Fichier .exe qui revient toujours et qui pren
Résolu
jacky49
-
moment de grace Messages postés 30049 Statut Contributeur sécurité -
moment de grace Messages postés 30049 Statut Contributeur sécurité -
Bonjour,
j'ai des fichiers .exe qui se mettent en route et je n'arrive pas à les enlever en faisant fin de tache
ils prennent 80% de mes ressources systemes et ralentissenet l'ordi
Avast ne les supprimes pas , j'arrive seulement a les enlever mais uniquement en faisant 1 restauration systeme du PC mais des que je met 1 cle USB cela revient
et c'est fichiers changent de nom
comment faire
merci d'avance
j'ai des fichiers .exe qui se mettent en route et je n'arrive pas à les enlever en faisant fin de tache
ils prennent 80% de mes ressources systemes et ralentissenet l'ordi
Avast ne les supprimes pas , j'arrive seulement a les enlever mais uniquement en faisant 1 restauration systeme du PC mais des que je met 1 cle USB cela revient
et c'est fichiers changent de nom
comment faire
merci d'avance
A voir également:
- Videxe
- Fichier bin - Guide
- Fichier epub - Guide
- Fichier rar - Guide
- Comment réduire la taille d'un fichier - Guide
- Fichier .dat - Guide
50 réponses
oui j'ai été trops vite ..........
rapport UsbFix
############################## | UsbFix V6.082 |
User : Jacky (Administrateurs) # JACKY-PC-HP
Update on 29/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:07:56 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 338,03 Go (301,68 Go free) [HP] # NTFS
D:\ -> Disque fixe local # 13,9 Go (2,43 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 7,53 Go (3 Go free) # FAT32
K:\ -> Disque fixe local # 146,48 Go (137,49 Go free) [Sauvegarde 1] # NTFS
L:\ -> Disque fixe local # 97,65 Go (94,59 Go free) [Sauvegarde Photo-Chanson] # NTFS
M:\ -> Disque amovible # 7,46 Go (7,31 Go free) [USB DISK] # FAT32
############################## | Processus actifs |
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1120
C:\Windows\SysWOW64\svchost.exe 1808
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 1852
C:\Program Files\Alwil Software\Avast5\setup\avast.setup 1912
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe 1976
C:\Windows\SysWOW64\runonce.exe 2432
################## | Elements infectieux |
Supprimé ! C:\$Recycle.Bin\S-1-5-21-404462451-3735148479-3794266161-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-404462451-3735148479-3794266161-1000
Supprimé ! J:\driver\usb
Supprimé ! J:\Documents .lnk
Supprimé ! J:\Music .lnk
Supprimé ! J:\New Folder .lnk
Supprimé ! J:\Passwords .lnk
Supprimé ! J:\Pictures .lnk
Supprimé ! J:\Video .lnk
Supprimé ! J:\autorun.inf
Supprimé ! J:\riogoo.exe
Supprimé ! J:\riogoo.scr
Supprimé ! J:\zoakaa.exe
Supprimé ! J:\zoakaa.scr
Supprimé ! J:\diogiit.exe
Supprimé ! J:\diogiit.scr
Supprimé ! K:\$Recycle.Bin\S-1-5-21-404462451-3735148479-3794266161-1000
Supprimé ! L:\$Recycle.Bin\S-1-5-21-404462451-3735148479-3794266161-1000
################## | Registre |
################## | Mountpoints2 |
################## | Listing des fichiers présent |
[?|?|?] C:\hiberfil.sys
[01/12/2006 22:37|--a------|904704] C:\msdia80.dll
[?|?|?] C:\pagefile.sys
[30/01/2010 19:09|--a------|2418] C:\UsbFix.txt
[13/07/2009 18:39|--ahs----|383562] D:\bootmgr
[24/01/2010 17:10|---hs----|0] D:\BT_HP.FLG
[21/09/2009 03:43|--ahs----|484] D:\CSP.DAT
[21/09/2009 04:00|--ahs----|15333] D:\DeployRp.log
[24/01/2010 17:10|--ahs----|22] D:\language.ini
[21/09/2009 04:00|--ahs----|0] D:\RPCONFIG.LOG
[27/10/2007 12:21|--a------|4741278] J:\13-david_guetta-love_is_gone_(fred_rister_and_joachim_garraud_radio_edit_rmx).mp3
[27/10/2007 12:21|--a------|4442590] J:\14-david_guetta-dont_be_afraid_(bonus_track).mp3
[?|?|?] J:\IMG_1725.JPG
[?|?|?] J:\IMG_1726.JPG
[19/08/2009 06:40|--a------|0] J:\IMG_1934.JPG
[19/08/2009 07:00|--a------|0] J:\IMG_1935.JPG
[19/08/2009 07:24|--a------|0] J:\IMG_1936.JPG
[19/08/2009 07:24|--a------|0] J:\IMG_1937.JPG
[19/08/2009 07:26|--a------|0] J:\IMG_1938.JPG
[19/08/2009 07:31|--a------|0] J:\IMG_1939.JPG
[19/08/2009 07:31|--a------|0] J:\IMG_1940.JPG
[19/08/2009 07:33|--a------|0] J:\IMG_1942.JPG
[19/08/2009 07:36|--a------|0] J:\IMG_1943.JPG
[19/08/2009 07:39|--a------|0] J:\IMG_1944.JPG
[19/08/2009 07:53|--a------|0] J:\IMG_1947.JPG
[19/08/2009 07:56|--a------|0] J:\IMG_1948.JPG
[19/08/2009 07:56|--a------|0] J:\IMG_1949.JPG
[19/08/2009 08:00|--a------|0] J:\IMG_1950.JPG
[19/08/2009 08:00|--a------|0] J:\IMG_1951.JPG
[19/08/2009 08:02|--a------|0] J:\IMG_1952.JPG
[19/08/2009 08:02|--a------|0] J:\IMG_1953.JPG
[19/08/2009 08:05|--a------|0] J:\IMG_1954.JPG
[19/08/2009 08:05|--a------|0] J:\IMG_1955.JPG
[19/08/2009 08:11|--a------|0] J:\IMG_1956.JPG
[19/08/2009 08:11|--a------|0] J:\IMG_1957.JPG
[19/08/2009 08:20|--a------|0] J:\IMG_1958.JPG
[19/08/2009 08:20|--a------|0] J:\IMG_1959.JPG
[19/08/2009 08:22|--a------|0] J:\IMG_1960.JPG
[19/08/2009 08:22|--a------|0] J:\IMG_1961.JPG
[19/08/2009 08:23|--a------|0] J:\IMG_1962.JPG
[19/08/2009 08:25|--a------|0] J:\IMG_1963.JPG
[19/08/2009 08:27|--a------|0] J:\IMG_1964.JPG
[19/08/2009 08:27|--a------|0] J:\IMG_1965.JPG
[19/08/2009 08:30|--a------|0] J:\IMG_1966.JPG
[19/08/2009 08:32|--a------|0] J:\IMG_1967.JPG
[19/08/2009 08:42|--a------|0] J:\IMG_1968.JPG
[19/08/2009 08:47|--a------|0] J:\IMG_1969.JPG
[19/08/2009 08:49|--a------|0] J:\IMG_1970.JPG
[19/08/2009 08:51|--a------|0] J:\IMG_1971.JPG
[19/08/2009 08:51|--a------|0] J:\IMG_1972.JPG
[19/08/2009 08:51|--a------|0] J:\IMG_1973.JPG
[19/08/2009 08:51|--a------|0] J:\IMG_1974.JPG
[19/08/2009 08:54|--a------|0] J:\IMG_1975.JPG
[19/08/2009 08:55|--a------|0] J:\IMG_1976.JPG
[19/08/2009 08:57|--a------|0] J:\IMG_1977.JPG
[19/08/2009 08:58|--a------|0] J:\IMG_1978.JPG
[19/08/2009 08:58|--a------|0] J:\IMG_1979.JPG
[19/08/2009 08:59|--a------|0] J:\IMG_1980.JPG
[19/08/2009 09:01|--a------|0] J:\IMG_1981.JPG
[19/08/2009 09:01|--a------|0] J:\IMG_1982.JPG
[19/08/2009 09:02|--a------|0] J:\IMG_1983.JPG
[19/08/2009 09:03|--a------|0] J:\IMG_1984.JPG
[19/08/2009 09:06|--a------|0] J:\IMG_1985.JPG
[19/08/2009 09:06|--a------|0] J:\IMG_1986.JPG
[19/08/2009 09:08|--a------|0] J:\IMG_1987.JPG
[20/08/2009 19:27|--a------|0] J:\IMG_2186.JPG
[20/08/2009 19:28|--a------|0] J:\IMG_2187.JPG
[20/08/2009 19:28|--a------|0] J:\IMG_2188.JPG
[20/08/2009 19:28|--a------|0] J:\IMG_2189.JPG
[20/08/2009 19:29|--a------|0] J:\IMG_2190.JPG
[20/08/2009 19:29|--a------|0] J:\IMG_2191.JPG
[20/08/2009 19:29|--a------|0] J:\IMG_2192.JPG
[20/08/2009 19:30|--a------|0] J:\IMG_2193.JPG
[20/08/2009 19:30|--a------|0] J:\IMG_2194.JPG
[04/11/2008 01:21|--a------|752583244] J:\Movie - Ocean's Twelve - DVD Rip 12.mpg
