Votre question

Explorateur Windows planté

Tags :
  • explorateur de fichier
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Mars 2008 14:18:05

Salut
En cherchant sur le forum j'ai bien trouvé un topic qui parlait de ca mais j'avoue que je n'ai pas réussi a suivre le fil de la procédure pour me sortir de ce petrain =/

En fait j'ai le même souci avec les fermetures des fenetre explorateur windows; càd que dés que j'ouvre la moindre fenêtre ca plante.
Quelqu'un pourrait me recapituler la procédure pour arranger ca ? =s
Vraiment merci d'avance

Autres pages sur : explorateur windows planta

15 Mars 2008 14:40:56

voici le rapport avec hijack:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:02, on 15/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NeroRichPreview.exe
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byvst.dll,#1
O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\hp\AppData\Local\Temp\iiiii.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll",run
O4 - HKCU\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Hush Messenger.lnk = ?
O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12983 bytes
15 Mars 2008 16:22:35

Hello,

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
Contenus similaires
15 Mars 2008 20:40:57

oula, impossible d'installer combofix.
une fenetre a fond bleu apparait et ca dit que l'entrée 0x8 est introuvable, pourtant un dossier combofix apparait dans C:/
15 Mars 2008 21:26:51

Saperlipopette.

On ressaiera plus tard.

Télécharge VundoFix.exe (d’ Atribune):

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

Poste le rapport qui se trouve dans C:\vundofix.txt
16 Mars 2008 10:21:08

vundofix trouve absolument rien ^^'
un autre médicament a me conseiller? xD
16 Mars 2008 11:49:39

Ok.

Beaucoup de trop de Toolbars (inutiles) installées :
Prends connaissance de ceci

Désinstalle via ajout/suppression de programmes :
  • Megaupload Toolbar
  • Windows Live Toolbar
  • Freecorder Toolbar

    Puis supprime les dossiers correspondants :
  • C:\PROGRA~1\MEGAUP~1
  • C:\Program Files\Windows Live Toolbar
  • C:\Program Files\Freecorder

    Et les autres si tu trouves via la fonction recherche.

    ***********

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byvst.dll,#1
    O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\hp\AppData\Local\Temp\iiiii.dll,c
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll",run
    O4 - HKCU\..\Run: [09287fd3] rundll32.exe "C:\Users\hp\AppData\Local\Temp\pmddowks.dll",b
    O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

    Puis Fix Checked !

    *********

    Télécharger OTMoveIt2. ( de OldTimer)

  • Enregistrece fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Windows\system32\byvst.dll

  • Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller.

  • Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Users\hp\AppData\Local\Temp\*.* /s

  • Retourne dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisis Coller.

  • Clique sur le bouton rouge Moveit!.
  • Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Ferme OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l%u2019outil.

    ********

    Puis relance Combofix en mode sans échec, poste le rapport.
    16 Mars 2008 12:44:32

