XP Home security 2012 Alert Fermé

Question

Bonjour,
Mon pc a ete infercter, J ai utilisé RogueKiller V6.2.4 pour obtenir ce rapport, le virus a été mis en quarantaine. Depuis je peux me connecter a internet. Que dois je faire par la suite ? mon PC cours t il un risque ? si oui le quel ?
Merci par avance

RogueKiller V6.2.4 [12/01/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: rémy [Droits d'admin]
Mode: Suppression -- Date : 23/01/2012 13:13:01

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ Fichier HOSTS: ¤¤¤

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 5fcdcb1d0f2d5954617a62e4128ef5e0
[BSP] b6955557077ca199f66105c5e31ab690 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 160031 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

g3n-h@ckm@n · Answer

salut

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

Telecharge ici : Combofix

Avant d'utiliser ComboFix :

Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

▶ Lance le

Une fenêtre apparait : clique sur "Disable"

▶ Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

remus · Answer

Bonjour, voici la totalité du contenu de combofix


ComboFix 12-01-23.02 - rémy 24/01/2012  19:47:55.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.958.671 [GMT 1:00]
Lancé depuis: c:\documents and settingsÚmy\Bureauemyvsvirus.exe
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\RMY~1\LOCALS~1\Temp\{4530E838-713C-4553-BE8B-EA78CC266327}\{e5befdc3-b0f8-4322-80a3-7435742c6f12}\dotnetfx.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\{D5878294-C113-43c5-A24F-FC333C52015A}\NokiaOviSuite2Installer.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\HPSUW49U.C3D\hpusetup.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\HpUpdate\2292\HP_RedboxHprblog.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\HpUpdate\2296\HPAIO_48bitScanUpdate_HPSU_Rev_1_00.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\HpUpdate\6026\CIT712083-HPU-Webreg-V2.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\ins1.tmp\LDMClient.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\ins1.tmp\LiteInstRC_EN.dll
c:\docume~1\RMY~1\LOCALS~1\Temp
ss58.tmp\NSIS_Picasa.dll
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\cPC_DMIRD.dll
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\install.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\RDBios32.dll
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\Source\CPanel\CPANEL.dll
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\Source\CPanel\Setup.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\Source\Driver\2KXP_INF\B_26199\atiiiexx.dll
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\Source\Driver\Driver.DLL
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\Source\Driver\Setup.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\pft17.tmp\WBDEG44I.DLL
c:\docume~1\RMY~1\LOCALS~1\Temp\pftE.tmp\CopyDisk.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\pftE.tmp\install.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\pftE.tmp\WBDED44I.DLL
c:\docume~1\RMY~1\LOCALS~1\Temp\pftE.tmp\wilx44i.dll
c:\docume~1\RMY~1\LOCALS~1\Temp\pftE.tmp\WinFlash.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\pftE.tmp\WinFlash.sys
c:\docume~1\RMY~1\LOCALS~1\Temp\ToolbarUpdater_1291363956\autoUpdater.exe
c:\docume~1\RMY~1\LOCALS~1\Temp\WebregV2	mp85218.tmp
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\documents and settings\All Users\xf9poa4vaz.exe
c:\documents and settingsémy\Local Settings\Application Data\qkm.exe
c:\documents and settingsémy\Local Settings\Temp\{4530E838-713C-4553-BE8B-EA78CC266327}\{e5befdc3-b0f8-4322-80a3-7435742c6f12}\dotnetfx.exe
c:\documents and settingsémy\Local Settings\Temp\{D5878294-C113-43c5-A24F-FC333C52015A}\NokiaOviSuite2Installer.exe
c:\documents and settingsémy\Local Settings\Temp\HPSUW49U.C3D\hpusetup.exe
c:\documents and settingsémy\Local Settings\Temp\HpUpdate\2292\HP_RedboxHprblog.exe
c:\documents and settingsémy\Local Settings\Temp\HpUpdate\2296\HPAIO_48bitScanUpdate_HPSU_Rev_1_00.exe
c:\documents and settingsémy\Local Settings\Temp\HpUpdate\6026\CIT712083-HPU-Webreg-V2.exe
c:\documents and settingsémy\Local Settings\Temp\ins1.tmp\LDMClient.exe
c:\documents and settingsémy\Local Settings\Temp\ins1.tmp\LiteInstRC_EN.dll
c:\documents and settingsémy\Local Settings\Temp
ss58.tmp\NSIS_Picasa.dll
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\cPC_DMIRD.dll
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\install.exe
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\RDBios32.dll
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\Source\CPanel\CPANEL.dll
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\Source\CPanel\Setup.exe
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\Source\Driver\2KXP_INF\B_26199\atiiiexx.dll
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\Source\Driver\Driver.DLL
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\Source\Driver\Setup.exe
c:\documents and settingsémy\Local Settings\Temp\pft17.tmp\WBDEG44I.DLL
c:\documents and settingsémy\Local Settings\Temp\pftE.tmp\CopyDisk.exe
c:\documents and settingsémy\Local Settings\Temp\pftE.tmp\install.exe
c:\documents and settingsémy\Local Settings\Temp\pftE.tmp\WBDED44I.DLL
c:\documents and settingsémy\Local Settings\Temp\pftE.tmp\wilx44i.dll
c:\documents and settingsémy\Local Settings\Temp\pftE.tmp\WinFlash.exe
c:\documents and settingsémy\Local Settings\Temp\pftE.tmp\WinFlash.sys
c:\documents and settingsémy\Local Settings\Temp\ToolbarUpdater_1291363956\autoUpdater.exe
c:\documents and settingsémy\Local Settings\Temp\WebregV2	mp85218.tmp
c:\documents and settingsémy\Recent\Thumbs.db
c:\documents and settingsémy\xf9poa4vaz.exe
c:\program files\ClickPotatoLite
c:\program files\ClickPotatoLite\bin\11.0.16.0\ClickPotatoLiteSA.exe
c:\program files\ClickPotatoLite\bin\11.0.16.0\ClICkpotatolitesaax.dll
c:\program files\ClickPotatoLite\bin\11.0.16.0\ClickPotatoLiteSABHO.dll
c:\program files\ClickPotatoLite\bin\11.0.16.0\ClickPotatoLiteSACB.exe
c:\program files\ClickPotatoLite\bin\11.0.16.0\ClickPotatoLiteSAHook.dll
c:\program files\ClickPotatoLite\bin\11.0.16.0\ClickPotatoLiteUninstaller.exe
c:\program files\ClickPotatoLite\bin\11.0.16.0\copyright.txt
c:\program files\ClickPotatoLite\bin\11.0.16.0\firefox\extensions\install.rdf
c:\program files\ClickPotatoLite\bin\11.0.16.0\firefox\extensions\plugins
pclntax_ClickPotatoLiteSA.dll
c:\windows\$NtUninstallKB53463$
c:\windows\$NtUninstallKB53463$\2074063889
c:\windows\$NtUninstallKB53463$\3645049236\@
c:\windows\$NtUninstallKB53463$\3645049236\bckfg.tmp
c:\windows\$NtUninstallKB53463$\3645049236\cfg.ini
c:\windows\$NtUninstallKB53463$\3645049236\Desktop.ini
c:\windows\$NtUninstallKB53463$\3645049236\keywords
c:\windows\$NtUninstallKB53463$\3645049236\kwrd.dll
c:\windows\$NtUninstallKB53463$\3645049236\L\iumahkbc
c:\windows\$NtUninstallKB53463$\3645049236\U\00000001.@
c:\windows\$NtUninstallKB53463$\3645049236\U\00000002.@
c:\windows\$NtUninstallKB53463$\3645049236\U\00000004.@
c:\windows\$NtUninstallKB53463$\3645049236\U\80000000.@
c:\windows\$NtUninstallKB53463$\3645049236\U\80000004.@
c:\windows\$NtUninstallKB53463$\3645049236\U\80000032.@
c:\windows\alcrmv.exe
c:\windows\bwUnin-6.1.4.68-8876480L.exe
c:\windows\system32\drivers\34c689a08f275ef2.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_34c689a08f275ef2
-------\Service_34c689a08f275ef2
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-12-24 au 2012-01-24  ))))))))))))))))))))))))))))))))))))
.
.
2012-01-24 18:45 . 2008-04-13 10:21	162816	-c--a-w-	c:\windows\system32\dllcache
etbt.sys
2012-01-24 18:45 . 2008-04-13 10:21	162816	----a-w-	c:\windows\system32\drivers
etbt.sys
2012-01-23 11:43 . 2012-01-23 12:26	111872	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2012-01-22 14:27 . 2012-01-22 14:27	--------	d-----r-	c:\documents and settings\NetworkService\Favoris
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2008-04-13 17:33	293888	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-13 16:58	1859712	----a-w-	c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-13 17:34	61952	----a-w-	c:\windows\system32\packager.exe
2011-11-04 19:13 . 2008-04-13 17:33	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-13 17:34	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-13 17:33	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 11:24 . 2008-04-13 17:00	385024	----a-w-	c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-13 17:33	387072	----a-w-	c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-13 17:33	1298432	----a-w-	c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-13 17:33	1288192	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-13 17:33	33280	----a-w-	c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]
"WeatherBugAlert"="c:\program files\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2010-02-22 442368]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 344064]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-10-10 450560]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Freeplayer\vlc\vlc.exe"=
"c:\Program Files\Pando Networks\Pando\Pando.exe"=
"c:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"=
"c:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe"=
"c:\Program Files\Google\Google Earth\client\googleearth.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58097:TCP"= 58097:TCP:Pando
"58097:UDP"= 58097:UDP:Pando
.
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2010 20:47 135664]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\RMY~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\RMY~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2010 20:47 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers
mwcdnsu.sys [12/12/2010 22:21 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers
mwcdnsuc.sys [12/12/2010 22:21 8320]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WUAUSERV
.
Contenu du dossier 'Tâches planifiées'
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 19:47]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 19:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKCU-Run-xf9poa4vaz - c:\documents and settingsémy\xf9poa4vaz.exe
HKLM-Run-TaskTray - (no file)
HKLM-Run-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\11.0.16.0\ClickPotatoLiteSA.exe
HKLM-Run-xf9poa4vaz - c:\documents and settings\All Users\xf9poa4vaz.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
.