[04/11/2008 04:23|--a------|729905152] J:\Oceans.Thirteen.13.FRENCH.DVDRip.avi
[05/11/2008 23:34|--a------|724101120] J:\Le Roi Lion (Film DivX Francais Complet de Walt DISNEY).avi
[06/11/2008 00:26|--a------|698374144] J:\Walt Disney - La petite sirene 1 - dessin animee fr.AVI
[07/11/2008 12:23|--a------|714997760] J:\Walt Disney - Anastasia.(Walt.Disney).Divx.Fr..avi
[17/05/2009 11:39|--a------|19456] J:\cl‚ pack office 2007.doc
[25/01/2009 12:15|--a------|1492925] J:\05 Piste 5.wma
[?|?|?] J:\06 Piste 6.wma
[25/01/2009 12:15|--a------|2646463] J:\10 Piste 10.wma
[25/01/2009 12:23|--a------|3853754] J:\11 justement.mp3
[?|?|?] J:\04-david_guetta-delirious_(ft_tara_mc_donald).mp3
[27/10/2007 12:20|--a------|5193661] J:\05-david_guetta-tomorrow_can_wait_(vs_el_tocadisco).mp3
[27/10/2007 12:20|--a------|4453575] J:\06-david_guetta-winner_of_the_game_(ft_jd_davis).mp3
[27/10/2007 12:20|--a------|6520042] J:\07-david_guetta-do_something_love_(ft_juliet).mp3
[27/10/2007 12:20|--a------|5362066] J:\08-david_guetta-youre_not_alone_(ft_tara_mc_donald).mp3
[27/10/2007 12:20|--a------|5557285] J:\09-david_guetta-never_take_away_my_freedom.mp3
[27/10/2007 12:21|--a------|4660435] J:\10-david_guetta-this_is_not_a_love_long_(ft_jd_davis).mp3
[27/10/2007 12:21|--a------|5762694] J:\11-david_guetta-always_(ft_jd_davis).mp3
[27/10/2007 12:21|--a------|5489341] J:\12-david_guetta-joan_of_arc_(ft_thailand).mp3
[27/07/2009 22:01|--a------|32268] L:\shema clim r21phase1.gif
[25/12/2009 19:06|--a------|5157523] M:\0 - Edward Maya Feat Alicia - Stereo Love (Radio Edit)(1).mp3
[23/04/2009 10:18|--a------|3317202] M:\- 10 Tryo - L'hymne de nos campagnes(1).mp3
[25/12/2009 18:45|--a------|3106758] M:\- 415 Sting & The Police - Roxanne.mp3
[24/12/2009 16:49|--a------|3669308] M:\- Mika - Relax, Take It Easy.mp3
[25/12/2009 18:55|--a------|3558503] M:\- Pink Floid- Another brick in the wall.mp3
[06/07/2009 16:16|--a------|7035934] M:\- Anni 70'80 - Opus - Live Is Life(1).mp3
[25/12/2009 19:19|--a------|11805651] M:\- Bad Romance - Lady Gaga.mp3
[19/01/2009 18:48|--a------|4463091] M:\Duffy - Mercy(1).mp3
[21/04/2009 17:43|--a------|3230392] M:\- Magic Systeme - Zouglou Dance.mp3
[14/05/2009 14:12|--a------|3665996] M:\NEYO - CLOSER.mp3
[19/11/2008 23:18|--a------|6171238] M:\Patrick Hernandez - Born To Be Alive.mp3
[26/04/2009 15:28|--a------|2833965] M:\$-Alain Bashung - Osez Jos‚phine(1).mp3
[24/12/2009 16:48|--a------|9142452] M:\[1] [0] Mozart L'opera Rock - L'Assasymphonie.mp3
[30/03/2009 21:37|--a------|5161719] M:\06 - Lady Gaga - Poker Face.mp3
[25/12/2009 19:16|--a------|5542703] M:\08- Les Jumos Selesao - Zoomer.mp3
[09/12/2009 21:24|--a------|3391235] M:\amel bent ou je vais.mp3
[09/12/2009 21:26|--a------|7327491] M:\Black Eyed Peas - Meet Me Halfway.mp3
[12/05/2009 11:01|--a------|3256040] M:\Blues Brothers - Everybody need somebody.mp3
[09/12/2008 15:19|--a------|5820865] M:\Britney Spears - Circus - 02 - Circus.mp3
[21/04/2009 17:42|--a------|6336296] M:\Emmanuel Moire - Adulte et Sexy.mp3
[24/12/2009 19:02|--a------|3427319] M:\Gilles Luka - On S'Evite.mp3
[14/12/2009 18:38|--a------|5672960] M:\Gregory Lemarchal - Je reve.mp3
[07/07/2009 13:52|--a------|5661246] M:\Helmut Fritz - €a M'‚nerve ! (Extended Mix).mp3
[24/12/2009 16:42|--a------|5251072] M:\I Want to Know What Love Is...maryah carey.mp3
[24/12/2009 16:29|--a------|3538944] M:\Maryah Carey - I Cant Live If Living Is Without You.mp3
[24/12/2009 16:27|--a------|8960728] M:\Mika - Rain.mp3
[25/12/2009 18:36|--a------|4589319] M:\Noir Desir - Le Vent L'Emportera.mp3
[25/12/2009 18:54|--a------|5515409] M:\Rihanna - Roussian Roulette.mp3
[12/05/2009 10:48|--a------|3626220] M:\The Rollings Stones - Satisfaction.mp3
[25/12/2009 19:10|--a------|6369774] M:\Vanessa Paradis - Il Y A.mp3
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# J:\autorun.inf -> Dossier créé par UsbFix.
# K:\autorun.inf -> Dossier créé par UsbFix.
# L:\autorun.inf -> Dossier créé par UsbFix.
# M:\autorun.inf -> Dossier créé par UsbFix.
rapport UsbFix
############################## | UsbFix V6.082 |
User : Jacky (Administrateurs) # JACKY-PC-HP
Update on 29/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:07:56 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 338,03 Go (301,68 Go free) [HP] # NTFS
D:\ -> Disque fixe local # 13,9 Go (2,43 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 7,53 Go (3 Go free) # FAT32
K:\ -> Disque fixe local # 146,48 Go (137,49 Go free) [Sauvegarde 1] # NTFS
L:\ -> Disque fixe local # 97,65 Go (94,59 Go free) [Sauvegarde Photo-Chanson] # NTFS
M:\ -> Disque amovible # 7,46 Go (7,31 Go free) [USB DISK] # FAT32
############################## | Processus actifs |
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1120
C:\Windows\SysWOW64\svchost.exe 1808
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 1852
C:\Program Files\Alwil Software\Avast5\setup\avast.setup 1912
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe 1976
C:\Windows\SysWOW64\runonce.exe 2432
################## | Elements infectieux |
Supprimé ! C:\$Recycle.Bin\S-1-5-21-404462451-3735148479-3794266161-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-404462451-3735148479-3794266161-1000
Supprimé ! J:\driver\usb
Supprimé ! J:\Documents .lnk
Supprimé ! J:\Music .lnk
Supprimé ! J:\New Folder .lnk
Supprimé ! J:\Passwords .lnk
Supprimé ! J:\Pictures .lnk
Supprimé ! J:\Video .lnk
Supprimé ! J:\autorun.inf
Supprimé ! J:\riogoo.exe
Supprimé ! J:\riogoo.scr
Supprimé ! J:\zoakaa.exe
Supprimé ! J:\zoakaa.scr
Supprimé ! J:\diogiit.exe
Supprimé ! J:\diogiit.scr
Supprimé ! K:\$Recycle.Bin\S-1-5-21-404462451-3735148479-3794266161-1000
Supprimé ! L:\$Recycle.Bin\S-1-5-21-404462451-3735148479-3794266161-1000
################## | Registre |
################## | Mountpoints2 |
################## | Listing des fichiers présent |
[?|?|?] C:\hiberfil.sys
[01/12/2006 22:37|--a------|904704] C:\msdia80.dll
[?|?|?] C:\pagefile.sys
[30/01/2010 19:09|--a------|2418] C:\UsbFix.txt
[13/07/2009 18:39|--ahs----|383562] D:\bootmgr
[24/01/2010 17:10|---hs----|0] D:\BT_HP.FLG
[21/09/2009 03:43|--ahs----|484] D:\CSP.DAT
[21/09/2009 04:00|--ahs----|15333] D:\DeployRp.log
[24/01/2010 17:10|--ahs----|22] D:\language.ini
[21/09/2009 04:00|--ahs----|0] D:\RPCONFIG.LOG
[27/10/2007 12:21|--a------|4741278] J:\13-david_guetta-love_is_gone_(fred_rister_and_joachim_garraud_radio_edit_rmx).mp3
[27/10/2007 12:21|--a------|4442590] J:\14-david_guetta-dont_be_afraid_(bonus_track).mp3
[?|?|?] J:\IMG_1725.JPG
[?|?|?] J:\IMG_1726.JPG
[19/08/2009 06:40|--a------|0] J:\IMG_1934.JPG
[19/08/2009 07:00|--a------|0] J:\IMG_1935.JPG
[19/08/2009 07:24|--a------|0] J:\IMG_1936.JPG