    [Custom Input]
    < C:\Windows\system32\byvst.dll >
    File/Folder C:\Windows\system32\byvst.dll not found.
    < C:\Users\hp\AppData\Local\Temp\*.* /s >
    C:\Users\hp\AppData\Local\Temp\ASPNET.bmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\Av-test.txt moved successfully.
    C:\Users\hp\AppData\Local\Temp\b120x240.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b120x600.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b120x90.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b125x125.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b160x600.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b180x150.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b234x60.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b240x400.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b250x250.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b300x100.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b300x250.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b336x280.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b468x60.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b720x300.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\b728x90.tmp moved successfully.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll
    C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll NOT unregistered.
    C:\Users\hp\AppData\Local\Temp\ddxwlsvw.dll moved successfully.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll
    C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll NOT unregistered.
    C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll moved successfully.
    File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
    C:\Users\hp\AppData\Local\Temp\fla53D3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\hp.bmp moved successfully.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\iiiii.dll
    C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
    File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
    C:\Users\hp\AppData\Local\Temp\iiiii.ini moved successfully.
    C:\Users\hp\AppData\Local\Temp\iiiii.ini2 moved successfully.
    C:\Users\hp\AppData\Local\Temp\int1BA1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int1BA2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int1BA3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2192.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2193.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int232A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int232B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int232C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2558.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2569.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int256A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int288F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2890.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2AE2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2AE3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2AE4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2BD6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2BD7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2BD8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2BD9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2BDA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2BF3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2BF4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2C43.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2C44.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DD3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DD4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DD5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DD6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DD7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DD8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DD9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DDA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DFA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DFB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2DFC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2F68.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int2F69.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int314E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int314F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3150.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3166.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3167.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3196.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3197.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3198.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int323A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int323B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int324C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int324D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int324E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3250.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3251.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3271.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3272.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3273.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int342E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int342F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int359E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int35BE.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int35D5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int35E5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int35E6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3744.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3754.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int384.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int385.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int386D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int386E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int387F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3B14.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3B15.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3B6A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3B6B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3B6C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3BA0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3BA1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3BA2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3BC2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3BC3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3BD3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3D66.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3D67.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3D7F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3D80.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3EC8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3EC9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3ECA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3F3F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3F6F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3F70.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3F71.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3F82.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3FC8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3FC9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3FCA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3FCC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int3FDD.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int41C2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int41C3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int41C4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4221.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4222.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4255.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4256.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4267.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4268.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4269.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int42EC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int42FC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int430D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int430E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int431E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int43A1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int43B2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int43E2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int43F2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int43F3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int44E1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int44F2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int44F3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4552.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4553.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int46DA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int46DB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int46DC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int475F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4760.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4769.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int476A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int47A0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int47A1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int47B1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int47E0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int47E1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4810.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4811.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4812.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4871.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4872.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int49AC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int49AD.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int49AE.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4B1B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4B1C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4BD0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4C00.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4C20.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4C21.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4C22.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4C64.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4C65.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4C66.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4D41.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4D61.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4D72.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4D73.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4D74.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4D81.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4D82.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4DE7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4DF0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4DF1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4DF2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4DF7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4DF8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4DF9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4E0A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4E8E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4E8F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4EDB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4EDC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4EFC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4EFD.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4EFE.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4F6F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4F8F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4FA0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4FB0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int4FB1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int503C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int505C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5074.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5075.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5076.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int50EF.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5100.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int513F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5140.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5141.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5195.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5196.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5197.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int52BD.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int52BE.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int53D6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int53F7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int543D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int543E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int544E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int544F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5450.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int54B2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int54B3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int54B4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5531.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5532.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5552.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5553.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5554.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int55C7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int55C8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5620.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5630.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5631.