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_50.kmz 41159 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_500.kmz 49349 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5000.kmz 56816 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5001.kmz 49744 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5002.kmz 56315 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5003.kmz 62698 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5004.kmz 14827 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5005.kmz 49931 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5006.kmz 16223 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5007.kmz 54645 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5008.kmz 58521 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5009.kmz 818 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_501.kmz 15777 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5010.kmz 15362 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5011.kmz 1301 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5012.kmz 944 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5013.kmz 8495 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_660.kmz 3569 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6600.kmz 16321 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6601.kmz 18284 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6602.kmz 50530 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6603.kmz 16828 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6604.kmz 51551 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6605.kmz 14898 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6606.kmz 8244 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6607.kmz 43831 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6608.kmz 8008 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6609.kmz 13810 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_661.kmz 3857 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6610.kmz 14749 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6611.kmz 16823 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6612.kmz 44130 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6613.kmz 36816 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6614.kmz 43408 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_820.kmz 10372 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8200.kmz 15658 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8201.kmz 7869 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8202.kmz 7408 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8203.kmz 7491 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8204.kmz 40515 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8205.kmz 45653 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8206.kmz 14784 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8207.kmz 7525 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8208.kmz 41310 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8209.kmz 7401 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_821.kmz 9908 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8210.kmz 15878 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8211.kmz 16646 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8212.kmz 7419 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8213.kmz 18964 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8214.kmz 8715 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3870.kmz 16378 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3871.kmz 7702 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3872.kmz 41875 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3873.kmz 50151 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3874.kmz 14849 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3875.kmz 7433 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3876.kmz 14976 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3877.kmz 14277 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3878.kmz 16191 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3879.kmz 10141 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_388.kmz 8659 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3880.kmz 15835 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3881.kmz 7484 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3882.kmz 1214 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3883.kmz 54191 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3884.kmz 44931 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3885.kmz 3123 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4020.kmz 7905 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4021.kmz 5005 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4022.kmz 7456 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4023.kmz 51939 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4024.kmz 15802 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4025.kmz 48168 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4026.kmz 3454 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4027.kmz 2937 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4028.kmz 1187 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4029.kmz 5733 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_403.kmz 45368 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4030.kmz 9086 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4031.kmz 4221 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4032.kmz 60450 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4033.kmz 1633 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4034.kmz 4842 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4035.kmz 2238 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4190.kmz 50376 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4191.kmz 14727 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4192.kmz 41928 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4193.kmz 16446 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4194.kmz 12758 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4195.kmz 10483 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4196.kmz 43606 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4197.kmz 39349 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4198.kmz 16654 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4199.kmz 7494 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_42.kmz 374 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_420.kmz 10908 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4200.kmz 42804 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4201.kmz 17904 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4202.kmz 34931 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4203.kmz 16903 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4204.kmz 7703 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4350.kmz 64396 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4351.kmz 7563 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4352.kmz 73391 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4353.kmz 67787 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4354.kmz 50421 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4355.kmz 53479 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4356.kmz 51280 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4357.kmz 7878 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4358.kmz 14343 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4359.kmz 57816 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_436.kmz 11571 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4360.kmz 49182 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4361.kmz 13856 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4362.kmz 14431 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4363.kmz 48962 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4364.kmz 14383 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4365.kmz 18502 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4510.kmz 14450 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4511.kmz 67807 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4512.kmz 66292 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4513.kmz 48495 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4514.kmz 16117 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4515.kmz 14674 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4516.kmz 16236 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4517.kmz 64663 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4518.kmz 70591 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4519.kmz 47090 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_452.kmz 9005 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4520.kmz 56534 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4521.kmz 16119 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4522.kmz 14270 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4523.kmz 12694 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4524.kmz 14536 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4525.kmz 14156 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4680.kmz 49384 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4681.kmz 14390 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4682.kmz 48915 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4683.kmz 62560 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4684.kmz 58186 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4685.kmz 19163 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4686.kmz 15412 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4687.kmz 55540 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4688.kmz 48508 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4689.kmz 14466 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_469.kmz 77980 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4690.kmz 47756 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4691.kmz 49444 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4692.kmz 14454 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4693.kmz 15739 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4694.kmz 14395 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4695.kmz 15977 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5150.kmz 15614 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5151.kmz 37244 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5152.kmz 64889 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5153.kmz 15705 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5154.kmz 17661 