[19/08/2009 07:24|--a------|0] J:\IMG_1937.JPG
[19/08/2009 07:26|--a------|0] J:\IMG_1938.JPG
[19/08/2009 07:31|--a------|0] J:\IMG_1939.JPG
[19/08/2009 07:31|--a------|0] J:\IMG_1940.JPG
[19/08/2009 07:33|--a------|0] J:\IMG_1942.JPG
[19/08/2009 07:36|--a------|0] J:\IMG_1943.JPG
[19/08/2009 07:39|--a------|0] J:\IMG_1944.JPG
[19/08/2009 07:53|--a------|0] J:\IMG_1947.JPG
[19/08/2009 07:56|--a------|0] J:\IMG_1948.JPG
[19/08/2009 07:56|--a------|0] J:\IMG_1949.JPG
[19/08/2009 08:00|--a------|0] J:\IMG_1950.JPG
[19/08/2009 08:00|--a------|0] J:\IMG_1951.JPG
[19/08/2009 08:02|--a------|0] J:\IMG_1952.JPG
[19/08/2009 08:02|--a------|0] J:\IMG_1953.JPG
[19/08/2009 08:05|--a------|0] J:\IMG_1954.JPG
[19/08/2009 08:05|--a------|0] J:\IMG_1955.JPG
[19/08/2009 08:11|--a------|0] J:\IMG_1956.JPG
[19/08/2009 08:11|--a------|0] J:\IMG_1957.JPG
[19/08/2009 08:20|--a------|0] J:\IMG_1958.JPG
[19/08/2009 08:20|--a------|0] J:\IMG_1959.JPG
[19/08/2009 08:22|--a------|0] J:\IMG_1960.JPG
[19/08/2009 08:22|--a------|0] J:\IMG_1961.JPG
[19/08/2009 08:23|--a------|0] J:\IMG_1962.JPG
[19/08/2009 08:25|--a------|0] J:\IMG_1963.JPG
[19/08/2009 08:27|--a------|0] J:\IMG_1964.JPG
[19/08/2009 08:27|--a------|0] J:\IMG_1965.JPG
[19/08/2009 08:30|--a------|0] J:\IMG_1966.JPG
[19/08/2009 08:32|--a------|0] J:\IMG_1967.JPG
[19/08/2009 08:42|--a------|0] J:\IMG_1968.JPG
[19/08/2009 08:47|--a------|0] J:\IMG_1969.JPG
[19/08/2009 08:49|--a------|0] J:\IMG_1970.JPG
[19/08/2009 08:51|--a------|0] J:\IMG_1971.JPG
[19/08/2009 08:51|--a------|0] J:\IMG_1972.JPG
[19/08/2009 08:51|--a------|0] J:\IMG_1973.JPG
[19/08/2009 08:51|--a------|0] J:\IMG_1974.JPG
[19/08/2009 08:54|--a------|0] J:\IMG_1975.JPG
[19/08/2009 08:55|--a------|0] J:\IMG_1976.JPG
[19/08/2009 08:57|--a------|0] J:\IMG_1977.JPG
[19/08/2009 08:58|--a------|0] J:\IMG_1978.JPG
[19/08/2009 08:58|--a------|0] J:\IMG_1979.JPG
[19/08/2009 08:59|--a------|0] J:\IMG_1980.JPG
[19/08/2009 09:01|--a------|0] J:\IMG_1981.JPG
[19/08/2009 09:01|--a------|0] J:\IMG_1982.JPG
[19/08/2009 09:02|--a------|0] J:\IMG_1983.JPG
[19/08/2009 09:03|--a------|0] J:\IMG_1984.JPG
[19/08/2009 09:06|--a------|0] J:\IMG_1985.JPG
[19/08/2009 09:06|--a------|0] J:\IMG_1986.JPG
[19/08/2009 09:08|--a------|0] J:\IMG_1987.JPG
[20/08/2009 19:27|--a------|0] J:\IMG_2186.JPG
[20/08/2009 19:28|--a------|0] J:\IMG_2187.JPG
[20/08/2009 19:28|--a------|0] J:\IMG_2188.JPG
[20/08/2009 19:28|--a------|0] J:\IMG_2189.JPG
[20/08/2009 19:29|--a------|0] J:\IMG_2190.JPG
[20/08/2009 19:29|--a------|0] J:\IMG_2191.JPG
[20/08/2009 19:29|--a------|0] J:\IMG_2192.JPG
[20/08/2009 19:30|--a------|0] J:\IMG_2193.JPG
[20/08/2009 19:30|--a------|0] J:\IMG_2194.JPG
[04/11/2008 01:21|--a------|752583244] J:\Movie - Ocean's Twelve - DVD Rip 12.mpg
[04/11/2008 04:23|--a------|729905152] J:\Oceans.Thirteen.13.FRENCH.DVDRip.avi
[05/11/2008 23:34|--a------|724101120] J:\Le Roi Lion (Film DivX Francais Complet de Walt DISNEY).avi
[06/11/2008 00:26|--a------|698374144] J:\Walt Disney - La petite sirene 1 - dessin animee fr.AVI
[07/11/2008 12:23|--a------|714997760] J:\Walt Disney - Anastasia.(Walt.Disney).Divx.Fr..avi
[17/05/2009 11:39|--a------|19456] J:\cl‚ pack office 2007.doc
[25/01/2009 12:15|--a------|1492925] J:\05 Piste 5.wma
[?|?|?] J:\06 Piste 6.wma
[25/01/2009 12:15|--a------|2646463] J:\10 Piste 10.wma
[25/01/2009 12:23|--a------|3853754] J:\11 justement.mp3
[?|?|?] J:\04-david_guetta-delirious_(ft_tara_mc_donald).mp3
[27/10/2007 12:20|--a------|5193661] J:\05-david_guetta-tomorrow_can_wait_(vs_el_tocadisco).mp3
[27/10/2007 12:20|--a------|4453575] J:\06-david_guetta-winner_of_the_game_(ft_jd_davis).mp3
[27/10/2007 12:20|--a------|6520042] J:\07-david_guetta-do_something_love_(ft_juliet).mp3
[27/10/2007 12:20|--a------|5362066] J:\08-david_guetta-youre_not_alone_(ft_tara_mc_donald).mp3
[27/10/2007 12:20|--a------|5557285] J:\09-david_guetta-never_take_away_my_freedom.mp3
[27/10/2007 12:21|--a------|4660435] J:\10-david_guetta-this_is_not_a_love_long_(ft_jd_davis).mp3
[27/10/2007 12:21|--a------|5762694] J:\11-david_guetta-always_(ft_jd_davis).mp3
[27/10/2007 12:21|--a------|5489341] J:\12-david_guetta-joan_of_arc_(ft_thailand).mp3
[27/07/2009 22:01|--a------|32268] L:\shema clim r21phase1.gif
[25/12/2009 19:06|--a------|5157523] M:\0 - Edward Maya Feat Alicia - Stereo Love (Radio Edit)(1).mp3
[23/04/2009 10:18|--a------|3317202] M:\- 10 Tryo - L'hymne de nos campagnes(1).mp3
[25/12/2009 18:45|--a------|3106758] M:\- 415 Sting & The Police - Roxanne.mp3
[24/12/2009 16:49|--a------|3669308] M:\- Mika - Relax, Take It Easy.mp3
[25/12/2009 18:55|--a------|3558503] M:\- Pink Floid- Another brick in the wall.mp3
[06/07/2009 16:16|--a------|7035934] M:\- Anni 70'80 - Opus - Live Is Life(1).mp3
[25/12/2009 19:19|--a------|11805651] M:\- Bad Romance - Lady Gaga.mp3
[19/01/2009 18:48|--a------|4463091] M:\Duffy - Mercy(1).mp3
[21/04/2009 17:43|--a------|3230392] M:\- Magic Systeme - Zouglou Dance.mp3
[14/05/2009 14:12|--a------|3665996] M:\NEYO - CLOSER.mp3
[19/11/2008 23:18|--a------|6171238] M:\Patrick Hernandez - Born To Be Alive.mp3
[26/04/2009 15:28|--a------|2833965] M:\$-Alain Bashung - Osez Jos‚phine(1).mp3
[24/12/2009 16:48|--a------|9142452] M:\[1] [0] Mozart L'opera Rock - L'Assasymphonie.mp3
[30/03/2009 21:37|--a------|5161719] M:\06 - Lady Gaga - Poker Face.mp3
[25/12/2009 19:16|--a------|5542703] M:\08- Les Jumos Selesao - Zoomer.mp3
[09/12/2009 21:24|--a------|3391235] M:\amel bent ou je vais.mp3
[09/12/2009 21:26|--a------|7327491] M:\Black Eyed Peas - Meet Me Halfway.mp3
[12/05/2009 11:01|--a------|3256040] M:\Blues Brothers - Everybody need somebody.mp3
[09/12/2008 15:19|--a------|5820865] M:\Britney Spears - Circus - 02 - Circus.mp3
[21/04/2009 17:42|--a------|6336296] M:\Emmanuel Moire - Adulte et Sexy.mp3
[24/12/2009 19:02|--a------|3427319] M:\Gilles Luka - On S'Evite.mp3
[14/12/2009 18:38|--a------|5672960] M:\Gregory Lemarchal - Je reve.mp3
[07/07/2009 13:52|--a------|5661246] M:\Helmut Fritz - €a M'‚nerve ! (Extended Mix).mp3
[24/12/2009 16:42|--a------|5251072] M:\I Want to Know What Love Is...maryah carey.mp3
[24/12/2009 16:29|--a------|3538944] M:\Maryah Carey - I Cant Live If Living Is Without You.mp3
[24/12/2009 16:27|--a------|8960728] M:\Mika - Rain.mp3
[25/12/2009 18:36|--a------|4589319] M:\Noir Desir - Le Vent L'Emportera.mp3
[25/12/2009 18:54|--a------|5515409] M:\Rihanna - Roussian Roulette.mp3
[12/05/2009 10:48|--a------|3626220] M:\The Rollings Stones - Satisfaction.mp3
[25/12/2009 19:10|--a------|6369774] M:\Vanessa Paradis - Il Y A.mp3
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# J:\autorun.inf -> Dossier créé par UsbFix.