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5632.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5633.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int56C3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int56C4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int56C5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int56FB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int56FC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5761.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5762.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5763.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5796.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int57A6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int57D6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int57D7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int57D8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int592F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5930.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5941.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5945.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5965.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int59E3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int59E4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int59E5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5B97.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5B98.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5CA9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5CAA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5CDA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5CDB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5CDC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5D14.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5D24.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5D3F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5D50.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5D60.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5D61.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5D62.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5E4E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5E4F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5E50.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5E81.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5E92.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5EA2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5EB3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int5EB4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6050.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6051.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6090.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6091.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6092.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6105.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6106.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6115.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6116.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6117.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6136.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6137.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6138.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int617F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6180.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6181.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int621D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int622E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6266.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6267.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int62A7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int62A8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int62A9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6301.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6302.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6338.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6339.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int633A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6416.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6417.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int646A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int646B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int646C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int64B4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int64B5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int64B6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int650A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int650B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int65C9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int65E6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int65E7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int65E8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int65F9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int664C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int664D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6667.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6668.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6669.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int669C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int669D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int669E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int66A9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int66BA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int66EC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int66ED.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int67FB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int682B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6855.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6856.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6857.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6899.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int689A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int689B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int68AB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int68AC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int68DB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int68DC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int68DD.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int69D9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6A09.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6A89.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6A96.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6A97.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6A98.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6A99.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6AF8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6AF9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6AFA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6B88.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6BB8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6BF9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6BFA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6C0A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6C38.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6C39.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6C45.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6C46.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6C47.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6CA7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6CA8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6CA9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6CDA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6CDB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6CFB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6D0B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6D0C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6DA6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6DA7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6DE7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6DE8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6E1C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6E3C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6E7B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6E7C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6E7D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6EA4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6EA5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6EA6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6EE0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6EF0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6EF1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6F48.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6F49.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6FAC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6FAD.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int6FF8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int703A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int703B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int703C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7076.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int70AF.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int70C0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int70C1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int70C2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int70C3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7136.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7146.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int717C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int717D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int717E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int71C5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int71D6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7231.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7232.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7233.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int725F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7260.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int729F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int72A0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int72A1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int73D9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int73DA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int73DB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int748C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int748D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int748E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int74F8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int74F9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7642.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7662.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int76C1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int76C2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int76D2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7779.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int777A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int777B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int79F7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int79F8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7B48.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7B59.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7BC5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7BC6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7C63.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7C64.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7C65.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7CE8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7CE9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7DBB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7DBC.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7DBD.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7F68.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7F69.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7FB7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7FB8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7FB9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7FD7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7FD8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int7FE9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int804F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8050.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8051.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8136.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8137.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int81A5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int81A6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int81A7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8333.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8334.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8345.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8346.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8357.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8480.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int84CF.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int85C3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int85E4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int862A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int862B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8826.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8827.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8828.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int882A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int882B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int882C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8B6A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8B6B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8B6C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8BC6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8BD7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8D00.