows\System32\drivers\WdfLdr.sys -->2008-02-14 17:44:46
C:\Windows\System32\drivers\Wdf01000.sys -->2008-02-14 17:44:46
C:\Windows\System32\drivers\sermouse.sys -->2008-02-14 17:44:45
C:\Windows\System32\drivers\mouhid.sys -->2008-02-14 17:44:45
C:\Windows\System32\drivers\mouclass.sys -->2008-02-14 17:44:45
C:\Windows\System32\drivers\kbdhid.sys -->2008-02-14 17:44:45
C:\Windows\System32\wdgxtvsy.ini -->2008-03-16 15:35:21
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->2008-03-16 15:28:56
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->2008-03-16 15:28:56
C:\Windows\System32\ooccpenb.dll -->2008-03-16 12:05:38
C:\Windows\System32\ysvtxgdw.dll -->2008-03-16 12:02:38
C:\Windows\System32\casfwgcf.dll -->2008-03-16 11:58:46
C:\Windows\System32\vuvgpqbm.dll -->2008-03-16 09:47:14
C:\Windows\System32\FNTCACHE.DAT -->2008-03-15 20:26:42
C:\Windows\System32\MsiExec.exe.log -->2008-03-15 10:51:55
C:\Windows\System32\09286d5d -->2008-03-15 09:35:39
C:\Windows\System32\bitcometres.dll -->2008-03-15 09:35:26
C:\Windows\System32\perfh00C.dat -->2008-03-14 21:14:07
C:\Windows\System32\perfh009.dat -->2008-03-14 21:14:06
C:\Windows\System32\perfc00C.dat -->2008-03-14 21:14:06
C:\Windows\System32\perfc009.dat -->2008-03-14 21:14:06
C:\Windows\System32\PerfStringBackup.INI -->2008-03-14 21:14:04
C:\Windows\System32\config.nt -->2008-03-14 21:03:05
C:\Windows\System32\nnlki.dll -->2008-03-14 20:37:25
C:\Windows\System32\Installer.log -->2008-03-13 17:45:08
C:\Windows\System32\mrt.exe -->2008-03-05 17:30:54
C:\Windows\System32\rmoc3260.dll -->2008-03-03 20:46:36
C:\Windows\System32\pndx5032.dll -->2008-03-03 20:46:17
C:\Windows\System32\pndx5016.dll -->2008-03-03 20:46:17
C:\Windows\System32\pncrt.dll -->2008-03-03 20:46:14
C:\Windows\System32\SBRC.dat -->2008-02-16 12:43:12
C:\Windows\WindowsUpdate.log -->2008-03-16 15:34:57
C:\Windows\BM0a1b4c4f.txt -->2008-03-16 15:29:58
C:\Windows\pskt.ini -->2008-03-16 15:29:37
C:\Windows\bootstat.dat -->2008-03-16 15:28:44
C:\Windows\PFRO.log -->2008-03-16 12:58:28
C:\Windows\ntbtlog.txt -->2008-03-16 12:56:39
C:\Windows\BM0a1b4c4f.xml -->2008-03-16 09:46:14
C:\Windows\NeroDigital.ini -->2008-03-15 21:26:47
C:\Windows\PSEXESVC.EXE -->2008-03-15 20:23:34
C:\Windows\DirectX.log -->2008-03-15 10:30:32
C:\Windows\WLXPGSS.SCR -->2008-02-01 11:17:40
C:\Windows\win.ini -->2008-01-28 09:32:38
C:\Windows\UNNeroMediaHome.exe -->2007-12-13 19:09:06
C:\Windows\UNRecode.exe -->2007-12-04 09:59:22
C:\Windows\explorer.exe -->2007-11-15 08:33:20
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 5224
Command line: "C:\Windows\explorer.exe"
Base Size Version Path
0x002e0000 0x2cd000 6.00.6000.16549 C:\Windows\explorer.exe
0x77700000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x76630000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x76320000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x75fd0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x762d0000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x760a0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x76710000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x76aa0000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
0x76c30000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
0x763e0000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x77860000 0x8c000 6.00.6000.16609 C:\Windows\system32\OLEAUT32.dll
0x71800000 0x107000 6.00.6000.16386 C:\Windows\system32\SHDOCVW.dll
0x75080000 0x3f000 6.00.6000.16386 C:\Windows\system32\UxTheme.dll
0x75310000 0x1a000 6.00.6000.16386 C:\Windows\system32\POWRPROF.dll
0x72f10000 0xc000 6.00.6000.16386 C:\Windows\system32\dwmapi.dll
0x74830000 0x1aa000 5.02.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll
0x75900000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x746d0000 0xb7000 6.00.6000.16386 C:\Windows\system32\PROPSYS.dll
0x71d10000 0x145000 6.00.6000.16386 C:\Windows\system32\BROWSEUI.dll
0x77840000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.dll
0x76530000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x721a0000 0x30000 6.00.6000.16386 C:\Windows\system32\DUser.dll
0x75fc0000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x76870000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x74d80000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
0x10000000 0x2c000 C:\Windows\system32\ysvtxgdw.dll
0x769d0000 0xcf000 7.00.6000.16609 C:\Windows\system32\WININET.dll
0x77820000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
0x76980000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
0x75e50000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x76840000 0x2d000 6.00.6000.16386 C:\Windows\system32\ws2_32.dll
0x77830000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x73c90000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x768f0000 0x84000 2001.12.6930.16386 C:\Windows\system32\CLBCatQ.DLL
0x753b0000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x71110000 0xb2000 6.00.6000.16549 C:\Windows\system32\timedate.cpl
0x745a0000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x75cc0000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75fb0000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x747f0000 0x38000 4.02.5406.0000 C:\Windows\system32\OLEACC.dll
0x72230000 0x53000 6.00.6000.16386 C:\Windows\system32\actxprxy.dll
0x75e70000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x72820000 0x2b000 6.00.6000.16386 C:\Windows\system32\msutb.dll
0x75470000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll
0x72800000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll
0x75df0000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x02b60000 0x5cd000 7.00.6000.16609 C:\Windows\system32\ieframe.dll
0x76b00000 0x127000 7.00.6000.16609 C:\Windows\system32\urlmon.dll
0x72140000 0x12000 6.00.6000.16386 C:\Windows\system32\thumbcache.dll
0x722a0000 0x4a000 6.00.6000.16386 C:\Windows\system32\ntshrui.dll
0x72ed0000 0xa000 6.00.6000.16386 C:\Windows\system32\cscapi.dll
0x75330000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x778f0000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x75aa0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
0x6b9f0000 0x223000 6.00.6000.16386 C:\Windows\system32\NetworkExplorer.dll
0x724b0000 0x9000 6.00.6000.16386 C:\Windows\system32\ExplorerFrame.dll
0x72510000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll
0x756c0000 0x8000 6.00.6000.16386 C:\Windows\system32\VERSION.dll
0x6dc10000 0x204000 4.00.6000.16386 C:\Windows\system32\msi.dll
0x71760000 0x92000 6.00.6000.16386 C:\Windows\system32\stobject.dll
0x708a0000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll
0x76140000 0x189000 6.00.6000.16609 C:\Windows\system32\SETUPAPI.dll
0x74fe0000 0x9000 6.00.6000.16553 C:\Windows\system32\WTSAPI32.dll
0x75660000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x75160000 0x2d000 6.00.6000.16386 C:\Windows\system32\WINTRUST.dll
0x75940000 0xf1000 6.00.6000.16425 C:\Windows\system32\CRYPT32.dll
0x75a80000 0x12000 6.00.6000.16386 C:\Windows\system32\MSASN1.dll
0x76600000 0x29000 6.00.6000.16470 C:\Windows\system32\imagehlp.dll
0x722f0000 0x30000 6.00.6000.16386 C:\Windows\system32\MLANG.dll
0x73d50000 0x45000 2001.12.6930.16386 C:\Windows\system32\es.dll
0x71f80000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll
0x746a0000 0x27000 6.00.6000.16386 C:\Windows\System32\MMDevApi.dll