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5155.kmz 50903 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5156.kmz 49695 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5157.kmz 35519 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5158.kmz 7942 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5159.kmz 14749 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_516.kmz 8653 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5160.kmz 43803 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5161.kmz 14285 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5162.kmz 16043 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5163.kmz 46390 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5164.kmz 35878 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5165.kmz 40980 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5310.kmz 55112 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5311.kmz 16221 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5312.kmz 15327 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5313.kmz 47954 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5314.kmz 1204 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5315.kmz 16479 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5316.kmz 16417 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5317.kmz 1225 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5318.kmz 65956 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5319.kmz 15457 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_532.kmz 11137 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5320.kmz 47195 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5321.kmz 16652 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5322.kmz 44223 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5323.kmz 16557 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5324.kmz 15491 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5325.kmz 43822 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5480.kmz 45799 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5481.kmz 55979 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5482.kmz 15602 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5483.kmz 43944 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5484.kmz 44669 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5485.kmz 15914 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5486.kmz 54782 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5487.kmz 45064 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5488.kmz 49761 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5489.kmz 6523 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_549.kmz 10939 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5490.kmz 10733 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5491.kmz 2986 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5492.kmz 16212 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5493.kmz 8847 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5494.kmz 9020 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5495.kmz 14475 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5640.kmz 17873 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5641.kmz 41733 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5642.kmz 43724 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5643.kmz 15520 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5644.kmz 16027 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5645.kmz 14712 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5646.kmz 17108 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5647.kmz 42564 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5648.kmz 13467 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5649.kmz 14384 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_565.kmz 10086 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5650.kmz 4899 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5651.kmz 56404 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5652.kmz 15808 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5653.kmz 2736 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5654.kmz 11207 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5655.kmz 55050 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5800.kmz 45391 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5801.kmz 15240 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5802.kmz 63008 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5803.kmz 49544 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5804.kmz 58129 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5805.kmz 16161 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5806.kmz 15621 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5807.kmz 56692 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5808.kmz 44422 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5809.kmz 17721 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_581.kmz 12007 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5810.kmz 48712 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5811.kmz 15783 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5812.kmz 16255 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5813.kmz 50833 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5814.kmz 16554 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5815.kmz 15960 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5970.kmz 14664 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5971.kmz 14430 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5972.kmz 1393 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5973.kmz 52053 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5974.kmz 1331 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5975.kmz 13771 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5976.kmz 2034 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5977.kmz 41394 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5978.kmz 56012 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5979.kmz 58389 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_598.kmz 11358 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5980.kmz 16787 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5981.kmz 16109 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5982.kmz 16030 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5983.kmz 59735 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5984.kmz 5369 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5985.kmz 16082 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5986.kmz 18228 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5987.kmz 14792 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5988.kmz 56873 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_5989.kmz 14967 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6140.kmz 15085 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6141.kmz 7403 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6142.kmz 43025 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6143.kmz 47058 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6144.kmz 8519 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6145.kmz 7346 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6146.kmz 42355 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6147.kmz 35081 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6148.kmz 7854 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6149.kmz 16584 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_615.kmz 12390 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6150.kmz 43173 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6151.kmz 7314 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6152.kmz 7895 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6153.kmz 9349 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6154.kmz 7579 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6155.kmz 15927 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6300.kmz 18458 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6301.kmz 43810 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6302.kmz 15777 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6303.kmz 16695 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6304.kmz 16462 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6305.kmz 45148 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6306.kmz 15270 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6307.kmz 15886 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6308.kmz 43523 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6309.kmz 16705 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_631.kmz 10292 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6310.kmz 8433 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6311.kmz 7796 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6312.kmz 7774 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6313.kmz 13952 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6314.kmz 46152 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6315.kmz 63296 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6780.kmz 16409 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6781.kmz 44590 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6782.kmz 3669 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6783.kmz 2094 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6784.kmz 1961 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6785.kmz 1636 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6786.kmz 47212 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6787.kmz 2322 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6788.kmz 41591 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6789.kmz 16212 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_679.kmz 3663 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6790.kmz 59842 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6791.kmz 1956 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6792.kmz 14475 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6793.kmz 11144 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6794.kmz 12622 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6795.kmz 10534 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6940.kmz 15228 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6941.kmz 8993 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6942.kmz 12463 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6943.kmz 5121 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6944.kmz 