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8D01.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8D02.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8FD6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int8FE6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9229.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int922A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int922B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int93A7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int93C7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9481.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9482.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9510.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9511.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9512.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9686.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9687.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9688.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int97A7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int97A8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int98C0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int990F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9A86.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9A87.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\int9A88.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intA06F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intA070.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intA071.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intA321.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intA322.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intA799.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intA7AA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intB8E4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intB8E5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intB8F5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intCE1C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intCE1D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDB5C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDB5D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDB5E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDB5F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDB60.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDBF3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDBF4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDBF5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDBF6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDBF7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDC5A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDC5B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDC6C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDC6D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDC6E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDD2F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDD6E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDD6F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDD80.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDD81.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDDB6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDDB7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDDC7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDDC8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDDC9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE0E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE0F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE10.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE11.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE12.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE47.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE48.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE49.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE4A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE4B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE8F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE90.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE91.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE92.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDE93.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDED7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDED8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDEE9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDEEA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDEEB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF2F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF30.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF41.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF42.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF43.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF78.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF79.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF7A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF8A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDF8B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDFDF.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDFE0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDFE1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDFE2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intDFF3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE028.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE029.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE039.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE03A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE03B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE080.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE081.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE082.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE083.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE084.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE0D8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE0D9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE0DA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE0EA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE0EB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE16E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE1AE.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE1FD.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE1FE.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE1FF.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE2C0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE2F0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE2F1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE2F2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE302.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE395.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE396.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE397.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE398.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE399.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE3ED.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE3EE.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE3EF.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE3F0.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE3F1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE4B2.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE4B3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE4D3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE4D4.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE4D5.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE558.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE568.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE5F6.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE5F7.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE5F8.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE726.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE850.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE851.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE852.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intE853.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEA6B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEA9B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEA9C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEA9D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEA9E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intED33.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intED34.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intED45.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intED46.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intED47.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEE56.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEE57.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEE77.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEE78.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEE79.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEF3A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEF4B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEF4C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEF4D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intEF4E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF04D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF04E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF04F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF050.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF051.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF24B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF27B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF28B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF28C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\intF28D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\Invité.bmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\jusched.log moved successfully.
    C:\Users\hp\AppData\Local\Temp\mcrh.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\mso8BB2.tmp moved successfully.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\pmddowks.dll
    C:\Users\hp\AppData\Local\Temp\pmddowks.dll NOT unregistered.
    C:\Users\hp\AppData\Local\Temp\pmddowks.dll moved successfully.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\qomljki.dll
    C:\Users\hp\AppData\Local\Temp\qomljki.dll NOT unregistered.
    C:\Users\hp\AppData\Local\Temp\qomljki.dll moved successfully.
    C:\Users\hp\AppData\Local\Temp\removalfile.bat moved successfully.
    C:\Users\hp\AppData\Local\Temp\setB53C.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\skwoddmp.ini moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp0001a939 moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp0001a9a6 moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp0001de0e moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp00022ecc moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp000246b0 moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp00026a65 moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp0005732c moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp0005bd65 moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp000630fe moved successfully.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\tspubqhp.dll
    C:\Users\hp\AppData\Local\Temp\tspubqhp.dll NOT unregistered.
    C:\Users\hp\AppData\Local\Temp\tspubqhp.dll moved successfully.
    C:\Users\hp\AppData\Local\Temp\vovxavgy.ini moved successfully.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll
    C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll NOT unregistered.
    C:\Users\hp\AppData\Local\Temp\vwlqqkce.dll moved successfully.
    C:\Users\hp\AppData\Local\Temp\wmplog00.sqm moved successfully.
    C:\Users\hp\AppData\Local\Temp\wmplog01.sqm moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{0030C3E0-F9B8-4989-8CD2-E7C5D4B9E718}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{006104A3-C416-46E8-8992-B2DFD4321FD3}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{01B84B14-835C-4505-BB17-6F205E4D9356}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{0383C9BC-3C1D-4B47-917E-8DBC5C5937CF}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{061D3469-D4F2-49C0-AE85-4EA21530EB00}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{065A471D-E668-4A20-9DDE-200A8CCAEDD4}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{077C8212-064A-40B0-ABC8-D2E206D18C35}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{0A493BC5-97F1-4487-AAB4-90CBCED00792}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{1343090F-4DDB-42E1-90E4-E783E0ABE7AD}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{1AC79830-5071-4569-916C-990A3CF279F7}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{1CAB9114-10D5-4EEB-96E5-DFC1CDC4942E}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{2176536F-6032-467B-B830-1FC6610B60E0}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{24FA7BCD-2BBD-4DE0-961A-4F119DEF260A}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{2583AFBB-5F23-4A18-B7FF-38AF31EC8599}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{26813DFB-75BE-4332-BA3D-DD7BD73D3208}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{2A068530-D71E-4C89-BFBC-75B8A4C3E189}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{2EFCB9ED-9977-48F0-90D1-680A7E5F5B04}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{3036F16E-CF05-4A53-AF61-E584473AB1DB}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{349AB205-6C91-4E50-AC07-9C0246A9AC63}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{35820B09-9DE2-46F6-8CB5-860DDA757F9A}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{36A87A61-C79B-4E76-8D1B-1B9FF711B28D}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{3F41B878-2E19-4A46-B8F9-10B89FC54DBB}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{484B7275-0A3A-4168-8720-9C237F88A0F2}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{49026DB4-DB6F-4DAF-B78D-E34D4B6436A0}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{4B1B1ABA-18F3-4B21-BD10-B32425E95F9E}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{4D0E0