0x74570000 0x21000 6.00.6000.16386 C:\Windows\System32\audioses.dll
0x743d0000 0x66000 6.00.6000.16386 C:\Windows\System32\audioeng.dll
0x749e0000 0x7000 6.00.6000.16386 C:\Windows\System32\AVRT.dll
0x71f50000 0x21000 6.00.6000.16386 C:\Windows\ehome\ehSSO.dll
0x742b0000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL
0x75240000 0x63000 6.00.6000.16501 C:\Windows\system32\FirewallAPI.dll
0x70110000 0x30b000 6.00.6000.16386 C:\Windows\System32\netshell.dll
0x75890000 0x19000 6.00.6000.16386 C:\Windows\System32\IPHLPAPI.DLL
0x75850000 0x35000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc.DLL
0x75ac0000 0x2b000 6.00.6000.16386 C:\Windows\System32\DNSAPI.dll
0x75840000 0x7000 6.00.6000.16386 C:\Windows\System32\WINNSI.DLL
0x75820000 0x20000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc6.DLL
0x745c0000 0xf000 6.00.6000.16386 C:\Windows\System32\nlaapi.dll
0x6d850000 0x1bf000 6.00.6000.16386 C:\Windows\system32\pnidui.dll
0x72850000 0x17000 6.00.6000.16386 C:\Windows\system32\QUtil.dll
0x758b0000 0x3e000 6.00.6000.16386 C:\Windows\system32\wevtapi.dll
0x737d0000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll
0x6fbb0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
0x725b0000 0x27000 6.00.6000.16386 C:\Windows\system32\FunDisc.dll
0x724a0000 0x9000 6.00.6000.16386 C:\Windows\system32\fdproxy.dll
0x72350000 0x126000 8.90.1101.0000 C:\Windows\System32\msxml3.dll
0x75d30000 0x5f000 6.00.6000.16386 C:\Windows\system32\SXS.DLL
0x72480000 0xe000 6.00.6000.16551 C:\Windows\system32\Wlanapi.dll
0x73920000 0x2d000 6.00.6000.16386 C:\Windows\system32\OneX.DLL
0x73a10000 0xd000 6.00.6000.16386 C:\Windows\system32\eappprxy.dll
0x73810000 0x28000 6.00.6000.16386 C:\Windows\system32\eappcfg.dll
0x75770000 0x44000 6.00.6000.16386 C:\Windows\system32\bcrypt.dll
0x72130000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll
0x71ca0000 0x23000 6.00.6000.16386 C:\Windows\system32\wpdshserviceobj.dll
0x731f0000 0x5f000 6.00.6000.16386 C:\Windows\system32\WINHTTP.dll
0x709e0000 0x40000 6.00.6000.16386 C:\Windows\System32\srchadmin.dll
0x034b0000 0x91000 6.83.0074.0009 C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
0x04bb0000 0xa4000 6.83.0092.0011 C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll
0x75020000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
0x74fc0000 0x18000 6.00.6000.16386 C:\Windows\system32\OLEPRO32.DLL
0x767c0000 0x74000 6.00.6000.16386 C:\Windows\system32\comdlg32.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Windows\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Windows\system32\MSVCR71.dll
0x01fa0000 0xb000 6.83.0047.0001 C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
0x05770000 0x87000 6.83.0015.0001 C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
0x709a0000 0x3c000 7.00.6000.16386 C:\Windows\system32\webcheck.dll
0x6a8e0000 0x21c000 6.00.6000.16386 C:\Windows\System32\SyncCenter.dll
0x71540000 0x39000 6.00.6000.16386 C:\Windows\system32\wscntfy.dll
0x6ed80000 0xb000 6.00.6000.16386 C:\Windows\system32\WSCAPI.dll
0x6b600000 0xf9000 6.00.6000.16386 C:\Windows\system32\bthprops.cpl
0x720f0000 0xb000 6.00.6000.16386 C:\Windows\system32\mssprxy.dll
0x72740000 0x2c000 6.00.6000.16386 C:\Windows\System32\QAgent.dll
0x73100000 0x8a000 6.00.6000.16386 C:\Windows\System32\fwpuclnt.dll
0x71510000 0x2b000 6.00.6000.16386 C:\Windows\system32\PortableDeviceTypes.dll
0x6fb60000 0x46000 6.00.6000.16386 C:\Windows\system32\PortableDeviceApi.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 672
Command line: winlogon.exe
Base Size Version Path
0x00ad0000 0x4e000 6.00.6000.16386 C:\Windows\system32\winlogon.exe
0x77700000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x76630000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x76320000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x75fd0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x760a0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x762d0000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x76710000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x75e50000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x75660000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x75fb0000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x75e70000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x77840000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.DLL
0x76530000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x75fc0000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x76870000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x75df0000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x75330000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x778f0000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x76840000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
0x77830000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x75aa0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
0x763e0000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x73df0000 0x3e000 6.00.6000.16386 C:\Windows\system32\SHSVCS.dll
0x75080000 0x3f000 6.00.6000.16386 C:\Windows\system32\uxtheme.dll
0x753b0000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x73c90000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x75cc0000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75900000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x75a40000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll
0x10000000 0x14000 C:\Windows\system32\nnlki.dll
0x77860000 0x8c000 6.00.6000.16609 C:\Windows\system32\oleaut32.dll
0x76c30000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
0x76aa0000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
0x74d80000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
0x76b00000 0x127000 7.00.6000.16609 C:\Windows\system32\urlmon.dll
0x76980000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
0x769d0000 0xcf000 7.00.6000.16609 C:\Windows\system32\WININET.dll
0x77820000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0928-7F7C
Répertoire de C:\Windows\system32
2006-11-02 10:45 7,680 csrss.exe
1 fichier(s) 7,680 octets
0 Rép(s) 46,640,852,992 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0928-7F7C
Répertoire de C:\Windows\Downloaded Program Files
2008-01-19 22:58 <REP> .
2008-01-19 22:58 <REP> ..
2006-09-18 22:26 65 desktop.ini
2005-04-07 16:59 191,488 DigWXMSN.dll
2005-04-07 17:00 261 DigWXMSN.inf
2002-07-25 17:13 24,576 dwusplay.dll
2002-07-25 17:13 196,608 dwusplay.exe
2007-04-13 02:14 382,344 GAME_UNO1.dll
2007-01-17 15:44 316 GAME_UNO1.INF
2007-06-28 14:18 907 GoPetsWeb.inf
2007-06-29 22:34 448,024 GoPetsWeb.ocx
2005-02-16 16:15 401,408 isusweb.dll
2007-02-22 23:41 304,544 MessengerStatsPAClient.dll
2007-02-28 14:21 142,248 SolitaireShowdown.dll
12 fichier(s) 2,092,789 octets
Total des fichiers listés :
12 fichier(s) 2,092,789 octets
2 Rép(s) 46,640,852,992 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
[System\UIPI]
[System\UIPI\Clipboard]
[System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 15:38:57
Windows 6.0.6000 NTFS
scanning hidden services & system hive ...
IPC error: 87 Le fichier spécifié est introuvable.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0d,01,07,17,79,b8,0c,4d,d1,b1,78,6c,51,f6,e5,54,95,c7,53,ce,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2c,09,64,7b,1d,73,0a,d2,0c,1c,d0,50,f0,a3,7c,6a,62,..