6587 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6945.kmz 61989 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6946.kmz 10919 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6947.kmz 43588 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6948.kmz 49469 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6949.kmz 12629 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_695.kmz 14034 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6950.kmz 80117 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6951.kmz 81886 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6952.kmz 71353 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6953.kmz 71763 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6954.kmz 58494 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_6955.kmz 75070 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_710.kmz 48996 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7100.kmz 17745 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7101.kmz 18031 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7102.kmz 47546 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7103.kmz 14507 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7104.kmz 52050 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7105.kmz 15870 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7106.kmz 16446 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7107.kmz 16292 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7108.kmz 7753 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7109.kmz 44956 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_711.kmz 11820 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7110.kmz 68149 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7111.kmz 51118 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7112.kmz 45229 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7113.kmz 15823 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7114.kmz 17758 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7260.kmz 17857 bycatchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7261.kmz 7747 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7262.kmz 46796 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7263.kmz 8513 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7264.kmz 16273 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7265.kmz 14278 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7266.kmz 10057 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7267.kmz 17810 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7268.kmz 16937 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7269.kmz 46675 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_727.kmz 7620 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7270.kmz 15634 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7271.kmz 16524 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7272.kmz 17555 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7273.kmz 16096 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7274.kmz 14970 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7275.kmz 8408 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7276.kmz 48412 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7277.kmz 44300 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7278.kmz 48737 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7279.kmz 7766 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_728.kmz 7590 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7280.kmz 55542 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7281.kmz 14813 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7282.kmz 37587 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7283.kmz 7613 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7284.kmz 7796 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7285.kmz 45938 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7420.kmz 48426 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7421.kmz 44681 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7422.kmz 57361 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7423.kmz 14244 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7424.kmz 46801 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7425.kmz 14540 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7426.kmz 8629 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7427.kmz 40093 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7428.kmz 8682 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7429.kmz 41846 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_743.kmz 11241 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7430.kmz 15879 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7431.kmz 16141 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7432.kmz 57342 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7433.kmz 7970 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7434.kmz 54559 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7435.kmz 16071 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_760.kmz 55781 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7600.kmz 16806 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7601.kmz 18974 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7602.kmz 49494 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7603.kmz 16605 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7604.kmz 46965 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7605.kmz 16550 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7606.kmz 45671 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7607.kmz 16378 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7608.kmz 14805 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7609.kmz 16517 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_761.kmz 7780 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7610.kmz 43368 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7611.kmz 14376 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7612.kmz 15673 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7613.kmz 16197 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7614.kmz 17429 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7615.kmz 44948 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7616.kmz 46042 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7617.kmz 14481 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7618.kmz 16266 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7619.kmz 15909 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_762.kmz 43340 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7620.kmz 39227 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7621.kmz 50065 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7622.kmz 14859 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7623.kmz 16256 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7624.kmz 14566 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7625.kmz 16044 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7626.kmz 14205 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7627.kmz 15930 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7628.kmz 15905 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7629.kmz 16555 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4696.kmz 49161 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4711.kmz 17151 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4728.kmz 12230 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4744.kmz 11891 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4760.kmz 6611 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4777.kmz 7959 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4793.kmz 8607 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4809.kmz 3229 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_483.kmz 10706 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4846.kmz 2542 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4862.kmz 1227 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4879.kmz 2959 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4895.kmz 11158 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4910.kmz 10909 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4927.kmz 3996 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4946.kmz 17485 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_870.kmz 4884 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8700.kmz 15799 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8701.kmz 60402 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8702.kmz 14992 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8703.kmz 15329 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8704.kmz 45804 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8705.kmz 16000 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8706.kmz 41896 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8707.kmz 54714 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8708.kmz 41369 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8709.kmz 61379 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_871.kmz 2755 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8710.kmz 66921 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8711.kmz 59255 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8712.kmz 50093 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8713.kmz 13016 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8714.kmz 15136 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8370.kmz 7497 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8371.kmz 7437 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8372.kmz 39266 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8373.kmz 7402 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8374.kmz 15651 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8375.kmz 16256 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8376.kmz 15309 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8377.kmz 7757 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8378.kmz 14590 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8379.kmz 13133 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_838.kmz 14288 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8380.kmz 15159 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8381.kmz 7421 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8382.kmz 8171 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8383.kmz 7693 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8384.kmz 7984 