# K:\autorun.inf -> Dossier créé par UsbFix.
# L:\autorun.inf -> Dossier créé par UsbFix.
# M:\autorun.inf -> Dossier créé par UsbFix.
ci dessous Fichier Log scan rapide de MBAM
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3661
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30/01/2010 10:25:10
mbam-log-2010-01-30 (10-25-01).txt
Type de recherche: Examen rapide
Eléments examinés: 96602
Temps écoulé: 2 minute(s), 19 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3661
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30/01/2010 10:25:10
mbam-log-2010-01-30 (10-25-01).txt
Type de recherche: Examen rapide
Eléments examinés: 96602
Temps écoulé: 2 minute(s), 19 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ok
maintenant j'ai tout
! tous les outils ne sont pas compatibles 64 bits
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancer seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
maintenant j'ai tout
! tous les outils ne sont pas compatibles 64 bits
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancer seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
Impecc Scan Reussi
Voila le rapport Complet (rappel apparement je n'ai aucun sur ce PC , super rapide )
List'em by g3n-h@ckm@n 1.2.1.2
User : Jacky (Administrateurs)
Update on 29/01/2010 by g3n-h@ckm@n ::::: 11:50
Start at: 14:29:56 | 31/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 338,03 Go (230,99 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,9 Go (2,43 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque fixe local | 146,48 Go (133,65 Go free) [Sauvegarde 1] | NTFS
L:\ -> Disque fixe local | 97,65 Go (91,75 Go free) [Sauvegarde Photo-Chanson] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\SFR\Kit\9props.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\Jacky\AppData\Local\Temp\D8F5.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPADVISOR REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
Connexion SFR 9props.exe REG_SZ "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
msnmsgr REG_SZ "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Logitech Vid REG_SZ "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv REG_SZ c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
HP Remote Solution REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HP Software Update REG_SZ c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
<NO NAME> REG_SZ
Easybits Recovery REG_SZ C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
UpdatePRCShortCut REG_SZ "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
QuickTime Task REG_SZ "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
avast5 REG_SZ "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)
ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 0 (0x0)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoActiveDesktop REG_DWORD 1 (0x1)
ForceActiveDesktopOn REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoActiveDesktopChanges REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{E54729E8-BB3D-4270-9D49-7389EA579090} REG_SZ EasyBits Security Shield Hook - prevents launching insecure programs by kids
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x3
SharedAccess : 0x4
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\Jacky\AppData\Local\Temp\D8F5.tmp
## C:\> hashdeep C:\Windows\Sysnative\Drivers\atapi.sys
##
24128,02062c0b390b7729edc9e69c680a6f3c,0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273,C:\Windows\Sysnative\Drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\Jacky\AppData\Local\Temp\D8F5.tmp
## C:\> hashdeep C:\Windows\Sysnative\Drivers\atapi.sys
##
24128,02062c0b390b7729edc9e69c680a6f3c,0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273,C:\Windows\Sysnative\Drivers\atapi.sys
Sources
=======
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
Référence :
==========
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Windows\system32\XInput9_1_0.dll
Present !! : C:\Windows\System32\EZUPBH~1.DLL
Present !! : C:\Windows\SysWow64\XInput9_1_0.dll
Present !! : C:\Windows\SysWoW64\EZUPBH~1.DLL
Present !! : C:\Windows\Sysnative\XInput9_1_0.dll
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\A~NSISu_.exe
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp102F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1080.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp115D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp11FB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1279.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp12D9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1305.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp15D7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp15E6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp15F7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1609.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp162A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp163A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp164B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp165E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp178A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp17CA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp17EB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp182C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1927.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1A42.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B16.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B17.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B18.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B19.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B2A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B2B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1BBB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1CB6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1DA2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1ECD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1FC8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2085.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2191.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp22BF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp22DA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp23E8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2433.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2474.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2502.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp25DF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp26DA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp271A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp271B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp271C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp272D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp272E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp272F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2730.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2731.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2732.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2733.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2734.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2735.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2736.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2745.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp27C6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp282D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp282E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp282F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2830.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2831.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2832.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2833.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2834.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2855.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2856.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2866.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp28A3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp28FC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp298F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2A6D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2A8A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2B96.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2CA1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D50.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D51.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D52.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D8D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2DD9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2DE9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2E45.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2E79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2F84.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp309F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp30D9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3148.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp318B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp31CB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp323A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp32AA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp32C1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp33CC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3435.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3436.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3437.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3438.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3439.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp343A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp343B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp343C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp345A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3556.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp37A0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp382A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp382B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp382C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp382D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39C0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B3A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B3D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B4F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B60.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B6B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B8C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B91.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3BA3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3BBD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3BC4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C36.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C3C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C43.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C66.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C78.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C8A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C9C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CAD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CBD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CBE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CC0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CC1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CC2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CD0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CE5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CF6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3D9E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3DAD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3E6A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3E7A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3F46.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3F57.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4032.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4062.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp40F0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp414E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp419D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp41E4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp41E5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp423C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp423D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp423E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp423F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4240.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4241.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp424A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4251.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4252.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp425A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4307.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4337.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4397.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4398.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp43B4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4413.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4452.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4500.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4501.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4502.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4503.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4504.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4505.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4510.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4515.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp45AE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp45EB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp467A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp46D7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4757.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4777.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp47E3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4843.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp48BF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp49BB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4A87.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4B45.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4C02.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CD7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CD8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CD9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4D6D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4E49.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4EB4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4F35.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4FE3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp508D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp50A0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp514D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp522A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp52D7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5385.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5442.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp54FF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp55AD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp565B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5669.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5718.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5790.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp57B1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp57D1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp57E1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp57F2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5803.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5813.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5818.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5819.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp581A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp581B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5824.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5834.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp583F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5850.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5861.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp58A3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp58E3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5905.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5928.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5964.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5985.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp59D5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A06.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A37.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A58.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A9B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B3F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B40.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B41.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B42.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B43.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B54.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B55.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B56.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B7B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B9C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5BAE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5BBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5CD4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5E4D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F2B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F9C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F9D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F9E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F9F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FA0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FC9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FD9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6086.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6143.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp614D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp61CB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp61F1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6258.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp629F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6321.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp637.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp64A3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp64B5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6518.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp65D6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp660E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6683.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp66DB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6798.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp679E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6846.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp68A9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp68F3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp69B1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp69D4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6A8D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6AB2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6AB3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6AB4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6AC4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6B17.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6B3C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6B5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6B89.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6C38.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6C84.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6D61.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6D72.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6DFC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6E2C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6E4D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6E7D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EDB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F10.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F11.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F12.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F13.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F14.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F15.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F16.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F17.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F18.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F19.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F30.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F31.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F32.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F33.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F34.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F35.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F36.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F37.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F38.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F39.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F49.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F50.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F51.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F52.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F53.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F54.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F55.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F56.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F57.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F58.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F69.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F70.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F71.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F72.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F73.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F74.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F75.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F76.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F77.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F78.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F7A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F7B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7007.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7024.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7096.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7153.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp715E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp723F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7279.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp732B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7383.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7384.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7417.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74BE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74DA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74DB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74EB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74EC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74F3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp75BA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp75DF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp75F9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7609.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp76BC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7798.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp77FD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp79F2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7A49.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7A5A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7A5C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B0B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B0C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B0D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B0E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B2C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7C66.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7C99.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CB0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CC8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7D37.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7E8A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7EF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7F3C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7FB5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp845D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp846E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp848F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp84A1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp84C3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp84E4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8505.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8526.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8533.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8538.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8549.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp856B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp857C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp858E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8590.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp85A1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp85B3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp85C5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp85D6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp87E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp87F3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp898A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp89B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8AB5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8BC0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8CAC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8D79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8E74.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8E9A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8FAE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp90C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9120.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9121.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9144.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9146.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9155.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9176.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9198.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91D9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9261.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp932D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp934D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9496.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp957.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp958.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp959.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95C1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp972A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9873.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp98C2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9912.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp99AD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp99C0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9B28.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9B59.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9B64.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9B8A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9BF9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9C59.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9CD8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9D1B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9F10.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA062.