"khjeh"=hex:3d,77,1a,6d,d6,42,55,30,36,9f,c7,f0,9a,68,38,9b,2a,e1,4e,4f,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,6a,a5,c4,cf,39,e9,c7,3e,1f,3c,32,dd,2b,1e,ef,eb,e4,ad,87,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0d,01,07,17,79,b8,0c,4d,d1,b1,78,6c,51,f6,e5,54,95,c7,53,ce,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2c,09,64,7b,1d,73,0a,d2,0c,1c,d0,50,f0,a3,7c,6a,62,..
"khjeh"=hex:3d,77,1a,6d,d6,42,55,30,36,9f,c7,f0,9a,68,38,9b,2a,e1,4e,4f,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,6a,a5,c4,cf,39,e9,c7,3e,1f,3c,32,dd,2b,1e,ef,eb,e4,ad,87,83,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Sorry, this version supports only Win2K/XP
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Sorry, this version supports only Win2K/XP
excute le 2008-03-16 à 15:35:44.53
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\Windows\prefetch\CONIME.EXE-B273009A.pf -->2008-03-16 15:35:43
C:\Windows\prefetch\CMD.EXE-89305D47.pf -->2008-03-16 15:35:41
C:\Windows\prefetch\EXPLORER.EXE-7A3328DA.pf -->2008-03-16 15:35:18
C:\Windows\prefetch\WUAUCLT.EXE-830BCC14.pf -->2008-03-16 15:34:57
C:\Windows\prefetch\LOGONUI.EXE-1BEE4A84.pf -->2008-03-16 15:34:54
C:\Windows\prefetch\WMIPRVSE.EXE-43972D0F.pf -->2008-03-16 15:34:48
C:\Windows\prefetch\WINRAR.EXE-6F42D4E7.pf -->2008-03-16 15:34:18
C:\Windows\prefetch\DLLHOST.EXE-71214090.pf -->2008-03-16 15:34:16
C:\Windows\prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf -->2008-03-16 15:34:11
C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf -->2008-03-16 15:34:05
C:\Windows\System32\drivers\mrxdav.sys -->2008-02-14 17:47:29
C:\Windows\System32\drivers\WdfLdr.sys -->2008-02-14 17:44:46
C:\Windows\System32\drivers\Wdf01000.sys -->2008-02-14 17:44:46
C:\Windows\System32\drivers\sermouse.sys -->2008-02-14 17:44:45
C:\Windows\System32\drivers\mouhid.sys -->2008-02-14 17:44:45
C:\Windows\System32\drivers\mouclass.sys -->2008-02-14 17:44:45
C:\Windows\System32\drivers\kbdhid.sys -->2008-02-14 17:44:45
C:\Windows\System32\wdgxtvsy.ini -->2008-03-16 15:35:21
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->2008-03-16 15:28:56
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->2008-03-16 15:28:56
C:\Windows\System32\ooccpenb.dll -->2008-03-16 12:05:38
C:\Windows\System32\ysvtxgdw.dll -->2008-03-16 12:02:38
C:\Windows\System32\casfwgcf.dll -->2008-03-16 11:58:46
C:\Windows\System32\vuvgpqbm.dll -->2008-03-16 09:47:14
C:\Windows\System32\FNTCACHE.DAT -->2008-03-15 20:26:42
C:\Windows\System32\MsiExec.exe.log -->2008-03-15 10:51:55
C:\Windows\System32\09286d5d -->2008-03-15 09:35:39
C:\Windows\System32\bitcometres.dll -->2008-03-15 09:35:26
C:\Windows\System32\perfh00C.dat -->2008-03-14 21:14:07
C:\Windows\System32\perfh009.dat -->2008-03-14 21:14:06
C:\Windows\System32\perfc00C.dat -->2008-03-14 21:14:06
C:\Windows\System32\perfc009.dat -->2008-03-14 21:14:06
C:\Windows\System32\PerfStringBackup.INI -->2008-03-14 21:14:04
C:\Windows\System32\config.nt -->2008-03-14 21:03:05
C:\Windows\System32\nnlki.dll -->2008-03-14 20:37:25
C:\Windows\System32\Installer.log -->2008-03-13 17:45:08
C:\Windows\System32\mrt.exe -->2008-03-05 17:30:54
C:\Windows\System32\rmoc3260.dll -->2008-03-03 20:46:36
C:\Windows\System32\pndx5032.dll -->2008-03-03 20:46:17
C:\Windows\System32\pndx5016.dll -->2008-03-03 20:46:17
C:\Windows\System32\pncrt.dll -->2008-03-03 20:46:14
C:\Windows\System32\SBRC.dat -->2008-02-16 12:43:12
C:\Windows\WindowsUpdate.log -->2008-03-16 15:34:57
C:\Windows\BM0a1b4c4f.txt -->2008-03-16 15:29:58
C:\Windows\pskt.ini -->2008-03-16 15:29:37
C:\Windows\bootstat.dat -->2008-03-16 15:28:44
C:\Windows\PFRO.log -->2008-03-16 12:58:28
C:\Windows\ntbtlog.txt -->2008-03-16 12:56:39
C:\Windows\BM0a1b4c4f.xml -->2008-03-16 09:46:14
C:\Windows\NeroDigital.ini -->2008-03-15 21:26:47
C:\Windows\PSEXESVC.EXE -->2008-03-15 20:23:34
C:\Windows\DirectX.log -->2008-03-15 10:30:32
C:\Windows\WLXPGSS.SCR -->2008-02-01 11:17:40
C:\Windows\win.ini -->2008-01-28 09:32:38
C:\Windows\UNNeroMediaHome.exe -->2007-12-13 19:09:06
C:\Windows\UNRecode.exe -->2007-12-04 09:59:22
C:\Windows\explorer.exe -->2007-11-15 08:33:20
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 5224
Command line: "C:\Windows\explorer.exe"
Base Size Version Path
0x002e0000 0x2cd000 6.00.6000.16549 C:\Windows\explorer.exe
0x77700000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x76630000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x76320000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x75fd0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x762d0000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x760a0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x76710000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x76aa0000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
0x76c30000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
0x763e0000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x77860000 0x8c000 6.00.6000.16609 C:\Windows\system32\OLEAUT32.dll
0x71800000 0x107000 6.00.6000.16386 C:\Windows\system32\SHDOCVW.dll
0x75080000 0x3f000 6.00.6000.16386 C:\Windows\system32\UxTheme.dll
0x75310000 0x1a000 6.00.6000.16386 C:\Windows\system32\POWRPROF.dll
0x72f10000 0xc000 6.00.6000.16386 C:\Windows\system32\dwmapi.dll
0x74830000 0x1aa000 5.02.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll
0x75900000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x746d0000 0xb7000 6.00.6000.16386 C:\Windows\system32\PROPSYS.dll
0x71d10000 0x145000 6.00.6000.16386 C:\Windows\system32\BROWSEUI.dll
0x77840000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.dll
0x76530000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x721a0000 0x30000 6.00.6000.16386 C:\Windows\system32\DUser.dll
0x75fc0000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x76870000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x74d80000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
0x10000000 0x2c000 C:\Windows\system32\ysvtxgdw.dll
0x769d0000 0xcf000 7.00.6000.16609 C:\Windows\system32\WININET.dll
0x77820000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
0x76980000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
0x75e50000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x76840000 0x2d000 6.00.6000.16386 C:\Windows\system32\ws2_32.dll
0x77830000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x73c90000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x768f0000 0x84000 2001.12.6930.16386 C:\Windows\system32\CLBCatQ.DLL
0x753b0000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x71110000 0xb2000 6.00.6000.16549 C:\Windows\system32\timedate.cpl
0x745a0000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x75cc0000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75fb0000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x747f0000 0x38000 4.02.5406.0000 C:\Windows\system32\OLEACC.dll
0x72230000 0x53000 6.00.6000.16386 C:\Windows\system32\actxprxy.dll
0x75e70000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x72820000 0x2b000 6.00.6000.16386 C:\Windows\system32\msutb.dll
0x75470000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll
0x72800000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll
0x75df0000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x02b60000 0x5cd000 7.00.6000.16609 C:\Windows\system32\ieframe.dll
0x76b00000 0x127000 7.00.6000.16609 C:\Windows\system32\urlmon.dll
0x72140000 0x12000 6.00.6000.16386 C:\Windows\system32\thumbcache.dll
0x722a0000 0x4a000 6.00.6000.16386 C:\Windows\system32\ntshrui.dll
0x72ed0000 0xa000 6.00.6000.16386 C:\Windows\system32\cscapi.dll