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8385.kmz 16477 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8860.kmz 7767 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8861.kmz 57673 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8862.kmz 7715 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8863.kmz 16727 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8864.kmz 47334 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8865.kmz 7660 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8866.kmz 13169 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8867.kmz 7361 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8868.kmz 7888 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8869.kmz 13144 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_887.kmz 4574 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8870.kmz 45019 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8871.kmz 16218 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8872.kmz 37784 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8873.kmz 8140 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8874.kmz 10715 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_8875.kmz 16095 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9010.kmz 7426 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9011.kmz 37600 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9012.kmz 8112 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9013.kmz 42019 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9014.kmz 7560 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9015.kmz 7771 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9016.kmz 14237 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9017.kmz 13235 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9018.kmz 38501 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9019.kmz 7572 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_902.kmz 12723 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9020.kmz 50959 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9021.kmz 7915 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9022.kmz 7877 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9023.kmz 7754 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9024.kmz 8315 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_9025.kmz 15720 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_919.kmz 2804 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_92.kmz 386 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_920.kmz 10249 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_921.kmz 10185 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_922.kmz 10414 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_923.kmz 9755 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_924.kmz 11616 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_925.kmz 6288 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_926.kmz 6210 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_927.kmz 9585 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_928.kmz 12256 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_929.kmz 11418 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_93.kmz 31507 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_930.kmz 10401 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_931.kmz 12562 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_932.kmz 10950 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_933.kmz 11591 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_935.kmz 12807 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_936.kmz 3176 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_937.kmz 11318 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_938.kmz 12067 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_939.kmz 6523 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_94.kmz 40501 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_940.kmz 6949 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_941.kmz 8712 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_942.kmz 12043 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_943.kmz 8965 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_944.kmz 2299 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_945.kmz 3746 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_946.kmz 9573 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_947.kmz 9714 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_948.kmz 5240 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_949.kmz 7376 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_95.kmz 376 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_951.kmz 11307 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_952.kmz 12789 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_953.kmz 11107 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_954.kmz 11321 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_955.kmz 8031 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_956.kmz 10594 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_957.kmz 4622 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_958.kmz 9330 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_959.kmz 3671 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_96.kmz 12394 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_960.kmz 3521 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_961.kmz 1798 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_962.kmz 3465 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_963.kmz 2001 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_964.kmz 2398 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_965.kmz 1900 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_966.kmz 10946 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_967.kmz 12104 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_968.kmz 12499 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_969.kmz 12227 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_97.kmz 434 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_970.kmz 11986 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_971.kmz 9605 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_973.kmz 5880 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_974.kmz 14225 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_975.kmz 15502 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_976.kmz 44423 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_977.kmz 10304 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_978.kmz 12213 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_979.kmz 3443 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_98.kmz 13499 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_980.kmz 9792 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_981.kmz 15008 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_982.kmz 13804 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_983.kmz 65262 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_984.kmz 45110 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_985.kmz 11800 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_986.kmz 12183 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_987.kmz 11143 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_988.kmz 9203 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_989.kmz 15940 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_99.kmz 430 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_990.kmz 14149 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_991.kmz 9999 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_992.kmz 7288 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_993.kmz 2758 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_994.kmz 8894 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_995.kmz 1726 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_996.kmz 2593 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_997.kmz 9890 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_998.kmz 17286 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_999.kmz 12593 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7900.kmz 8171 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7901.kmz 8973 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7902.kmz 16058 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7903.kmz 16193 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7904.kmz 12667 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7905.kmz 12859 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7906.kmz 8066 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7907.kmz 16150 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7908.kmz 12677 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7909.kmz 13522 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_791.kmz 9601 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7910.kmz 50964 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7911.kmz 59733 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7912.kmz 57710 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7913.kmz 12660 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7914.kmz 42321 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_7915.kmz 59050 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3791.kmz 2245 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3792.kmz 3943 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3793.kmz 10589 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3794.kmz 14799 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3795.kmz 14143 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3796.kmz 16857 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3797.kmz 15508 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3798.kmz 14937 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3799.kmz 15568 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_38.kmz 22585 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_380.kmz 10637 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3800.kmz 15761 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3801.kmz 17438 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3802.kmz 7899 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3803.kmz 58232 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3804.kmz 58205 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3805.kmz 53103 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3807.kmz 15978 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_3808.kmz 1866 bytes