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA0D6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA25E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA3D7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA41C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA58E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA6B8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA7F2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA844.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA854.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA88.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA89.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA96A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAAB4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC08.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC09.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC0A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC0B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC1B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC1C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC5B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpACBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpACE0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAD11.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAD47.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAE62.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB030.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB031.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB032.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB033.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB034.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB045.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB046.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB047.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB048.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB049.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB04A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB04B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB086.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB172.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB25E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB379.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB3C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB459.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB460.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4B3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4D0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4D1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4D2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB515.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB516.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB517.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB518.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB519.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB51A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB51B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB52C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB52D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB52E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB52F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB530.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB580.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB69B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB779.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB780.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB781.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB792.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB793.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB794.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB93B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB95D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB96E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB972.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB980.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB9E1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB9F2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA12.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA35.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA56.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA78.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA8B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA8E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA8F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA90.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA91.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA92.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA93.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA99.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBAAA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBAB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBABC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBACE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBADF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBAF1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB02.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB04.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB16.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB28.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB39.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB48.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB4B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBC15.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBCC3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBD8F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBE2D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBF19.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBFD7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC084.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC099.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC151.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC1FF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC2BC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC379.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC446.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC44D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC44E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC503.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC5B1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6DE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6DF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6E0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6E1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6E2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6E3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC794.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC795.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC7A6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC88F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC890.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC910.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCB52.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD02.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD13.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD25.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD37.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD48.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD5A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD6B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD7D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD9E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCDBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCDD1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCDE3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCE04.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCE25.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCE65.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD793.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD8EC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD8ED.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD918.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD9B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD9C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB5B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB62.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB6C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB73.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB74.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB75.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB76.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB77.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB78.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB7E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB9F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDBB1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDBD2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDBF3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC14.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC2E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC2F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC30.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC31.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC32.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC42.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC43.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC44.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC45.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC46.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC47.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC48.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC49.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE098.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE099.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE09A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE09B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0AC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0AD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0AE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0AF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0C2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5A9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5B0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE85D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE86E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE86F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE870.tmp
Present !! : C:\Users\J
Voila le rapport Complet (rappel apparement je n'ai aucun sur ce PC , super rapide )
List'em by g3n-h@ckm@n 1.2.1.2
User : Jacky (Administrateurs)
Update on 29/01/2010 by g3n-h@ckm@n ::::: 11:50
Start at: 14:29:56 | 31/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 338,03 Go (230,99 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,9 Go (2,43 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque fixe local | 146,48 Go (133,65 Go free) [Sauvegarde 1] | NTFS
L:\ -> Disque fixe local | 97,65 Go (91,75 Go free) [Sauvegarde Photo-Chanson] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\SFR\Kit\9props.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\Jacky\AppData\Local\Temp\D8F5.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPADVISOR REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
Connexion SFR 9props.exe REG_SZ "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
msnmsgr REG_SZ "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Logitech Vid REG_SZ "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv REG_SZ c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
HP Remote Solution REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HP Software Update REG_SZ c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
<NO NAME> REG_SZ
Easybits Recovery REG_SZ C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
UpdatePRCShortCut REG_SZ "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
QuickTime Task REG_SZ "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
avast5 REG_SZ "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)
ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 0 (0x0)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoActiveDesktop REG_DWORD 1 (0x1)
ForceActiveDesktopOn REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoActiveDesktopChanges REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{E54729E8-BB3D-4270-9D49-7389EA579090} REG_SZ EasyBits Security Shield Hook - prevents launching insecure programs by kids
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x3
SharedAccess : 0x4
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\Jacky\AppData\Local\Temp\D8F5.tmp
## C:\> hashdeep C:\Windows\Sysnative\Drivers\atapi.sys
##
24128,02062c0b390b7729edc9e69c680a6f3c,0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273,C:\Windows\Sysnative\Drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\Jacky\AppData\Local\Temp\D8F5.tmp
## C:\> hashdeep C:\Windows\Sysnative\Drivers\atapi.sys
##
24128,02062c0b390b7729edc9e69c680a6f3c,0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273,C:\Windows\Sysnative\Drivers\atapi.sys
Sources
=======
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
Référence :
==========
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Windows\system32\XInput9_1_0.dll
Present !! : C:\Windows\System32\EZUPBH~1.DLL
Present !! : C:\Windows\SysWow64\XInput9_1_0.dll
Present !! : C:\Windows\SysWoW64\EZUPBH~1.DLL
Present !! : C:\Windows\Sysnative\XInput9_1_0.dll
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\A~NSISu_.exe
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp102F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1080.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp115D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp11FB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1279.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp12D9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1305.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp15D7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp15E6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp15F7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1609.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp162A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp163A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp164B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp165E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp178A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp17CA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp17EB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp182C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1927.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1A42.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B16.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B17.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B18.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B19.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B2A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1B2B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1BBB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1CB6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1DA2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1ECD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp1FC8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2085.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2191.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp22BF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp22DA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp23E8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2433.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2474.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2502.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp25DF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp26DA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp271A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp271B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp271C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp272D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp272E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp272F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2730.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2731.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2732.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2733.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2734.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2735.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2736.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2745.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp27C6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp282D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp282E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp282F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2830.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2831.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2832.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2833.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2834.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2855.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2856.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2866.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp28A3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp28FC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp298F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2A6D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2A8A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2B96.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2CA1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D4F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D50.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D51.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D52.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2D8D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2DD9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2DE9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2E45.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2E79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp2F84.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp309F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp30D9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3148.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp318B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp31CB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp323A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp32AA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp32C1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp33CC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3435.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3436.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3437.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3438.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3439.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp343A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp343B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp343C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp345A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3556.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp37A0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp382A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp382B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp382C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp382D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39BF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp39C0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B3A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B3D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B4F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B60.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B6B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B8C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3B91.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3BA3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3BBD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3BC4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C36.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C3C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C43.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C66.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C78.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C8A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3C9C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CAD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CBD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CBE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CC0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CC1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CC2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CD0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CE5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3CF6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3D9E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3DAD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3E6A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3E7A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3F46.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp3F57.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4032.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4062.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp40F0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp414E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp419D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp41E4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp41E5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp423C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp423D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp423E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp423F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4240.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4241.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp424A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4251.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4252.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp425A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4307.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4337.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4397.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4398.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp43B4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4413.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4452.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp44FF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4500.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4501.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4502.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4503.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4504.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4505.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4510.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4515.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp45AE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp45EB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp467A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp46D7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4757.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4777.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp47E3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4843.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp48BF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp49BB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4A87.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4B45.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4C02.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CC7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CD7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CD8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4CD9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4D6D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4E49.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4EB4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4F35.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp4FE3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp508D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp50A0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp514D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp522A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp52D7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5385.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5442.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp54FF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp55AD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp565B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5669.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5718.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5790.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp57B1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp57D1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp57E1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp57F2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5803.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5813.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5818.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5819.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp581A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp581B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5824.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5834.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp583F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5850.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5861.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp58A3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp58E3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5905.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5928.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5964.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5985.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp59D5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A06.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A37.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A58.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5A9B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B3F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B40.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B41.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B42.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B43.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B54.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B55.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B56.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B7B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5B9C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5BAE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5BBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5CD4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5E4D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F2B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F9C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F9D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F9E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5F9F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FA0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FB9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FC9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp5FD9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6086.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6143.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp614D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp61CB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp61F1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6258.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp629F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6321.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp637.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp64A3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp64B5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6518.