F9D-DEC6-4C59-B4A3-45F1500662C1}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{51399971-F85D-4FE1-A4E0-699E70C19660}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{5154CC8E-E817-43EF-B5DD-D12CFDC4B170}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{5180E26C-B2CD-42B3-8026-33644D8474F4}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{51E81144-72FF-484B-952E-235C7D2E4037}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{521F06EE-FDBD-4D87-8398-F4D82D4FE1EA}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{52DA9CEC-350A-4164-8F46-92B035C14B34}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{53D5515E-687E-42A3-8BF0-427C2B058474}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{568781E0-BCDE-457F-905C-C43E3613CCF8}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{58FBBDA5-B8C5-4DF3-8B46-F5D85DD342FC}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{5ACE9DD9-45A3-4C34-B2DF-12B15B7D1EDA}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{5B63379A-78F6-4FC5-BD07-D63740374746}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{5BBF0620-E095-4B6F-BF79-3BC661174641}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{5E8CE4A6-3BC2-447D-B6CF-8C965710742E}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{5EFBF1C4-C55C-43D1-8973-4557302169DF}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{5FA81E9A-80C2-4916-AD9B-EEC04648F491}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{6396845E-1FB6-4504-BF30-8124EC4940BC}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{654D91A9-B61E-485C-B134-72AB45CDCCF9}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{67615C2D-7466-48CA-A706-4DC349A0CB56}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{6819A8E1-55D3-4526-B3D4-4EB54CFEB0AC}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{69E6B103-2853-4FB7-BFF6-B170967F55BE}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{6E045BCD-2A75-4793-806C-B41931000110}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{6E1F5CB6-82B8-4B66-A1F9-6B7A4749E5F4}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{6F5632FE-2F1A-4F19-A8AC-C81AA4EAF041}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{7493465E-C20E-4993-B4B1-AFD7517BCBA8}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{74DDDA4A-EC79-4E63-9C57-561D62319432}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{788FA752-4E85-41C4-BC6E-8FD6F74B2D17}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{819937A4-7BFA-4D27-B26A-D510336C7BBA}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{83FEFEE7-5550-48EB-AEFE-5BFC9396892D}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{852BF090-29DA-43B4-AB36-10F6D6B3DFE3}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{858E3423-A614-41E1-8F31-88FD44F1D8DC}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{863F55A9-F0FF-4C08-AFEF-0351C629A05A}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{866B732C-B3C1-475D-9F71-6EDCA622D1EF}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{86DAAEB6-A594-40C9-8944-292303476A8D}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{86F28D74-695D-460A-9BC2-F2D3E477BFA0}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{881068A9-FE84-4452-9FEA-9F7D37A8F7E4}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{888DF1E9-B83D-470D-9327-04C39FB9FB7F}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{8B1084C6-0ED1-4780-AB13-25E7E32BB5D1}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{8B1A8674-6548-4264-BA82-8837BD57D4C3}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{8D60E34C-8663-446F-B0D2-6EE4F08EC9CC}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{907ADA8B-EC82-41D3-A8E3-EF84008C57A9}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{90A93A05-F280-47FC-80E9-BF28C0A80320}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{96A155AA-72C8-4718-AB2A-81327734009C}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{9746C08D-6B00-4412-A038-A0A8E9025659}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{97FF6E3F-0132-4CAC-A373-DB141D3034FB}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{9942E3AF-0389-44F0-A7CA-AC45775D8362}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{9A664BD6-2D7F-44E7-B117-253AFD31D15F}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{9D02389B-D560-402D-8D80-A5E7A951D64F}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{9D9C0993-CA28-453D-AD7F-EF89E26B71BF}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{9EDEBF42-C664-4DB9-82F4-EC9B482CD0F7}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{A65EA863-E8BA-428B-9B40-A4F22FE73315}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{A997FA50-98E2-4986-8D52-F3506DFD22CF}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{B319F8EC-3FC0-4056-8EAE-5B1C087F22FA}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{B4706277-BA83-47A2-A987-9A209654F44A}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{B5D36EE4-3876-4138-BB6B-E6BA4C3806E4}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{C0488474-C1E0-4126-8E0E-1F6AA5852735}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{C1D15D47-6CD7-4FF4-89A2-77630A97B3EA}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{C2B7F996-02C6-45E8-A621-168D0EC8A2DD}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{C44F1E6D-E1A0-48AA-AFB1-87FB9FF8F0AA}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{C5B9CD51-B407-42E0-A06E-C2E23C785A7F}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{C7D83160-B91F-4828-9FD4-4BDF954A829D}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{C876BBB9-EB97-4A04-B91C-A98531AF950D}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{D08A9255-A2D2-4DF6-A794-796D309DB1E2}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{D710F0C8-FB96-453F-99E7-C1B7897704A9}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{DAF575BD-4F74-4E97-8C99-2D537D89EB38}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{DB196E7B-942B-47CE-B72E-FF7B6F73AC7D}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{DC6624E5-D3D4-4467-A610-7183E5F1C9E0}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{DD1437AA-E2FC-41AE-9463-88D2FE738D79}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{DE591943-4E42-4273-AAB2-9B3F80EA372F}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{DE84BADC-2860-42C5-AFEB-5B031303DC8B}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E041798F-9C01-4EAC-99C1-14E4AF5DB041}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E054C383-8639-4E4D-ABAD-3D891D8077BA}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E1EAFA73-2A7A-437F-BDCD-5EBC8BB45E6A}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E2F034D2-A7F6-4778-92F8-9F78F9ABF92B}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E39FC253-B83E-448A-9CBA-F8932ABE3486}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E3FB2E78-2782-4AF6-BD02-8ABFF6A3F4E2}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E49AE542-D922-4EF3-B374-F4F3CFACBF58}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E4F20CDB-C733-4EDA-A2E5-58F3F84D81BE}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E621A136-8BD8-40AF-BFDA-A25BCB4B4367}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{E9D30AC6-9036-4799-9C9E-5826A163B30B}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{EB869070-3276-4604-BDEB-F9BA3450E212}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{EFAE6B36-B039-4AC1-9F72-FB74DA95A6AC}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{F21721E8-9FE6-44F0-803A-2E12430FF5A4}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{F2BA664B-5780-4542-94A6-6B5C99B7CAC0}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{F2D3E57D-ED07-4E83-9F08-26CC8126A7C8}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{F2E67B74-F76F-4ABA-9485-92136A577A9D}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{FA741230-9C7C-4B84-8C1C-F2116D342A92}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{FABA98C8-C96D-4549-8401-DC6D228C766E}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{FC140033-F45E-425F-AC15-AE1D78449D98}.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\wpd062674{FD7470D9-6EF4-4783-B7AA-FC30AC2A9E0B}.tmp moved successfully.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll
    C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll NOT unregistered.
    C:\Users\hp\AppData\Local\Temp\ygvaxvov.dll moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF16B1.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF16BB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF1A6D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF1A78.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF257A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF477D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF4841.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF5B8B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF5D63.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF5DA3.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF6083.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF7F76.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DF9CA9.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DFBB38.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DFD41A.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DFD533.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DFE09.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DFE47.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DFEAEA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DFF36F.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~DFF3BB.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~PI527D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~PI528D.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~PIC49E.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\~PIC52B.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\76ZYGTVZ\legend_1[1].jpg moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\CA5J1CE3 moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\legend_2[1].jpg moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[1] moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[2] moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[3] moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[4] moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[5] moved successfully.
    C:\Users\hp\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\WSA8U50N\[6] moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\~DFB355.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\~DFBEFA.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\~DFBF44.tmp moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn feed 0 moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn update moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn upgrade status moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 0 moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 1 moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 2 moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn upgrade status moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 0 moved successfully.
    C:\Users\hp\AppData\Local\Temp\Low\WLTB Custom Button Feeds\microsoft.windowslive.news.btn upgrade status moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\3y7OQlQLVA85zKgLnAPkMbeXvHg= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\79tuoV3bbY7QB+JA7MNMrmZfT4A= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\79xFnigXNhmUk4DZ0XdmoV1CHx4= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\7aq1FVSoDdqrtwE+hFcJWXbh9sE= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\AAl2FVV26r1yz0mn8bWgMZltZyX0= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\AVbhD2FGfQpdY6XsHJreWPl8rTuc= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\debO4FVUrjZ8wOSIM62Fph0IZXss= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\DlmwX4FRKrfopP0m6TGhX2FCMQTo= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\fCEdemWrT3LGg4I1WiovMHRuJXY= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\kiS5yYccENToCxhwosQIoJOVM2FQ= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\oj7YyHwqA5ZKHNw052Y7cAkBR94= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\oQFlDUJEjc8FFXSwejT7vV2Fgg50= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\p0y8smjxDpHzzDoSaX5ImRpeF30= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\PKhgY6gi3HD2FrlAWWgsxiQ6vR3E= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\qJRjAu3j2FYIXrFEhzQVE2F70APvU= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\smDZ3YZbr3bPODhUEcxtWnyItnA= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\TCA0bhK07KRN54Tu+8qXzvl10cI= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\vk6YDuRPZgP5MfLQktFXsw1aEQw= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\xNWZ3WcRLHElYyHZE5UD8ydnZB0= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\XnyD8vPIRM5idsV6Qkfu+lczgIQ= moved successfully.
    C:\Users\hp\AppData\Local\Temp\MessengerCache\YK3tT4vRdupH5lp0sncICqvXy0I= moved successfully.
    C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\AdvrCntr3.dll NOT unregistered.
    C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\AdvrCntr3.dll moved successfully.
    C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\NEROINST.DB moved successfully.
    C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ROLLBACK.DB moved successfully.
    C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ShellManager3.dll unregistered successfully.
    C:\Users\hp\AppData\Local\Temp\nero.tmp\8.2.8.0_8.2.82_14392\ShellManager3.dll moved successfully.
    C:\Users\hp\AppData\Local\Temp\nero.tmp\Nero\NPS\nero.xml.{7042FC7D-ED2E-4C93-B3AA-63D117D31036} moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\NeroBar.exe moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\NeroBar.txt moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\SetupX.exe moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Toolbar.exe moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\003178B2.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0060D479.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0091DFA6.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0093A6D4.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00A7E2A4.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00ABC901.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\00AF7559.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\0127CF1C.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\015E5F3E.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\Data\017BC0DB.cab moved successfully.
    C:\Users\hp\AppData\Local\Temp\NERO14392\D
    16 Mars 2008 12:46:21