0x75330000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x778f0000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x75aa0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
0x6b9f0000 0x223000 6.00.6000.16386 C:\Windows\system32\NetworkExplorer.dll
0x724b0000 0x9000 6.00.6000.16386 C:\Windows\system32\ExplorerFrame.dll
0x72510000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll
0x756c0000 0x8000 6.00.6000.16386 C:\Windows\system32\VERSION.dll
0x6dc10000 0x204000 4.00.6000.16386 C:\Windows\system32\msi.dll
0x71760000 0x92000 6.00.6000.16386 C:\Windows\system32\stobject.dll
0x708a0000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll
0x76140000 0x189000 6.00.6000.16609 C:\Windows\system32\SETUPAPI.dll
0x74fe0000 0x9000 6.00.6000.16553 C:\Windows\system32\WTSAPI32.dll
0x75660000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x75160000 0x2d000 6.00.6000.16386 C:\Windows\system32\WINTRUST.dll
0x75940000 0xf1000 6.00.6000.16425 C:\Windows\system32\CRYPT32.dll
0x75a80000 0x12000 6.00.6000.16386 C:\Windows\system32\MSASN1.dll
0x76600000 0x29000 6.00.6000.16470 C:\Windows\system32\imagehlp.dll
0x722f0000 0x30000 6.00.6000.16386 C:\Windows\system32\MLANG.dll
0x73d50000 0x45000 2001.12.6930.16386 C:\Windows\system32\es.dll
0x71f80000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll
0x746a0000 0x27000 6.00.6000.16386 C:\Windows\System32\MMDevApi.dll
0x74570000 0x21000 6.00.6000.16386 C:\Windows\System32\audioses.dll
0x743d0000 0x66000 6.00.6000.16386 C:\Windows\System32\audioeng.dll
0x749e0000 0x7000 6.00.6000.16386 C:\Windows\System32\AVRT.dll
0x71f50000 0x21000 6.00.6000.16386 C:\Windows\ehome\ehSSO.dll
0x742b0000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL
0x75240000 0x63000 6.00.6000.16501 C:\Windows\system32\FirewallAPI.dll
0x70110000 0x30b000 6.00.6000.16386 C:\Windows\System32\netshell.dll
0x75890000 0x19000 6.00.6000.16386 C:\Windows\System32\IPHLPAPI.DLL
0x75850000 0x35000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc.DLL
0x75ac0000 0x2b000 6.00.6000.16386 C:\Windows\System32\DNSAPI.dll
0x75840000 0x7000 6.00.6000.16386 C:\Windows\System32\WINNSI.DLL
0x75820000 0x20000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc6.DLL
0x745c0000 0xf000 6.00.6000.16386 C:\Windows\System32\nlaapi.dll
0x6d850000 0x1bf000 6.00.6000.16386 C:\Windows\system32\pnidui.dll
0x72850000 0x17000 6.00.6000.16386 C:\Windows\system32\QUtil.dll
0x758b0000 0x3e000 6.00.6000.16386 C:\Windows\system32\wevtapi.dll
0x737d0000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll
0x6fbb0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
0x725b0000 0x27000 6.00.6000.16386 C:\Windows\system32\FunDisc.dll
0x724a0000 0x9000 6.00.6000.16386 C:\Windows\system32\fdproxy.dll
0x72350000 0x126000 8.90.1101.0000 C:\Windows\System32\msxml3.dll
0x75d30000 0x5f000 6.00.6000.16386 C:\Windows\system32\SXS.DLL
0x72480000 0xe000 6.00.6000.16551 C:\Windows\system32\Wlanapi.dll
0x73920000 0x2d000 6.00.6000.16386 C:\Windows\system32\OneX.DLL
0x73a10000 0xd000 6.00.6000.16386 C:\Windows\system32\eappprxy.dll
0x73810000 0x28000 6.00.6000.16386 C:\Windows\system32\eappcfg.dll
0x75770000 0x44000 6.00.6000.16386 C:\Windows\system32\bcrypt.dll
0x72130000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll
0x71ca0000 0x23000 6.00.6000.16386 C:\Windows\system32\wpdshserviceobj.dll
0x731f0000 0x5f000 6.00.6000.16386 C:\Windows\system32\WINHTTP.dll
0x709e0000 0x40000 6.00.6000.16386 C:\Windows\System32\srchadmin.dll
0x034b0000 0x91000 6.83.0074.0009 C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
0x04bb0000 0xa4000 6.83.0092.0011 C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll
0x75020000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
0x74fc0000 0x18000 6.00.6000.16386 C:\Windows\system32\OLEPRO32.DLL
0x767c0000 0x74000 6.00.6000.16386 C:\Windows\system32\comdlg32.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Windows\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Windows\system32\MSVCR71.dll
0x01fa0000 0xb000 6.83.0047.0001 C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
0x05770000 0x87000 6.83.0015.0001 C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
0x709a0000 0x3c000 7.00.6000.16386 C:\Windows\system32\webcheck.dll
0x6a8e0000 0x21c000 6.00.6000.16386 C:\Windows\System32\SyncCenter.dll
0x71540000 0x39000 6.00.6000.16386 C:\Windows\system32\wscntfy.dll
0x6ed80000 0xb000 6.00.6000.16386 C:\Windows\system32\WSCAPI.dll
0x6b600000 0xf9000 6.00.6000.16386 C:\Windows\system32\bthprops.cpl
0x720f0000 0xb000 6.00.6000.16386 C:\Windows\system32\mssprxy.dll
0x72740000 0x2c000 6.00.6000.16386 C:\Windows\System32\QAgent.dll
0x73100000 0x8a000 6.00.6000.16386 C:\Windows\System32\fwpuclnt.dll
0x71510000 0x2b000 6.00.6000.16386 C:\Windows\system32\PortableDeviceTypes.dll
0x6fb60000 0x46000 6.00.6000.16386 C:\Windows\system32\PortableDeviceApi.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 672
Command line: winlogon.exe
Base Size Version Path
0x00ad0000 0x4e000 6.00.6000.16386 C:\Windows\system32\winlogon.exe
0x77700000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x76630000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x76320000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x75fd0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x760a0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x762d0000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x76710000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x75e50000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x75660000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x75fb0000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x75e70000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x77840000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.DLL
0x76530000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x75fc0000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x76870000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x75df0000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x75330000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x778f0000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x76840000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
0x77830000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x75aa0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
0x763e0000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x73df0000 0x3e000 6.00.6000.16386 C:\Windows\system32\SHSVCS.dll
0x75080000 0x3f000 6.00.6000.16386 C:\Windows\system32\uxtheme.dll
0x753b0000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x73c90000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x75cc0000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75900000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x75a40000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll
0x10000000 0x14000 C:\Windows\system32\nnlki.dll
0x77860000 0x8c000 6.00.6000.16609 C:\Windows\system32\oleaut32.dll
0x76c30000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
0x76aa0000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
0x74d80000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
0x76b00000 0x127000 7.00.6000.16609 C:\Windows\system32\urlmon.dll
0x76980000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
0x769d0000 0xcf000 7.00.6000.16609 C:\Windows\system32\WININET.dll
0x77820000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0928-7F7C
Répertoire de C:\Windows\system32
2006-11-02 10:45 7,680 csrss.exe
1 fichier(s) 7,680 octets
0 Rép(s) 46,640,852,992 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0928-7F7C
Répertoire de C:\Windows\Downloaded Program Files
2008-01-19 22:58 <REP> .