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp65D6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp660E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6683.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp66DB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6798.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp679E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6846.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp68A9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp68F3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp69B1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp69D4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6A8D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6AB2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6AB3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6AB4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6AC4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6B17.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6B3C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6B5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6B89.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6C38.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6C84.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6D61.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6D72.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6DFC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6E2C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6E4D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6E7D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EDB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6EF9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F0F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F10.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F11.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F12.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F13.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F14.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F15.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F16.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F17.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F18.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F19.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F2F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F30.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F31.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F32.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F33.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F34.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F35.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F36.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F37.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F38.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F39.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F49.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F4F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F50.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F51.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F52.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F53.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F54.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F55.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F56.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F57.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F58.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F69.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F6F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F70.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F71.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F72.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F73.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F74.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F75.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F76.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F77.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F78.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F7A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp6F7B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7007.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7024.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7096.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7153.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp715E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp723F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7279.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp732B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7383.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7384.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7417.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74BE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74DA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74DB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74EB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74EC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp74F3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp75BA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp75DF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp75F9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7609.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp76BC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7798.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp77FD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp79F2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7A49.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7A5A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7A5C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B0B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B0C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B0D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B0E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7B2C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7C66.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7C99.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CAF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CB0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7CC8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7D37.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7E8A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7EF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7F3C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp7FB5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp845D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp846E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp848F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp84A1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp84C3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp84E4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8505.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8526.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8533.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8538.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8549.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp856B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp857C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp858E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8590.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp85A1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp85B3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp85C5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp85D6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp87E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp87F3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp898A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp89B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8AB5.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8BC0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8CAC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8D79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8E74.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8E9A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp8FAE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp90C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9120.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9121.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9144.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9146.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9155.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9176.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9198.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91D9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp91DE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9261.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp932D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp934D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9496.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp957.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp958.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp959.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95C1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp95E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp972A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9873.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp98C2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9912.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp99AD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp99C0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9B28.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9B59.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9B64.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9B8A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9BF9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9C59.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9CD8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9D1B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmp9F10.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA062.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA0D6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA25E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA3D7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA41C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA58E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA6B8.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA7F2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA844.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA854.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA88.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA89.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpA96A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAAB4.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC08.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC09.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC0A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC0B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC1B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC1C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAC5B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpACBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpACE0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAD11.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAD47.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpAE62.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB030.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB031.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB032.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB033.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB034.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB045.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB046.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB047.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB048.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB049.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB04A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB04B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB086.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB172.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB25E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB379.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB3C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB459.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB45F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB460.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4B3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4CF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4D0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4D1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB4D2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB515.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB516.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB517.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB518.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB519.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB51A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB51B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB52C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB52D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB52E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB52F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB530.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB580.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB69B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB779.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB77F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB780.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB781.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB792.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB793.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB794.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB93B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB95D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB96E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB972.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB980.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB9E1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpB9F2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA12.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA35.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA56.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA78.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA8B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA8E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA8F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA90.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA91.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA92.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA93.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBA99.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBAAA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBAB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBABC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBACE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBADF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBAF1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB02.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB04.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB16.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB28.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB39.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB48.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBB4B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBC15.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBCC3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBD8F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBE2D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBF19.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpBFD7.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC084.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC099.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC151.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC1FF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC2BC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC379.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC446.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC44D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC44E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC503.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC5B1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6DE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6DF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6E0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6E1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6E2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC6E3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC794.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC795.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC7A6.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC88F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC890.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpC910.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCB52.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD02.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD13.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD25.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD37.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD48.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD5A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD6B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD7D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCD9E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCDBF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCDD1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCDE3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCE04.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCE25.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpCE65.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD793.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD8EC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD8ED.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD918.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD9B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpD9C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB5B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB62.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB6C.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB73.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB74.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB75.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB76.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB77.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB78.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB79.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB7E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDB9F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDBB1.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDBD2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDBF3.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC14.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC2E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC2F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC30.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC31.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC32.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC42.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC43.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC44.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC45.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC46.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC47.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC48.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpDC49.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE098.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE099.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE09A.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE09B.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0AC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0AD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0AE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0AF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE0C2.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5A9.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AA.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AB.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AC.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AD.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AE.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5AF.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE5B0.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE85D.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE86E.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE86F.tmp
Present !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpE870.tmp
Present !! : C:\Users\J
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
le rapport ne semblait pas complet...
▶ Relance List&Kill'em avec le raccourci sur ton bureau ,
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
Tu peux le désinstaller ensuite
.........................
ensuite lances MBAM
mets le à jour
Examen complet cette fois
supprimes ce qu'il trouve
poste le rappport
▶ Relance List&Kill'em avec le raccourci sur ton bureau ,
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
Tu peux le désinstaller ensuite
.........................
ensuite lances MBAM
mets le à jour
Examen complet cette fois
supprimes ce qu'il trouve
poste le rappport
Kill'em by g3n-h@ckm@n 1.2.1.2
User : Jacky (Administrateurs)
Update on 29/01/2010 by g3n-h@ckm@n ::::: 11:50
Start at: 18:13:00 | 31/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 338,03 Go (231,65 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,9 Go (2,43 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque fixe local | 146,48 Go (133,65 Go free) [Sauvegarde 1] | NTFS
L:\ -> Disque fixe local | 97,65 Go (91,75 Go free) [Sauvegarde Photo-Chanson] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\SFR\Kit\9props.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\Jacky\AppData\Local\Temp\1E62.tmp\ERUNT.EXE
C:\Users\Jacky\AppData\Local\Temp\1E62.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Windows\system32\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Windows\SYSTEM32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\Windows\SysWow64\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Windows\Sysnative\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\A~NSISu_.exe
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpF14A.tmp
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings
User : Jacky (Administrateurs)
Update on 29/01/2010 by g3n-h@ckm@n ::::: 11:50
Start at: 18:13:00 | 31/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 338,03 Go (231,65 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,9 Go (2,43 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque fixe local | 146,48 Go (133,65 Go free) [Sauvegarde 1] | NTFS
L:\ -> Disque fixe local | 97,65 Go (91,75 Go free) [Sauvegarde Photo-Chanson] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\SFR\Kit\9props.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\Jacky\AppData\Local\Temp\1E62.tmp\ERUNT.EXE
C:\Users\Jacky\AppData\Local\Temp\1E62.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Windows\system32\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Windows\SYSTEM32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\Windows\SysWow64\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Windows\Sysnative\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\A~NSISu_.exe
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpF14A.tmp
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings
j'ai du supprimer du message beaucoups de fichiers /temps qui etaient Deleted car je ne pouvais pas lposter complet ,j'ai garder l'essentiel je pense
Kill'em by g3n-h@ckm@n 1.2.1.2
User : Jacky (Administrateurs)
Update on 29/01/2010 by g3n-h@ckm@n ::::: 11:50
Start at: 18:13:00 | 31/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 338,03 Go (231,65 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,9 Go (2,43 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque fixe local | 146,48 Go (133,65 Go free) [Sauvegarde 1] | NTFS
L:\ -> Disque fixe local | 97,65 Go (91,75 Go free) [Sauvegarde Photo-Chanson] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\SFR\Kit\9props.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\Jacky\AppData\Local\Temp\1E62.tmp\ERUNT.EXE
C:\Users\Jacky\AppData\Local\Temp\1E62.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Windows\system32\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Windows\SYSTEM32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\Windows\SysWow64\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Windows\Sysnative\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\A~NSISu_.exe
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpF14A.tmp
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings
Kill'em by g3n-h@ckm@n 1.2.1.2
User : Jacky (Administrateurs)
Update on 29/01/2010 by g3n-h@ckm@n ::::: 11:50
Start at: 18:13:00 | 31/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 338,03 Go (231,65 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,9 Go (2,43 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque fixe local | 146,48 Go (133,65 Go free) [Sauvegarde 1] | NTFS
L:\ -> Disque fixe local | 97,65 Go (91,75 Go free) [Sauvegarde Photo-Chanson] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\SFR\Kit\9props.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\Jacky\AppData\Local\Temp\1E62.tmp\ERUNT.EXE
C:\Users\Jacky\AppData\Local\Temp\1E62.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Windows\system32\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Windows\SYSTEM32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\Windows\SysWow64\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Windows\Sysnative\XInput9_1_0.dll
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\A~NSISu_.exe
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings\Temp\tmpF14A.tmp
Quarantined & Deleted !! : C:\Users\Jacky\LOCAL Settings
Rapport MBA apparement OK
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3669
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
31/01/2010 21:19:01
mbam-log-2010-01-31 (21-19-01).txt
Type de recherche: Examen complet (C:\|D:\|J:\|K:\|L:\|M:\|)
Eléments examinés: 306639
Temps écoulé: 26 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3669
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
31/01/2010 21:19:01
mbam-log-2010-01-31 (21-19-01).txt
Type de recherche: Examen complet (C:\|D:\|J:\|K:\|L:\|M:\|)
Eléments examinés: 306639
Temps écoulé: 26 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ok comment va le pc
postes cette partie là de killem
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 19:38:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
postes cette partie là de killem
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 19:38:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Le PC est impecc ...Grand Merci à toi
j'ai pas tout compris ..est je bien fait en postant ceci ci dessous ????
Sinon j'ai le portable de ma femme que j'ai infecté aussi et qui a 1 virus qui tourne aussi en fond de tache sur 1 session , c'est possible de continuer sur ce post ou j'en ouvre 1 autre ???
il faut que je marque Resolu sur ce post ????
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 19:38:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
j'ai pas tout compris ..est je bien fait en postant ceci ci dessous ????
Sinon j'ai le portable de ma femme que j'ai infecté aussi et qui a 1 virus qui tourne aussi en fond de tache sur 1 session , c'est possible de continuer sur ce post ou j'en ouvre 1 autre ???
il faut que je marque Resolu sur ce post ????
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 19:38:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
c'est la partie que je voulais oui..
pour moi le pc est ok, mais gare à ce pc là de ne pas l'infecter, peu d'outil compatible pour l'instant
.................................
on enchaine ici, il y fait chaud
• Télécharge Random's System Information Tool (RSIT) de Random/Random.