    File/Folder C:\Windows\system32\byvst.dll not found.
    [Custom Input]
    < C:\Users\hp\AppData\Local\Temp\*.* /s >
    File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\iiiii.dll
    C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
    File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
    C:\Users\hp\AppData\Local\Temp\iiiii.ini moved successfully.
    C:\Users\hp\AppData\Local\Temp\iiiii.ini2 moved successfully.
    C:\Users\hp\AppData\Local\Temp\jusched.log moved successfully.
    C:\Users\hp\AppData\Local\Temp\tmp00015b39 moved successfully.
    C:\Users\hp\AppData\Local\Temp\hsperfdata_hp\2628 moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_122433
    16 Mars 2008 13:08:54

    combofix ne marche pas non plus en mode sans echec
    PS: l'avant avant dernier post : j'ai oublier de mettre la premiére ligne :$
    j'ai mis les 2 lignes dans l'avant dernier
    16 Mars 2008 13:56:40

    Re,

  • Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Users\hp\AppData\Local\Temp\iiiii.dll
    C:\Users\hp\AppData\Local\Temp\ehmsas.txt

  • Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller.
  • Clique sur le bouton rouge Moveit!.
  • Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Ferme OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
    16 Mars 2008 14:53:36

    DllUnregisterServer procedure not found in C:\Users\hp\AppData\Local\Temp\iiiii.dll
    C:\Users\hp\AppData\Local\Temp\iiiii.dll NOT unregistered.
    File move failed. C:\Users\hp\AppData\Local\Temp\iiiii.dll scheduled to be moved on reboot.
    File move failed. C:\Users\hp\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_144358
    16 Mars 2008 15:00:29

    Y a de la résistance :o 

    Sélectionne le contenu du cadre ci-dessous :
    Files to delete:
    C:\Users\hp\AppData\Local\Temp\iiiii.dll
    C:\Users\hp\AppData\Local\Temp\ehmsas.txt

    Copie-colle le contenu précis de ce cadre dans ton bloc note en l’ouvrant.
    Il ne doit manquer aucune ligne !

    Enregistre ce fichier sur ton bureau que tu renommeras remove.txt



    Télécharge The Avenger (de Swandog46)

    Dézippe le sur ton bureau.
    Lance le en double cliquant sur l’exe puis fais ok.
    Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
    Sélectionne ton fichier remove.txt se trouvant sur le bureau.

    Clique sur le feu vert puis sur oui.

    Le programme va te demander de redémarrer ton pc, accepte.

    Poste le rapport qui se trouve ici >>C:\avenger.txt<<


    *********

    Télécharge DiagHelp.zip (de Malekal) sur ton bureau (Tuto)
    Dézippe le ,ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître ! )
    Choisis l’option 1 dans la fenêtre qui s’ouvrira.
    Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..

    ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

    A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve également >> C:\resultat.txt <<
    Poste le rapport ici.

    Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/.
    Tuto
    16 Mars 2008 15:34:06

    pour avenger:
    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File "C:\Users\hp\AppData\Local\Temp\iiiii.dll" deleted successfully.
    File "C:\Users\hp\AppData\Local\Temp\ehmsas.txt" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
    16 Mars 2008 16:13:40

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 2008-03-16 à 15:35:44.53


    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\Windows\prefetch\CONIME.EXE-B273009A.pf -->2008-03-16 15:35:43
    C:\Windows\prefetch\CMD.EXE-89305D47.pf -->2008-03-16 15:35:41
    C:\Windows\prefetch\EXPLORER.EXE-7A3328DA.pf -->2008-03-16 15:35:18
    C:\Windows\prefetch\WUAUCLT.EXE-830BCC14.pf -->2008-03-16 15:34:57
    C:\Windows\prefetch\LOGONUI.EXE-1BEE4A84.pf -->2008-03-16 15:34:54
    C:\Windows\prefetch\WMIPRVSE.EXE-43972D0F.pf -->2008-03-16 15:34:48
    C:\Windows\prefetch\WINRAR.EXE-6F42D4E7.pf -->2008-03-16 15:34:18
    C:\Windows\prefetch\DLLHOST.EXE-71214090.pf -->2008-03-16 15:34:16
    C:\Windows\prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf -->2008-03-16 15:34:11
    C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf -->2008-03-16 15:34:05