2008-01-19 22:58 <REP> ..
2006-09-18 22:26 65 desktop.ini
2005-04-07 16:59 191,488 DigWXMSN.dll
2005-04-07 17:00 261 DigWXMSN.inf
2002-07-25 17:13 24,576 dwusplay.dll
2002-07-25 17:13 196,608 dwusplay.exe
2007-04-13 02:14 382,344 GAME_UNO1.dll
2007-01-17 15:44 316 GAME_UNO1.INF
2007-06-28 14:18 907 GoPetsWeb.inf
2007-06-29 22:34 448,024 GoPetsWeb.ocx
2005-02-16 16:15 401,408 isusweb.dll
2007-02-22 23:41 304,544 MessengerStatsPAClient.dll
2007-02-28 14:21 142,248 SolitaireShowdown.dll
12 fichier(s) 2,092,789 octets
Total des fichiers listés :
12 fichier(s) 2,092,789 octets
2 Rép(s) 46,640,852,992 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
[System\UIPI]
[System\UIPI\Clipboard]
[System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 15:38:57
Windows 6.0.6000 NTFS
scanning hidden services & system hive ...
IPC error: 87 Le fichier spécifié est introuvable.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0d,01,07,17,79,b8,0c,4d,d1,b1,78,6c,51,f6,e5,54,95,c7,53,ce,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2c,09,64,7b,1d,73,0a,d2,0c,1c,d0,50,f0,a3,7c,6a,62,..
"khjeh"=hex:3d,77,1a,6d,d6,42,55,30,36,9f,c7,f0,9a,68,38,9b,2a,e1,4e,4f,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,6a,a5,c4,cf,39,e9,c7,3e,1f,3c,32,dd,2b,1e,ef,eb,e4,ad,87,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0d,01,07,17,79,b8,0c,4d,d1,b1,78,6c,51,f6,e5,54,95,c7,53,ce,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2c,09,64,7b,1d,73,0a,d2,0c,1c,d0,50,f0,a3,7c,6a,62,..
"khjeh"=hex:3d,77,1a,6d,d6,42,55,30,36,9f,c7,f0,9a,68,38,9b,2a,e1,4e,4f,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,6a,a5,c4,cf,39,e9,c7,3e,1f,3c,32,dd,2b,1e,ef,eb,e4,ad,87,83,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Sorry, this version supports only Win2K/XP
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Sorry, this version supports only Win2K/XP
Re,
Sélectionne le contenu du cadre ci-dessous :
Copie-colle le contenu précis de ce cadre dans ton bloc note en l’ouvrant.
Il ne doit manquer aucune ligne !
Enregistre ce fichier sur ton bureau que tu renommeras remove.txt
Télécharge The Avenger (de Swandog46)
Dézippe le sur ton bureau.
Lance le en double cliquant sur l’exe puis fais ok.
Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
Sélectionne ton fichier remove.txt se trouvant sur le bureau.
Clique sur le feu vert puis sur oui.
Le programme va te demander de redémarrer ton pc, accepte.
Poste le rapport qui se trouve ici >>C:\avenger.txt<<
Sélectionne le contenu du cadre ci-dessous :
Files to delete:
C:\Windows\system32\ysvtxgdw.dll
C:\Windows\System32\nnlki.dll
C:\Windows\System32\ooccpenb.dll
C:\Windows\System32\ysvtxgdw.dll
C:\Windows\System32\casfwgcf.dll
C:\Windows\System32\vuvgpqbm.dll
C:\Windows\System32\wdgxtvsy.ini
Folders to delete:
C:\Windows\System32\09286d5d
C:\Windows\system32\ysvtxgdw.dll
C:\Windows\System32\nnlki.dll
C:\Windows\System32\ooccpenb.dll
C:\Windows\System32\ysvtxgdw.dll
C:\Windows\System32\casfwgcf.dll
C:\Windows\System32\vuvgpqbm.dll
C:\Windows\System32\wdgxtvsy.ini
Folders to delete:
C:\Windows\System32\09286d5d
Copie-colle le contenu précis de ce cadre dans ton bloc note en l’ouvrant.
Il ne doit manquer aucune ligne !
Enregistre ce fichier sur ton bureau que tu renommeras remove.txt
Télécharge The Avenger (de Swandog46)
Dézippe le sur ton bureau.
Lance le en double cliquant sur l’exe puis fais ok.
Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
Sélectionne ton fichier remove.txt se trouvant sur le bureau.
Clique sur le feu vert puis sur oui.
Le programme va te demander de redémarrer ton pc, accepte.
Poste le rapport qui se trouve ici >>C:\avenger.txt<<
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\ysvtxgdw.dll" deleted successfully.
File "C:\Windows\System32\nnlki.dll" deleted successfully.
File "C:\Windows\System32\ooccpenb.dll" deleted successfully.
Error: file "C:\Windows\System32\ysvtxgdw.dll" not found!
Deletion of file "C:\Windows\System32\ysvtxgdw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
A noter qu'aprés chaque reboot j'ai des message d'alerte qui me signalent l'absence des .dll, c'est normal que windows me fasse ca?
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\ysvtxgdw.dll" deleted successfully.
File "C:\Windows\System32\nnlki.dll" deleted successfully.
File "C:\Windows\System32\ooccpenb.dll" deleted successfully.
Error: file "C:\Windows\System32\ysvtxgdw.dll" not found!
Deletion of file "C:\Windows\System32\ysvtxgdw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
A noter qu'aprés chaque reboot j'ai des message d'alerte qui me signalent l'absence des .dll, c'est normal que windows me fasse ca?
jviens de verifier apparement le txt affiché au démarage du pc est différent de celui présent dans C
voila la totalité:
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\ysvtxgdw.dll" deleted successfully.
File "C:\Windows\System32\nnlki.dll" deleted successfully.
File "C:\Windows\System32\ooccpenb.dll" deleted successfully.
Error: file "C:\Windows\System32\ysvtxgdw.dll" not found!
Deletion of file "C:\Windows\System32\ysvtxgdw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\Windows\System32\casfwgcf.dll" deleted successfully.
File "C:\Windows\System32\vuvgpqbm.dll" deleted successfully.
File "C:\Windows\System32\wdgxtvsy.ini" deleted successfully.
Error: "C:\Windows\System32\09286d5d" is not a folder! It may instead be a file.
Deletion of folder "C:\Windows\System32\09286d5d" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file
Completed script processing.
*******************
voila la totalité:
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\ysvtxgdw.dll" deleted successfully.
File "C:\Windows\System32\nnlki.dll" deleted successfully.
File "C:\Windows\System32\ooccpenb.dll" deleted successfully.
Error: file "C:\Windows\System32\ysvtxgdw.dll" not found!
Deletion of file "C:\Windows\System32\ysvtxgdw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\Windows\System32\casfwgcf.dll" deleted successfully.
File "C:\Windows\System32\vuvgpqbm.dll" deleted successfully.