(outil de diagnostic)
http://images.malwareremoval.com/random/RSIT.exe
• Enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)
et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
pour moi le pc est ok, mais gare à ce pc là de ne pas l'infecter, peu d'outil compatible pour l'instant
.................................
on enchaine ici, il y fait chaud
• Télécharge Random's System Information Tool (RSIT) de Random/Random.
(outil de diagnostic)
http://images.malwareremoval.com/random/RSIT.exe
• Enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)
et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
Fichier Log de RSIT du nouveau Pc Portable
Logfile of random's system information tool 1.06 (written by random/random)
Run by sylvie at 2010-01-31 22:18:42
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 36 GB (37%) free of 99 GB
Total RAM: 2038 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:49, on 31/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Users\sylvie\Desktop\RSIT.exe
C:\Program Files\trend micro\sylvie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gllod.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.funlabo.com/ping-pong/tennis-de-table-3d.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: SparkAngels.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9e76fedb29e30) (gupdate1c9e76fedb29e30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by sylvie at 2010-01-31 22:18:42
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 36 GB (37%) free of 99 GB
Total RAM: 2038 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:49, on 31/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Users\sylvie\Desktop\RSIT.exe
C:\Program Files\trend micro\sylvie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gllod.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.funlabo.com/ping-pong/tennis-de-table-3d.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: SparkAngels.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9e76fedb29e30) (gupdate1c9e76fedb29e30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
Et Fichier Info de RSI
.
info.txt logfile of random's system information tool 1.06 2010-01-31 22:20:02
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
123 Free Solitaire 2008 v6.0-->"C:\Program Files\123 Free Solitaire\unins000.exe"
123 Free Solitaire-->C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Photoshop Elements 6-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobePE6*
Adobe Photoshop Elements-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer-->C:\Windows\IsUn040c.exe -f"C:\Windows\System32\Adobe\SVG Viewer\Uninst.isu"
ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR*
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Enterprise System Information\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVIConverter 2.0-->C:\Program Files\AVIConverter\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
Carbonite-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Carbonite*
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta)-->MsiExec.exe /X{30120000-00B2-040C-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -I*.INF
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop_XX*
GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Infocentre Rev. 2.0.0.1-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
ITECIR Driver-->C:\Program Files\InstallShield Installation Information\{FCED9B62-34FF-4C15-8A23-F65221F7874D}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kptic-->MsiExec.exe /X{F27FC2F5-09E0-447E-B5CF-3F1F51DEC082}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Movies2iPhone .74b-->C:\Program Files\Movies2iPhone\uninst.exe
MP3 Player Utilities 4.18-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8 Essentials-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Nero8*
Nero 8 Essentials-->MsiExec.exe /X{980B9958-1239-4FC5-8C88-AC5650321036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)-->C:\PROGRA~1\DIFX\F46A63020E122F0A\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\itecir.inf_05612447\itecir.inf
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Protégez vos données-->"C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled /uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
WebTarot 1.30-->"C:\Program Files\Webtarot\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AS: Windows Defender
=====Application event log=====
Computer Name: PC-de-sylvie
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 713
Source Name: Microsoft-Windows-WMI
Time Written: 20081114210722.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-sylvie
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.
Record Number: 699
Source Name: Microsoft-Windows-Search
Time Written: 20081114210700.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-sylvie
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 614
Source Name: Microsoft-Windows-WMI
Time Written: 20081114200316.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-sylvie
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.
Record Number: 610
Source Name: Microsoft-Windows-Search
Time Written: 20081114200308.000000-000
Event Type: Avertissement
User:
Computer Name: WIN-05DGDN62X0I
Event Code: 1036
Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système.
Record Number: 585
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20081114195646.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
=====Security event log=====
Computer Name: PC-de-sylvie
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SYLVIE$
Domaine du compte : FIXEPORTABLE
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x2b0
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 22982
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074018.229774-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-sylvie
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 22981
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074018.167374-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-sylvie
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SYLVIE$
Domaine du compte : FIXEPORTABLE
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 5
Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x2b0
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 22980
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074018.167374-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-sylvie
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SYLVIE$
Domaine du compte : FIXEPORTABLE
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x2b0
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 22979
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074018.167374-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-sylvie
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 2
Record Number: 22978
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074016.264174-000
Event Type: Échec de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
.
info.txt logfile of random's system information tool 1.06 2010-01-31 22:20:02
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
123 Free Solitaire 2008 v6.0-->"C:\Program Files\123 Free Solitaire\unins000.exe"
123 Free Solitaire-->C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Photoshop Elements 6-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobePE6*
Adobe Photoshop Elements-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer-->C:\Windows\IsUn040c.exe -f"C:\Windows\System32\Adobe\SVG Viewer\Uninst.isu"
ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR*
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Enterprise System Information\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVIConverter 2.0-->C:\Program Files\AVIConverter\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
Carbonite-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Carbonite*
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta)-->MsiExec.exe /X{30120000-00B2-040C-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -I*.INF
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop_XX*
GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Infocentre Rev. 2.0.0.1-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
ITECIR Driver-->C:\Program Files\InstallShield Installation Information\{FCED9B62-34FF-4C15-8A23-F65221F7874D}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kptic-->MsiExec.exe /X{F27FC2F5-09E0-447E-B5CF-3F1F51DEC082}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Movies2iPhone .74b-->C:\Program Files\Movies2iPhone\uninst.exe
MP3 Player Utilities 4.18-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8 Essentials-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Nero8*
Nero 8 Essentials-->MsiExec.exe /X{980B9958-1239-4FC5-8C88-AC5650321036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)-->C:\PROGRA~1\DIFX\F46A63020E122F0A\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\itecir.inf_05612447\itecir.inf
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Protégez vos données-->"C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled /uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
WebTarot 1.30-->"C:\Program Files\Webtarot\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AS: Windows Defender
=====Application event log=====
Computer Name: PC-de-sylvie
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 713
Source Name: Microsoft-Windows-WMI
Time Written: 20081114210722.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-sylvie
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.
Record Number: 699
Source Name: Microsoft-Windows-Search
Time Written: 20081114210700.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-sylvie
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 614
Source Name: Microsoft-Windows-WMI
Time Written: 20081114200316.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-sylvie
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.
Record Number: 610
Source Name: Microsoft-Windows-Search
Time Written: 20081114200308.000000-000
Event Type: Avertissement
User:
Computer Name: WIN-05DGDN62X0I
Event Code: 1036
Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système.
Record Number: 585
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20081114195646.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
=====Security event log=====
Computer Name: PC-de-sylvie
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SYLVIE$
Domaine du compte : FIXEPORTABLE
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x2b0
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 22982
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074018.229774-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-sylvie
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 22981
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074018.167374-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-sylvie
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SYLVIE$
Domaine du compte : FIXEPORTABLE
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 5
Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x2b0
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 22980
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074018.167374-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-sylvie
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SYLVIE$
Domaine du compte : FIXEPORTABLE
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x2b0
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 22979
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074018.167374-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-sylvie
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 2
Record Number: 22978
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090609074016.264174-000
Event Type: Échec de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
ok
plus ou moins la même chose...
tu connais maintenant
1)
Infection par support usb
Téléchargez USBFIX de El Desaparecido, C_xx
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097
/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur le bureau .
• Choisir Option 2 = Nettoyage
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.
Si un message te demande de redémarrer l'ordinateur fais le ...
● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.
● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097
Il est enregistré sur ton bureau.
Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.
.......................
Téléchargez MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
plus ou moins la même chose...
tu connais maintenant
1)
Infection par support usb
Téléchargez USBFIX de El Desaparecido, C_xx
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097
/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur le bureau .
• Choisir Option 2 = Nettoyage
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.
Si un message te demande de redémarrer l'ordinateur fais le ...
● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.
● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097
Il est enregistré sur ton bureau.
Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.
.......................
Téléchargez MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
C'est parti ....presque de la routine maintenant .....