remus · Answer

la suite....

c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4278.kmz 7526 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4279.kmz 7495 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_428.kmz 11868 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4280.kmz 16628 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4281.kmz 15569 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4282.kmz 57698 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4283.kmz 55015 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4284.kmz 7849 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4285.kmz 7728 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4286.kmz 8677 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4288.kmz 12588 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4289.kmz 13317 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_429.kmz 11870 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4290.kmz 14272 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4291.kmz 61098 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4292.kmz 15501 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4293.kmz 13427 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4294.kmz 60317 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4295.kmz 14130 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4296.kmz 18059 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4297.kmz 15976 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4298.kmz 53092 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4299.kmz 51215 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_43.kmz 404 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_430.kmz 11304 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4300.kmz 74096 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4301.kmz 49128 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4303.kmz 46703 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4304.kmz 60768 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4305.kmz 14387 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4306.kmz 12705 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4307.kmz 65300 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4308.kmz 13370 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_4309.kmz 16442 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTemp_431.kmz 59634 bytes
c:\docume~1\RMY~1\LOCALS~1\Temp\ge2776\kmz\khTcatchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ALCXMNTR.EXE
c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Fichiers communs\Nokia\NoA
okiaaserver.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2012-01-24  20:07:24 - La machine a redémarré
ComboFix-quarantined-files.txt  2012-01-24 19:07
.
Avant-CF: 67 528 413 184 octets libres
Après-CF: 68 963 459 072 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP  dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - BA3E38EC818C243E71740DD029AA4208

g3n-h@ckm@n · Answer

heberge-le ici puis donne le lien , c est plus facile pour moi

http://pjjoint.malekal.com

remus · Answer

Bonjour,

Voici le lien.

 http://pjjoint.malekal.com/files.php?id=20120125_h15p11q12m7z14



Cordialement

g3n-h@ckm@n · Answer

Télécharge et enregistre ADWcleaner sur ton bureau :

ADWCleaner (Merci à Xplode)

Lance le,

clique sur suppression et poste son rapport.

remus · Answer

Voici le lien du rapport,

http://pjjoint.malekal.com/files.php?id=20120125_q14w5s9h8o12

g3n-h@ckm@n · Answer

j'avais demandé suppression

remus · Answer

autant pour moi... le voici

 http://pjjoint.malekal.com/files.php?id=20120125_t13m14x13i13k13

g3n-h@ckm@n · Answer

bien

telecharge et enregistre ceci sur ton bureau :

Pre_Scan

Avertissement: tous les processus non-vitaux de windows seront coupés --> pas de panique. 