File "C:\Windows\System32\wdgxtvsy.ini" deleted successfully.
Error: "C:\Windows\System32\09286d5d" is not a folder! It may instead be a file.
Deletion of folder "C:\Windows\System32\09286d5d" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file
Completed script processing.
*******************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34, on 2008-03-16
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnlki.dll,#1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Windows\system32\ysvtxgdw.dll",b
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 14023 bytes
Grace à toi j'arrive a acceder a explorateur windows maintenant ^^
reste juste un tit souci: quand je met l'affchage en mode 'icone' les icones n'apparaissent pas
Scan saved at 18:34, on 2008-03-16
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnlki.dll,#1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Windows\system32\ysvtxgdw.dll",b
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 14023 bytes
Grace à toi j'arrive a acceder a explorateur windows maintenant ^^
reste juste un tit souci: quand je met l'affchage en mode 'icone' les icones n'apparaissent pas
ah ui, j'arrivai meme pas a ouvrir le panneau de config lol
voilà c'est fait :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53, on 2008-03-17
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10789 bytes
voilà c'est fait :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53, on 2008-03-17
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10789 bytes
Re,
Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
Puis Fix Checked !
****
VirusKepper est un antivirus comme avast! ? avec bouclier résident ..?
Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
Puis Fix Checked !
****
VirusKepper est un antivirus comme avast! ? avec bouclier résident ..?
Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 17:59:13
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 2008-03-07 17:59:14
ANTIVIR3.VDF : 7.0.3.41 197632 Bytes 2008-03-17 17:59:14
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-17 17:59:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-17 17:59:14
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-03-17 20:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'CNAB4RPK.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '19' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: 2008-03-17 21:29
Used time: 1:03:45 min
The scan has been done completely.
17068 Scanning directories
334811 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
334811 Files not concerned
3901 Archives were scanned
3 Warnings
12 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29, on 2008-03-17
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10002 bytes
Scan saved at 23:29, on 2008-03-17
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10002 bytes
Tu n'as pas coché toutes les lignes comme je t'ai mis avant.
Télécharge et exécute : http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
*****
Quelles sont les dll dites comme manquantes ?
Télécharge et exécute : http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
*****
Quelles sont les dll dites comme manquantes ?
rapport de clean:
2008-03-18 a 16:09:10.95
*** Recherche C:
*** Recherche C:\Windows\
*** Recherche C:\Windows\system32
C:\Windows\system32\wininit.exe FOUND
C:\Windows\system32\SBFC.dat FOUND
C:\Windows\system32\SBRC.dat FOUND
C:\Windows\system32\wininit.exe FOUND
*** Recherche C:\Program Files
(y'a rien aprés, bizare Oo)
erf...pourtant j'ai verifié toutes les lignes que tu m'a demandé de fix sur ce topic :s:s
2008-03-18 a 16:09:10.95
*** Recherche C:
*** Recherche C:\Windows\
*** Recherche C:\Windows\system32
C:\Windows\system32\wininit.exe FOUND
C:\Windows\system32\SBFC.dat FOUND
C:\Windows\system32\SBRC.dat FOUND
C:\Windows\system32\wininit.exe FOUND
*** Recherche C:\Program Files
(y'a rien aprés, bizare Oo)
erf...pourtant j'ai verifié toutes les lignes que tu m'a demandé de fix sur ce topic :s:s
Re,
Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Télécharger OTMoveIt2. ( de OldTimer)
Enregistrece fichier sur le Bureau.
Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller.
Clique sur le bouton rouge Moveit!.
Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
Ferme OTMoveIt2
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Télécharger OTMoveIt2. ( de OldTimer)
C:\Windows\system32\SBFC.dat
C:\Windows\system32\SBRC.dat
C:\Windows\system32\SBRC.dat
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
hoplà
problème résolu !!
Merci pour ton aide plus que précieuse et surtout ta patience !!![:)]( ":)")
ComboFix 08-03-25.4 - hp 2008-03-27 11:50:59.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.678 [GMT 1:00]
Endroit: C:\Users\hp\Desktop\ComboFix.exe
.
TimedOut: Windir.dat
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\Windows\system32\*"
pv -d20000 * -t -l
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
VFind "C:\Program Files\Real\????.dll"
pv -d40000 * -t -l
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
pv -d25000 * -t -l
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\BM0a1b4c4f.xml
C:\Windows\pskt.ini
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_poof
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 11:01 --------- d-----w C:\Users\hp\AppData\Roaming\Skype
2008-03-23 10:48 --------- d-----w C:\Users\hp\AppData\Roaming\Grisoft
2008-03-23 10:48 --------- d-----w C:\PROGRA~2\Grisoft
2008-03-21 14:37 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-03-21 14:37 311,296 ------w C:\Windows\Setup1.exe
2008-03-18 15:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 21:24 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-03-17 17:57 --------- d-----w C:\Program Files\Avira
2008-03-17 17:57 --------- d-----w C:\PROGRA~2\Avira
2008-03-16 20:39 --------- d-----w C:\Program Files\Google
2008-03-16 20:39 --------- d-----w C:\Program Files\Freecorder
2008-03-16 20:25 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-16 19:08 --------- d-----w C:\Users\hp\AppData\Roaming\BitTorrent
2008-03-15 13:38 --------- d-----w C:\Program Files\Trend Micro
2008-03-15 10:31 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-15 09:55 --------- d-----w C:\Users\hp\AppData\Roaming\Nero
2008-03-15 09:46 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-15 09:35 --------- d-----w C:\Program Files\Nero
2008-03-15 09:35 --------- d-----w C:\PROGRA~2\Nero
2008-03-15 08:42 --------- d-----w C:\Program Files\BitComet
2008-03-15 00:10 --------- d-----w C:\Program Files\CCleaner
2008-03-14 22:13 --------- d-----w C:\Program Files\AxBx
2008-03-14 20:39 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2008-03-14 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-14 13:01 --------- d-----w C:\Program Files\Logitech
2008-03-13 16:39 --------- d-----w C:\Program Files\Hush Communications
2008-03-13 16:38 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-13 08:17 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 08:11 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-03-08 16:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-04 22:26 --------- d-----w C:\Program Files\Windows Live
2008-03-03 19:46 --------- d-----w C:\Program Files\Real
2008-03-03 19:46 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-03 19:46 --------- d-----w C:\Program Files\Common Files\Real
2008-03-03 08:19 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-02 09:43 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 09:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 09:39 --------- d-----w C:\Program Files\MSN Messenger
2008-03-02 09:25 --------- d-----w C:\PROGRA~2\WLInstaller
2008-02-27 10:13 --------- d-----w C:\Users\hp\AppData\Roaming\DMCache
2008-02-25 15:54 --------- d-----w C:\Program Files\Apple Software Update
2008-02-25 15:54 --------- d-----w C:\PROGRA~2\Apple
2008-02-23 22:07 --------- d-----w C:\Program Files\Alliance-RO_2.0
2008-02-23 12:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-22 12:27 --------- d-----w C:\Program Files\TrueDownloader