Rapport UsbFix et je lance en // MBAM
############################## | UsbFix V6.083 |
User : sylvie (Administrateurs) # PC-DE-SYLVIE
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:55:51 | 31/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 96,76 Go (35,13 Go free) [HDD] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 40,28 Go (4,28 Go free) [Sauvegarde] # NTFS
############################## | Processus actifs |
C:\Windows\System32\smss.exe 472
C:\Windows\system32\csrss.exe 584
C:\Windows\system32\wininit.exe 636
C:\Windows\system32\csrss.exe 648
C:\Windows\system32\services.exe 688
C:\Windows\system32\lsass.exe 700
C:\Windows\system32\lsm.exe 712
C:\Windows\system32\svchost.exe 864
C:\Windows\system32\nvvsvc.exe 928
C:\Windows\system32\svchost.exe 960
C:\Windows\System32\svchost.exe 1000
C:\Windows\System32\svchost.exe 1052
C:\Windows\system32\winlogon.exe 1084
C:\Windows\System32\svchost.exe 1144
C:\Windows\system32\svchost.exe 1164
C:\Windows\system32\LogonUI.exe 1172
C:\Windows\system32\SLsvc.exe 1360
C:\Windows\system32\svchost.exe 1392
C:\Windows\system32\rundll32.exe 1456
C:\Windows\system32\svchost.exe 1612
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1748
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1768
C:\Windows\System32\spoolsv.exe 2036
C:\Windows\system32\svchost.exe 228
C:\Windows\system32\userinit.exe 1604
C:\Windows\system32\taskeng.exe 1664
C:\Windows\system32\Dwm.exe 1508
C:\Windows\Explorer.EXE 1420
C:\Windows\system32\runonce.exe 324
C:\Windows\system32\taskeng.exe 1112
C:\Windows\system32\conime.exe 2104
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2364
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2440
C:\Program Files\Bonjour\mDNSResponder.exe 2492
C:\Program Files\Google\Update\GoogleUpdate.exe 2528
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 2568
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2616
C:\Windows\system32\IoctlSvc.exe 2844
C:\Windows\system32\svchost.exe 2864
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2888
C:\Windows\system32\svchost.exe 2924
C:\Windows\System32\svchost.exe 2984
C:\Windows\system32\SearchIndexer.exe 3084
C:\Windows\system32\wbem\wmiprvse.exe 3484
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3508
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3576
################## | Elements infectieux |
Supprimé ! C:\$Recycle.Bin\S-1-5-21-105730128-1953431644-389800726-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3406859268-970441305-157698798-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3406859268-970441305-157698798-1001
Supprimé ! E:\$Recycle.Bin\S-1-5-21-3406859268-970441305-157698798-1000
Supprimé ! E:\$Recycle.Bin\S-1-5-21-3406859268-970441305-157698798-1001
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{28326259-d923-11dd-9436-001e6888e812}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4192a521-df3c-11dd-9e5a-001e6888e812}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d21155b9-d6ea-11de-9cfd-806e6f6e6963}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[10/03/2006 13:02|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\config.sys
[23/04/2008 16:10|--a------|2916] C:\files.crc
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[10/03/2006 04:52|--a------|86] C:\setup.log
[31/01/2010 23:00|--a------|3988] C:\UsbFix.txt
[10/02/2009 14:53|--ahs----|215040] E:\ehthumbs_vista.db
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-de-sylvie.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
Rapport UsbFix et je lance en // MBAM
############################## | UsbFix V6.083 |
User : sylvie (Administrateurs) # PC-DE-SYLVIE
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:55:51 | 31/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 96,76 Go (35,13 Go free) [HDD] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 40,28 Go (4,28 Go free) [Sauvegarde] # NTFS
############################## | Processus actifs |
C:\Windows\System32\smss.exe 472
C:\Windows\system32\csrss.exe 584
C:\Windows\system32\wininit.exe 636
C:\Windows\system32\csrss.exe 648
C:\Windows\system32\services.exe 688
C:\Windows\system32\lsass.exe 700
C:\Windows\system32\lsm.exe 712
C:\Windows\system32\svchost.exe 864
C:\Windows\system32\nvvsvc.exe 928
C:\Windows\system32\svchost.exe 960
C:\Windows\System32\svchost.exe 1000
C:\Windows\System32\svchost.exe 1052
C:\Windows\system32\winlogon.exe 1084
C:\Windows\System32\svchost.exe 1144
C:\Windows\system32\svchost.exe 1164
C:\Windows\system32\LogonUI.exe 1172
C:\Windows\system32\SLsvc.exe 1360
C:\Windows\system32\svchost.exe 1392
C:\Windows\system32\rundll32.exe 1456
C:\Windows\system32\svchost.exe 1612
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1748
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1768
C:\Windows\System32\spoolsv.exe 2036
C:\Windows\system32\svchost.exe 228
C:\Windows\system32\userinit.exe 1604
C:\Windows\system32\taskeng.exe 1664
C:\Windows\system32\Dwm.exe 1508
C:\Windows\Explorer.EXE 1420
C:\Windows\system32\runonce.exe 324
C:\Windows\system32\taskeng.exe 1112
C:\Windows\system32\conime.exe 2104
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2364
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2440
C:\Program Files\Bonjour\mDNSResponder.exe 2492
C:\Program Files\Google\Update\GoogleUpdate.exe 2528
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 2568
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2616
C:\Windows\system32\IoctlSvc.exe 2844
C:\Windows\system32\svchost.exe 2864
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2888
C:\Windows\system32\svchost.exe 2924
C:\Windows\System32\svchost.exe 2984
C:\Windows\system32\SearchIndexer.exe 3084
C:\Windows\system32\wbem\wmiprvse.exe 3484
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3508
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3576
################## | Elements infectieux |
Supprimé ! C:\$Recycle.Bin\S-1-5-21-105730128-1953431644-389800726-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3406859268-970441305-157698798-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3406859268-970441305-157698798-1001
Supprimé ! E:\$Recycle.Bin\S-1-5-21-3406859268-970441305-157698798-1000
Supprimé ! E:\$Recycle.Bin\S-1-5-21-3406859268-970441305-157698798-1001
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{28326259-d923-11dd-9436-001e6888e812}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4192a521-df3c-11dd-9e5a-001e6888e812}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d21155b9-d6ea-11de-9cfd-806e6f6e6963}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[10/03/2006 13:02|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\config.sys
[23/04/2008 16:10|--a------|2916] C:\files.crc
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[10/03/2006 04:52|--a------|86] C:\setup.log
[31/01/2010 23:00|--a------|3988] C:\UsbFix.txt
[10/02/2009 14:53|--ahs----|215040] E:\ehthumbs_vista.db
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-de-sylvie.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
rapport MBA
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3669
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
01/02/2010 07:45:36
mbam-log-2010-02-01 (07-45-36).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 281785
Temps écoulé: 1 hour(s), 21 minute(s), 28 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3669
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
01/02/2010 07:45:36
mbam-log-2010-02-01 (07-45-36).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 281785
Temps écoulé: 1 hour(s), 21 minute(s), 28 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ok
comment va le pc ?
relances RSIT et postes le rapport log stp
comment va le pc ?
relances RSIT et postes le rapport log stp
Pas de probleme pour poster le rapport RSIT .....c'est 1 language connu maintenant
Logfile of random's system information tool 1.06 (written by random/random)
Run by sylvie at 2010-02-01 18:16:01
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 36 GB (36%) free of 99 GB
Total RAM: 2038 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:09, on 01/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Users\sylvie\Desktop\RSIT.exe
C:\Program Files\trend micro\sylvie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.funlabo.com/ping-pong/tennis-de-table-3d.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: SparkAngels.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9e76fedb29e30) (gupdate1c9e76fedb29e30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by sylvie at 2010-02-01 18:16:01
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 36 GB (36%) free of 99 GB
Total RAM: 2038 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:09, on 01/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Users\sylvie\Desktop\RSIT.exe
C:\Program Files\trend micro\sylvie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.funlabo.com/ping-pong/tennis-de-table-3d.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: SparkAngels.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9e76fedb29e30) (gupdate1c9e76fedb29e30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
Ok
Il est propre
1)
Cherches et cliques sur C:\Program Files\trend micro\sylvie.exe
Au menu principal, choisir do a scan only, puis cocher la case devant les lignes suivantes à corriger et cliquer en bas sur Fix Checked (s’il manque des lignes…pas grave)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: SparkAngels.lnk =
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
……………………..
2)
Mettre à jour internet explorer
https://support.microsoft.com/fr-fr/allproducts
Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure)
https://get2.adobe.com/reader/otherversions/
………….
3)
IMPORTANT
Purger la restauration systeme vista
https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista
……………..
4)
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Tu peux supprimer ToolCleaner ensuite
Il est propre
1)
Cherches et cliques sur C:\Program Files\trend micro\sylvie.exe
Au menu principal, choisir do a scan only, puis cocher la case devant les lignes suivantes à corriger et cliquer en bas sur Fix Checked (s’il manque des lignes…pas grave)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: SparkAngels.lnk =
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
……………………..
2)
Mettre à jour internet explorer
https://support.microsoft.com/fr-fr/allproducts
Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure)
https://get2.adobe.com/reader/otherversions/
………….
3)
IMPORTANT
Purger la restauration systeme vista
https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista
……………..
4)
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Tu peux supprimer ToolCleaner ensuite
Alors petite precision Importante avant de faire cela
le rapport precedent etait issu de la session de ma femme Sylvie ....la impecc 99 /100 de ressouce inutilisé
je vais sur ma session Jacky et la patatra ..... 1 fichier Veiux tourne en fond de tache et prend 80 / 100 de ressources comme avant .....donc le virus est que sur 1 session
je deconnecte et revient sur cession Sylvie et la OK ( sans avoir tout redemarrer )
Marche a suivre ?????
merci merci....
le rapport precedent etait issu de la session de ma femme Sylvie ....la impecc 99 /100 de ressouce inutilisé
je vais sur ma session Jacky et la patatra ..... 1 fichier Veiux tourne en fond de tache et prend 80 / 100 de ressources comme avant .....donc le virus est que sur 1 session
je deconnecte et revient sur cession Sylvie et la OK ( sans avoir tout redemarrer )
Marche a suivre ?????
merci merci....