    C:\Windows\System32\drivers\mrxdav.sys -->2008-02-14 17:47:29
    C:\Windows\System32\drivers\WdfLdr.sys -->2008-02-14 17:44:46
    C:\Windows\System32\drivers\Wdf01000.sys -->2008-02-14 17:44:46
    C:\Windows\System32\drivers\sermouse.sys -->2008-02-14 17:44:45
    C:\Windows\System32\drivers\mouhid.sys -->2008-02-14 17:44:45
    C:\Windows\System32\drivers\mouclass.sys -->2008-02-14 17:44:45
    C:\Windows\System32\drivers\kbdhid.sys -->2008-02-14 17:44:45

    C:\Windows\System32\wdgxtvsy.ini -->2008-03-16 15:35:21
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->2008-03-16 15:28:56
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->2008-03-16 15:28:56
    C:\Windows\System32\ooccpenb.dll -->2008-03-16 12:05:38
    C:\Windows\System32\ysvtxgdw.dll -->2008-03-16 12:02:38
    C:\Windows\System32\casfwgcf.dll -->2008-03-16 11:58:46
    C:\Windows\System32\vuvgpqbm.dll -->2008-03-16 09:47:14
    C:\Windows\System32\FNTCACHE.DAT -->2008-03-15 20:26:42
    C:\Windows\System32\MsiExec.exe.log -->2008-03-15 10:51:55
    C:\Windows\System32\09286d5d -->2008-03-15 09:35:39
    C:\Windows\System32\bitcometres.dll -->2008-03-15 09:35:26
    C:\Windows\System32\perfh00C.dat -->2008-03-14 21:14:07
    C:\Windows\System32\perfh009.dat -->2008-03-14 21:14:06
    C:\Windows\System32\perfc00C.dat -->2008-03-14 21:14:06
    C:\Windows\System32\perfc009.dat -->2008-03-14 21:14:06
    C:\Windows\System32\PerfStringBackup.INI -->2008-03-14 21:14:04
    C:\Windows\System32\config.nt -->2008-03-14 21:03:05
    C:\Windows\System32\nnlki.dll -->2008-03-14 20:37:25
    C:\Windows\System32\Installer.log -->2008-03-13 17:45:08
    C:\Windows\System32\mrt.exe -->2008-03-05 17:30:54
    C:\Windows\System32\rmoc3260.dll -->2008-03-03 20:46:36
    C:\Windows\System32\pndx5032.dll -->2008-03-03 20:46:17
    C:\Windows\System32\pndx5016.dll -->2008-03-03 20:46:17
    C:\Windows\System32\pncrt.dll -->2008-03-03 20:46:14
    C:\Windows\System32\SBRC.dat -->2008-02-16 12:43:12

    C:\Windows\WindowsUpdate.log -->2008-03-16 15:34:57
    C:\Windows\BM0a1b4c4f.txt -->2008-03-16 15:29:58
    C:\Windows\pskt.ini -->2008-03-16 15:29:37
    C:\Windows\bootstat.dat -->2008-03-16 15:28:44
    C:\Windows\PFRO.log -->2008-03-16 12:58:28
    C:\Windows\ntbtlog.txt -->2008-03-16 12:56:39
    C:\Windows\BM0a1b4c4f.xml -->2008-03-16 09:46:14
    C:\Windows\NeroDigital.ini -->2008-03-15 21:26:47
    C:\Windows\PSEXESVC.EXE -->2008-03-15 20:23:34
    C:\Windows\DirectX.log -->2008-03-15 10:30:32
    C:\Windows\WLXPGSS.SCR -->2008-02-01 11:17:40
    C:\Windows\win.ini -->2008-01-28 09:32:38
    C:\Windows\UNNeroMediaHome.exe -->2007-12-13 19:09:06
    C:\Windows\UNRecode.exe -->2007-12-04 09:59:22
    C:\Windows\explorer.exe -->2007-11-15 08:33:20

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed


    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 5224
    Command line: "C:\Windows\explorer.exe"