2008-02-15 16:28 --------- d-----w C:\Users\hp\AppData\Roaming\Sunbelt Software
2008-02-14 16:47 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 16:44 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-14 16:44 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 16:44 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 16:44 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-14 16:44 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-14 16:44 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-14 16:44 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-14 16:44 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-14 16:39 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 16:39 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-14 16:39 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 16:39 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 16:39 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 16:39 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 16:38 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 16:38 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 16:37 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 16:37 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 16:37 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 16:37 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 16:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2007-09-02 14:32 174 --sha-w C:\Program Files\desktop.ini
2007-08-11 10:12 0 ----a-w C:\Users\hp\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 09:10 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-13 23:41 20034600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 09:26 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 07:02 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-05 18:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-05 18:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-05 18:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-01 13:24 77824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-17 18:59 249896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hush Messenger.lnk - C:\Windows\system32\javaw.exe [2007-02-01 13:25:05 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--------- 2003-11-10 16:06 406016 C:\Windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--a------ 2006-10-17 14:56 180224 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6ADF0487-6D14-4FCA-989B-C21EA102D33E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{8CA79458-46BF-47D8-9B58-2D5817FC6621}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{FF4B4CA9-D700-4375-98E1-822DCE60B45C}"= UDP:9692:BitComet 9692 TCP
"{0BA83201-F3B7-4CDE-938E-A7C68E31DED0}"= TCP:9692:BitComet 9692 UDP
"TCP Query User{3DB41A50-319C-4F6D-BBA1-BA62B248B427}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{2101B966-1EB0-4B4E-8186-09F2027B3018}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{72CC2C7E-618C-4146-9477-E3AF0A8A4E64}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{5A702277-52B8-4C6D-9329-81BF7BC582A2}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{D1A1D700-C2DD-4AB1-98CA-7FFCC469A651}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8A291FE8-230B-4C06-846A-EC028C4A7276}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{4C078A36-2558-4A1C-BDD4-CDEBA432B5D3}"= UDP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{188D78C1-DD2C-4C75-B81B-0FA9F9A7386B}"= TCP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"TCP Query User{93D16B2A-3ED8-4A94-A8B5-C9C31F7D629F}C:\\program files\\internet download manager\\idman.exe"= UDP:C:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{21518B6D-C097-4490-85C0-9CBAFE728218}C:\\program files\\internet download manager\\idman.exe"= TCP:C:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"{2963AF20-1A41-4BCE-8C0E-45B0D5919EE9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{FE939899-83D2-44CF-AC99-7F7298E5C82C}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{F08725A6-58E0-4E09-BDA3-4D7B300117D4}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{2ECE11CF-003E-45F5-B8FB-55AB5F591C17}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{D8FFC004-B8B8-4692-96C7-40D97CCBF939}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{FF2F8782-39C6-431F-B415-D2B79910BFE2}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{E7C0A1BC-CBB6-495B-AB05-EAA2A9961993}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{C2786CDD-E20C-4BBB-885F-C5F4934E4716}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe![:p]( ":p")
mc.exe
"{06B4F88D-7E44-4B98-9DE6-792D7BF0D3A3}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe![:p]( ":p")
mc.exe
"{9F23ADC1-47D9-41B2-A9B4-F2AE9D54BDDC}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe![:p]( ":p")
SST.exe
"{B881374E-4751-4234-9EC3-ECD3A1D14E3A}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe![:p]( ":p")
SST.exe
"{817B7ADE-33CE-4130-949C-388F89AC4F7F}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe![:p]( ":p")
MSInstallInit.exe
"{C2F81333-F230-4D79-89F7-68CCB3CED143}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe![:p]( ":p")
MSInstallInit.exe
"{C6649F46-5664-4902-9664-4F7D91929A50}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe![:p]( ":p")
MC.Tvtv.Wizard.exe
"{C5D43870-7E9B-4D3A-8BC7-E52E48F0FFDD}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe![:p]( ":p")
MC.Tvtv.Wizard.exe
"TCP Query User{9F02A418-315E-49AD-8B4C-68F7510CDDD4}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{E3592257-2324-4E91-9A5E-BF78BED33CCF}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{68B9680B-99D8-4F18-9D1A-40761DDFB49C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B4DBE3C-2412-4AC0-873E-0371B7902484}"= UDP:9692:BitComet 9692 TCP
"{D4CF4E55-E10B-4908-BB9B-B384D8E4071D}"= TCP:9692:BitComet 9692 UDP
"{99E7DE53-E41E-4432-AA10-35D8D378B398}"= Disabled:UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe![:p]( ":p")
MCService
"{0FEBE5F4-C194-4ADE-A55A-E90ADB12E594}"= Disabled:TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe![:p]( ":p")
MCService
"TCP Query User{15EC235F-FB5E-43A0-9A0F-67722E07F57D}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{86900462-C8E4-4D8D-84C8-3F7055F4939A}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application
"{7D8DF740-7A00-4D8E-A729-D68BA1B305B7}"= Disabled:UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe![:p]( ":p")
MCService
"{751940FC-E7ED-4F1B-853C-645B76A698BB}"= Disabled:TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe![:p]( ":p")
MCService
"{7C9F437E-50FE-4364-A962-EC85770ED014}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{570EF092-2DAF-4DB4-A0FE-00AD32F8B973}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{CC4D144F-2B8B-46E8-97AB-DB1DDEB6583F}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{449EFBDF-97EA-4A95-A8BA-DDD0207BBBE3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D2DADC03-2ED4-4A5A-BB5D-CD0CC0583AD3}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\Drivers\AF15BDA.sys [2006-11-03 11:46]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-05 19:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7506211-808c-11dc-898a-0016d31eaa47}]
\shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f798e8a4-3ce2-11dc-9592-0016d31eaa47}]
\shell\AutoRun\command - F:\arun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-14 14:00:22 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-03-26 19:20:57 C:\Windows\Tasks\User_Feed_Synchronization-{C83E493A-5CC5-4C6A-8863-594B9C08BFAD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 12:00:31
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-27 12:07:51 - machine was rebooted [hp]
ComboFix-quarantined-files.txt 2008-03-27 11:07:41
.
2008-03-26 19:27:07 --- E O F ---
(merci de prendre du temps pour ca , on le dit jamais assez![;)]( ";)")
)
problème résolu !!
Merci pour ton aide plus que précieuse et surtout ta patience !!
ComboFix 08-03-25.4 - hp 2008-03-27 11:50:59.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.678 [GMT 1:00]
Endroit: C:\Users\hp\Desktop\ComboFix.exe
.