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition du rapport sur le bureau.

si 'outil est bloqué par l'infection utilise cette version : Version .pif

ou encore cette version renommée : Winlogon.exe

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

 Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler 

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan après redemarrage

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM (il est trop long)

heberge le rapport sur http://pjjoint.malekal.com et donne le lien obtenu

remus · Answer

le scan est bloqué avec toute les versions 
boite de dialogue apparait 

WINDOWS PAS DE DISQUE 
Exception processi message c0000013 parametre..... 

et je ne peux plus rien faire

g3n-h@ckm@n · Answer

si clique sur continuer

remus · Answer

j ai deja cliquer rien y fait...
Dois je insister en cliquant plusieur fois de suite jusqu a ca se debloque ?
Car pour les tentatives que j ai faite aucun bouton ne fonctionai, je n ai meme pas pu faire annuler. J ai ete obliger d eteindre mon pc manuellement.

g3n-h@ckm@n · Answer

oui plusieurs fois s'il le faut .... je pense avoir corrigé ca cette nuit....

remus · Answer

ok,c est bon. Voici le lien du rapport

 http://pjjoint.malekal.com/files.php?id=20120126_z5d12l815c6

g3n-h@ckm@n · Answer

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse.

remus · Answer

voici le lien

https://www.virustotal.com/file/4022f4fe2d94089d5956002c9218d5f47b52985c3d5736905457bf327c44d44d/analysis/

g3n-h@ckm@n · Answer

fais glisser une icone n'importe quel fichier sur Pre_scan , pre_script va apparaitre

Lance Pre_script , une page vierge va s'ouvrir.

selectionne tout le texte en gras ci-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"AlcxMonitor"=-
"NeroFilterCheck"=-
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
[HKEY_USERS\S-1-5-21-1390067357-362288127-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run]      
"LogitechSoftwareUpdate"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]  
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickPotatoLiteSA] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\504244733D18C8F63FF584AEB290E3904E791693]      
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[-HKCU\Software\ClickPotatoLite] 
[-HKLM\Software\BrowserChoice]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]  
"1900:UDP"=-
"2869:TCP"=-

file::
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SET4.tmp 
C:\WINDOWS\SET8.tmp 
C:\WINDOWS\SETF.tmp    
C:\Documents and Settings\rémy\Application Data\81cae31d 
C:\Documents and Settings\All Users\Application Data\ec640112    
C:\Documents and Settings\rémy\Local Settings\Application Data\831402c4    

folder::
C:\25d9df1ba5a504999e174f662bbe            

Mbr::    

clean::      

Reboot::        
___________________________________________________

colle-le ensuite (clic droit/coller ou ctrl+V) dans la page vierge.

puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille 

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail 

si ton bureau ne reapparait pas => ctrl+alt+supp , gestionnaire des taches => onglet fichier => nouvelle tache puis tape explorer

remus · Answer

http://pjjoint.malekal.com/files.php?id=20120127_e11e15t12q5g8

g3n-h@ckm@n · Answer

fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


&#9654 Télécharge ici :

Malwarebytes  

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

remus · Answer

voici le lien du rapport:

http://pjjoint.malekal.com/files.php?id=20120128_r14p5q8k15e9

g3n-h@ckm@n · Answer

ok encore des soucis ?

remus · Answer

C est bon?  plus de rapport a envoyer ? merci pour tout alors...
Mais j aimerai savoir comment j ai pu avoir ce(s) virus car comme j ai plus le lire sur ton blog, je ne telecharge pas n importe quel logiciel, ni de p2p...
Je navigue seulement sur internet.
Peux tu me donner des conseils pour deja proteger mon pc et ensuite si il ya des scan a faire de tps en tps quel logiciel de ceux que tu m a fais telecharger , je peux encore utiliser.
Cordialement

g3n-h@ckm@n · Answer

tout est là : Pour nettoyer les outils utilsés et mieux sécuriser ton pc -------------------------------------------------------------- Je t'invite à suivre ce tutoriel pour le final il inclut ♦ du nettoyage après desinfection ♦ des mises à jour pour combler des failles de securité de logiciels importants non mis à jour ▶ et enfin quelques conseils à suivre afin que la protection soit plus efficace __________________________________________________ Si nous avons utilisé Defogger et cliqué sur "disable" , tu peux le "reenable" __________________________________________________ ▶ Télécharge DelFix sur ton bureau. ▶ Lance le, tape suppression puis valide Patiente pendant le scan jusqu'à l'ouverture du rapport. ▶ Copie/Colle le contenu du rapport dans ta prochaine réponse. Note : Le rapport se trouve également sous C:\DelFix.txt tu peux le desinstaller ___________________________________________________ ▶ Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) : * Lance-le.(clic droit "en tant qu'administrateur" pour Vista/7) => Configuration fais le nettoyage dans le registre et dans le nettoyeur autant de fois qu'il trouve des choses à l analyse __________________________________________________ Attention : ne pas toucher au PC pendant qu'il travaille ! ▶ Nettoyage et Défragmentation de tes Disques *Nettoyage : Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" Cliques sur le bouton "nettoyage de disque", OK tu le fais pour chacun de tes disques ________________________________________________ *Vérifications des erreurs : Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" "Vérifier maintenant", une boîte s'ouvre, cocher les cases : -réparer automatiquement les erreurs... -rechercher et tenter une récupération... --->Démarrer, ok Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal tu le fais pour chacun de tes disques ________________________________________________ ensuite toujours dans le même onglet tu choisis : *Défragmentation : "défragmenter maintenant", OK une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK tu le fais pour chacun de tes disques _______________________________________________ Note : si tu as un utilitaire pour défragmenter , utilises le à la place pour ce faire Defraggler est proposé _________________________________________________ ▶ Peux-tu vérifier ta Console Java ? : et installer la nouvelle version si besoin est. desinstalle les anciennes versions : voici pour desinstaller : JavaRa Décompresse le fichier sur le Bureau (Clic droit > Extraire tout). * Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa. * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher). * Choisis Français puis clique sur Select. * Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK. * Ferme l'application. Note : tu peux supprimer son rapport dans C:\ sous le nom JavaRa.log. _________________________________________________ ▶ Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure) et pense à decocher l'installation de McAfee proposée discrêtement __________________________________________________ ▶ Je te conseille si tu n en as pas , afin de mieux securiser ton pc , d'installer un parefeu : Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO https://www.commentcamarche.net/telecharger/securite/16545-online-armor-personal-firewall/ https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html https://forum.pcastuces.com/sujet.asp?f=25&s=35606 https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html https://manuelsdaide.com/contact/ http://www.open-files.com/forum/index.php?showtopic=29277 https://www.commentcamarche.net/telecharger/securite/24863-zonealarm/ ___________________________________________________ ▶ Tu peux aussi vider ta corbeille,quoi que Ccleaner le fasse tout seul _____________________________________________________ ▶ Si nous avons utilisé MalwareByte's Anti-Malware , vide sa quarantaine : * Lance le programme puis clique sur . * Sélectionne tous les éléments puis clique sur . * Quitte le programme. ______________________________________________________ ▶ Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait ______________________________________________________ ▶ Désactive et réactive la restauration de système, pour cela : suis les instructions du lien : Lien XP Lien Vista Lien Win7 ▶ Sitôt fait , recrées un point de restoration dit "sain" pour parer à quelques eventuels problêmes dans le futur ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quelques conseils et recommandations pour l'avenir : ▶ Passe un coup de MalwareByte's Anti-Malware de temps en temps (1 fois par semaine , suivant l'utilisation que tu fais de ton PC. ▶ Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser. * Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise)) _____________ ▶ Pour bien protéger ton PC : [1 seul Antivirus] + [1 seul Pare feu] + [Un bon Antispyware] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows et Windows live Messenger)] Je te conseille d'installer cette extension pour Firefox pour securiser ton surf : WOT Je te conseille d'installer cette extension pour Internet Explorer pour securiser ton surf : WOT PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect.... Les virus utilisent les failles de ton PC pour infecter un système à lire aussi Et ceci sujets intéressants à lire : https://www.luanagames.com/index.fr.html https://forum.malekal.com/viewtopic.php?t=13629&start= https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf http://www.libellules.ch/phpBB2/les-risques-securitaires-du-peer-to-peer-en-10-points-t28947.html https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite il ne faut jamais accepter l'installation de toobars, adwares, moteurs de recherches lorsqu'on installe un logiciel gratuit. Ceux-ci corrompent les navigateurs et dirigent les recherches sur des sites publicitaires, malveillants etc et affichent des pubs intempestives. Il ne faut jamais télécharger le logiciel à partir des pubs sur les pages web, ne jamais cliquer sur les liens genre "boostez votre pc" ou "avant de télécharger le logiciel, faites un balayage rapide blabla", et éviter les sites de vidéos/séries en streaming dont les vidéos sont parfois piégées par des malwares sous la forme de modules complémentaires à installer pour voir la vidéo. ▶ dans le souhait de vouloir desinstaller un antivirus au profit d'un autre , voici quelques liens : Desinstaller Avast Desinstaller BitDefender Desinstaller Norton Desinstaller Kaspersky Desinstaller AVG ou tout en un : Désinstallation Antivirus , Parefeu , Antispyware _____________ ▶ Si tu as Vista n'oublie pas de réactiver le controle des comptes des utilisateurs(UAC) ___________ ▶ si nous avons affiché les fichiers cachés , n'oublies pas de les remettre en attribut "caché" ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage * - Décoche Afficher les fichiers et dossiers cachés * - coche Masquer les extensions des fichiers dont le type est connu * - coche Masquer les fichiers protégés du système d'exploitation (recommandé) ▶ clique sur Appliquer, puis OK. ____________ Voila, Bonne lecture, à bientot , une fois tout ceci fait, tu peux mettre le topic en resolu Bonne continuation et surtout , prudence et bon surf :)

remus · Answer

le lien du  rapport de delfix

http://pjjoint.malekal.com/files.php?id=20120130_h12h11y15y9r7

g3n-h@ckm@n · Answer

:):

XP Home security 2012 Alert

26 réponses

Discussions similaires