TimedOut: Windir.dat
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\Windows\system32\*"
pv -d20000 * -t -l
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
VFind "C:\Program Files\Real\????.dll"
pv -d40000 * -t -l
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
pv -d25000 * -t -l
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\BM0a1b4c4f.xml
C:\Windows\pskt.ini
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_poof
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 11:01 --------- d-----w C:\Users\hp\AppData\Roaming\Skype
2008-03-23 10:48 --------- d-----w C:\Users\hp\AppData\Roaming\Grisoft
2008-03-23 10:48 --------- d-----w C:\PROGRA~2\Grisoft
2008-03-21 14:37 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-03-21 14:37 311,296 ------w C:\Windows\Setup1.exe
2008-03-18 15:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 21:24 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-03-17 17:57 --------- d-----w C:\Program Files\Avira
2008-03-17 17:57 --------- d-----w C:\PROGRA~2\Avira
2008-03-16 20:39 --------- d-----w C:\Program Files\Google
2008-03-16 20:39 --------- d-----w C:\Program Files\Freecorder
2008-03-16 20:25 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-16 19:08 --------- d-----w C:\Users\hp\AppData\Roaming\BitTorrent
2008-03-15 13:38 --------- d-----w C:\Program Files\Trend Micro
2008-03-15 10:31 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-15 09:55 --------- d-----w C:\Users\hp\AppData\Roaming\Nero
2008-03-15 09:46 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-15 09:35 --------- d-----w C:\Program Files\Nero
2008-03-15 09:35 --------- d-----w C:\PROGRA~2\Nero
2008-03-15 08:42 --------- d-----w C:\Program Files\BitComet
2008-03-15 00:10 --------- d-----w C:\Program Files\CCleaner
2008-03-14 22:13 --------- d-----w C:\Program Files\AxBx
2008-03-14 20:39 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2008-03-14 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-14 13:01 --------- d-----w C:\Program Files\Logitech
2008-03-13 16:39 --------- d-----w C:\Program Files\Hush Communications
2008-03-13 16:38 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-13 08:17 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 08:11 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-03-08 16:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-04 22:26 --------- d-----w C:\Program Files\Windows Live
2008-03-03 19:46 --------- d-----w C:\Program Files\Real
2008-03-03 19:46 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-03 19:46 --------- d-----w C:\Program Files\Common Files\Real
2008-03-03 08:19 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-02 09:43 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 09:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 09:39 --------- d-----w C:\Program Files\MSN Messenger
2008-03-02 09:25 --------- d-----w C:\PROGRA~2\WLInstaller
2008-02-27 10:13 --------- d-----w C:\Users\hp\AppData\Roaming\DMCache
2008-02-25 15:54 --------- d-----w C:\Program Files\Apple Software Update
2008-02-25 15:54 --------- d-----w C:\PROGRA~2\Apple
2008-02-23 22:07 --------- d-----w C:\Program Files\Alliance-RO_2.0
2008-02-23 12:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-22 12:27 --------- d-----w C:\Program Files\TrueDownloader
2008-02-15 16:28 --------- d-----w C:\Users\hp\AppData\Roaming\Sunbelt Software
2008-02-14 16:47 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 16:44 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-14 16:44 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 16:44 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 16:44 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-14 16:44 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-14 16:44 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-14 16:44 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-14 16:44 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-14 16:39 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 16:39 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-14 16:39 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 16:39 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 16:39 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 16:39 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 16:38 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 16:38 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 16:37 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 16:37 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 16:37 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 16:37 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 16:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2007-09-02 14:32 174 --sha-w C:\Program Files\desktop.ini
2007-08-11 10:12 0 ----a-w C:\Users\hp\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 09:10 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-13 23:41 20034600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 09:26 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 07:02 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-05 18:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-05 18:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-05 18:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-01 13:24 77824]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-17 18:59 249896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hush Messenger.lnk - C:\Windows\system32\javaw.exe [2007-02-01 13:25:05 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--------- 2003-11-10 16:06 406016 C:\Windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--a------ 2006-10-17 14:56 180224 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6ADF0487-6D14-4FCA-989B-C21EA102D33E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{8CA79458-46BF-47D8-9B58-2D5817FC6621}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{FF4B4CA9-D700-4375-98E1-822DCE60B45C}"= UDP:9692:BitComet 9692 TCP
"{0BA83201-F3B7-4CDE-938E-A7C68E31DED0}"= TCP:9692:BitComet 9692 UDP
"TCP Query User{3DB41A50-319C-4F6D-BBA1-BA62B248B427}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{2101B966-1EB0-4B4E-8186-09F2027B3018}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{72CC2C7E-618C-4146-9477-E3AF0A8A4E64}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{5A702277-52B8-4C6D-9329-81BF7BC582A2}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{D1A1D700-C2DD-4AB1-98CA-7FFCC469A651}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8A291FE8-230B-4C06-846A-EC028C4A7276}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{4C078A36-2558-4A1C-BDD4-CDEBA432B5D3}"= UDP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{188D78C1-DD2C-4C75-B81B-0FA9F9A7386B}"= TCP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"TCP Query User{93D16B2A-3ED8-4A94-A8B5-C9C31F7D629F}C:\\program files\\internet download manager\\idman.exe"= UDP:C:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{21518B6D-C097-4490-85C0-9CBAFE728218}C:\\program files\\internet download manager\\idman.exe"= TCP:C:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"{2963AF20-1A41-4BCE-8C0E-45B0D5919EE9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{FE939899-83D2-44CF-AC99-7F7298E5C82C}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{F08725A6-58E0-4E09-BDA3-4D7B300117D4}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{2ECE11CF-003E-45F5-B8FB-55AB5F591C17}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{D8FFC004-B8B8-4692-96C7-40D97CCBF939}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{FF2F8782-39C6-431F-B415-D2B79910BFE2}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{E7C0A1BC-CBB6-495B-AB05-EAA2A9961993}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{C2786CDD-E20C-4BBB-885F-C5F4934E4716}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe
mc.exe"{06B4F88D-7E44-4B98-9DE6-792D7BF0D3A3}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe
mc.exe"{9F23ADC1-47D9-41B2-A9B4-F2AE9D54BDDC}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe
SST.exe"{B881374E-4751-4234-9EC3-ECD3A1D14E3A}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe
SST.exe"{817B7ADE-33CE-4130-949C-388F89AC4F7F}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe
MSInstallInit.exe"{C2F81333-F230-4D79-89F7-68CCB3CED143}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe
MSInstallInit.exe"{C6649F46-5664-4902-9664-4F7D91929A50}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe
MC.Tvtv.Wizard.exe"{C5D43870-7E9B-4D3A-8BC7-E52E48F0FFDD}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe
MC.Tvtv.Wizard.exe"TCP Query User{9F02A418-315E-49AD-8B4C-68F7510CDDD4}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{E3592257-2324-4E91-9A5E-BF78BED33CCF}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{68B9680B-99D8-4F18-9D1A-40761DDFB49C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B4DBE3C-2412-4AC0-873E-0371B7902484}"= UDP:9692:BitComet 9692 TCP
"{D4CF4E55-E10B-4908-BB9B-B384D8E4071D}"= TCP:9692:BitComet 9692 UDP
"{99E7DE53-E41E-4432-AA10-35D8D378B398}"= Disabled:UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
MCService"{0FEBE5F4-C194-4ADE-A55A-E90ADB12E594}"= Disabled:TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
MCService"TCP Query User{15EC235F-FB5E-43A0-9A0F-67722E07F57D}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{86900462-C8E4-4D8D-84C8-3F7055F4939A}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application
"{7D8DF740-7A00-4D8E-A729-D68BA1B305B7}"= Disabled:UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
MCService"{751940FC-E7ED-4F1B-853C-645B76A698BB}"= Disabled:TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
MCService"{7C9F437E-50FE-4364-A962-EC85770ED014}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{570EF092-2DAF-4DB4-A0FE-00AD32F8B973}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{CC4D144F-2B8B-46E8-97AB-DB1DDEB6583F}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{449EFBDF-97EA-4A95-A8BA-DDD0207BBBE3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D2DADC03-2ED4-4A5A-BB5D-CD0CC0583AD3}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\Drivers\AF15BDA.sys [2006-11-03 11:46]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-05 19:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7506211-808c-11dc-898a-0016d31eaa47}]
\shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f798e8a4-3ce2-11dc-9592-0016d31eaa47}]
\shell\AutoRun\command - F:\arun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-14 14:00:22 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-03-26 19:20:57 C:\Windows\Tasks\User_Feed_Synchronization-{C83E493A-5CC5-4C6A-8863-594B9C08BFAD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 12:00:31
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-27 12:07:51 - machine was rebooted [hp]
ComboFix-quarantined-files.txt 2008-03-27 11:07:41
.
2008-03-26 19:27:07 --- E O F ---
(merci de prendre du temps pour ca , on le dit jamais assez
) Lassé par la pub ? Créez un compte
- Contenus similaires :
- articlesWindows 7 explorateur windows plante au demarrage
- ForumExplorateur windows plante vista
- ForumExplorateur windows plante
- ForumExplorateur windows plante windows 7
- ForumMon explorateur windows plante
- ForumExplorateur windows plante image
- ForumExplorateur windows 7 plante
- ForumExplorateur windows plante sanscesse
- ForumExplorateur windows plante avec avi
- ForumMon explorateur windows 2011 plante
- Voir plus