    Base Size Version Path
    0x002e0000 0x2cd000 6.00.6000.16549 C:\Windows\explorer.exe
    0x77700000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
    0x76630000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
    0x76320000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
    0x75fd0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
    0x762d0000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
    0x760a0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
    0x76710000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
    0x76aa0000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
    0x76c30000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
    0x763e0000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
    0x77860000 0x8c000 6.00.6000.16609 C:\Windows\system32\OLEAUT32.dll
    0x71800000 0x107000 6.00.6000.16386 C:\Windows\system32\SHDOCVW.dll
    0x75080000 0x3f000 6.00.6000.16386 C:\Windows\system32\UxTheme.dll
    0x75310000 0x1a000 6.00.6000.16386 C:\Windows\system32\POWRPROF.dll
    0x72f10000 0xc000 6.00.6000.16386 C:\Windows\system32\dwmapi.dll
    0x74830000 0x1aa000 5.02.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll
    0x75900000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
    0x746d0000 0xb7000 6.00.6000.16386 C:\Windows\system32\PROPSYS.dll
    0x71d10000 0x145000 6.00.6000.16386 C:\Windows\system32\BROWSEUI.dll
    0x77840000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.dll
    0x76530000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
    0x721a0000 0x30000 6.00.6000.16386 C:\Windows\system32\DUser.dll
    0x75fc0000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
    0x76870000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
    0x74d80000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
    0x10000000 0x2c000 C:\Windows\system32\ysvtxgdw.dll
    0x769d0000 0xcf000 7.00.6000.16609 C:\Windows\system32\WININET.dll
    0x77820000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
    0x76980000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
    0x75e50000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
    0x76840000 0x2d000 6.00.6000.16386 C:\Windows\system32\ws2_32.dll
    0x77830000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
    0x73c90000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
    0x768f0000 0x84000 2001.12.6930.16386 C:\Windows\system32\CLBCatQ.DLL
    0x753b0000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
    0x71110000 0xb2000 6.00.6000.16549 C:\Windows\system32\timedate.cpl
    0x745a0000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
    0x75cc0000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
    0x75fb0000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x747f0000 0x38000 4.02.5406.0000 C:\Windows\system32\OLEACC.dll
    0x72230000 0x53000 6.00.6000.16386 C:\Windows\system32\actxprxy.dll
    0x75e70000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
    0x72820000 0x2b000 6.00.6000.16386 C:\Windows\system32\msutb.dll
    0x75470000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll
    0x72800000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll
    0x75df0000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
    0x02b60000 0x5cd000 7.00.6000.16609 C:\Windows\system32\ieframe.dll
    0x76b00000 0x127000 7.00.6000.16609 C:\Windows\system32\urlmon.dll
    0x72140000 0x12000 6.00.6000.16386 C:\Windows\system32\thumbcache.dll
    0x722a0000 0x4a000 6.00.6000.16386 C:\Windows\system32\ntshrui.dll
    0x72ed0000 0xa000 6.00.6000.16386 C:\Windows\system32\cscapi.dll
    0x75330000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
    0x778f0000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
    0x75aa0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
    0x6b9f0000 0x223000 6.00.6000.16386 C:\Windows\system32\NetworkExplorer.dll
    0x724b0000 0x9000 6.00.6000.16386 C:\Windows\system32\ExplorerFrame.dll
    0x72510000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll
    0x756c0000 0x8000 6.00.6000.16386 C:\Windows\system32\VERSION.dll
    0x6dc10000 0x204000 4.00.6000.16386 C:\Windows\system32\msi.dll
    0x71760000 0x92000 6.00.6000.16386 C:\Windows\system32\stobject.dll
    0x708a0000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll
    0x76140000 0x189000 6.00.6000.16609 C:\Windows\system32\SETUPAPI.dll
    0x74fe0000 0x9000 6.00.6000.16553 C:\Windows\system32\WTSAPI32.dll
    0x75660000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
    0x75160000 0x2d000 6.00.6000.16386 C:\Windows\system32\WINTRUST.dll
    0x75940000 0xf1000 6.00.6000.16425 C:\Windows\system32\CRYPT32.dll
    0x75a80000 0x12000 6.00.6000.16386 C:\Windows\system32\MSASN1.dll
    0x76600000 0x29000 6.00.6000.16470 C:\Windows\system32\imagehlp.dll
    0x722f0000 0x30000 6.00.6000.16386 C:\Windows\system32\MLANG.dll
    0x73d50000 0x45000 2001.12.6930.16386 C:\Windows\system32\es.dll
    0x71f80000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll
    0x746a0000 0x27000 6.00.6000.16386 C:\Windows\System32\MMDevApi.dll
    0x74570000 0x21000 6.00.6000.16386 C:\Windows\System32\audioses.dll
    0x743d0000 0x66000 6.00.6000.16386 C:\Windows\System32\audioeng.dll
    0x749e0000 0x7000 6.00.6000.16386 C:\Windows\System32\AVRT.dll
    0x71f50000 0x21000 6.00.6000.16386 C:\Windows\ehome\ehSSO.dll
    0x742b0000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL
    0x75240000 0x63000 6.00.6000.16501 C:\Windows\system32\FirewallAPI.dll
    0x70110000 0x30b000 6.00.6000.16386 C:\Windows\System32\netshell.dll
    0x75890000 0x19000 6.00.6000.16386 C:\Windows\System32\IPHLPAPI.DLL
    0x75850000 0x35000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc.DLL
    0x75ac0000 0x2b000 6.00.6000.16386 C:\Windows\System32\DNSAPI.dll
    0x75840000 0x7000 6.00.6000.16386 C:\Windows\System32\WINNSI.DLL
    0x75820000 0x20000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc6.DLL
    0x745c0000 0xf000 6.00.6000.16386 C:\Windows\System32\nlaapi.dll
    0x6d850000 0x1bf000 6.00.6000.16386 C:\Windows\system32\pnidui.dll
    0x72850000 0x17000 6.00.6000.16386 C:\Windows\system32\QUtil.dll
    0x758b0000 0x3e000 6.00.6000.16386 C:\Windows\system32\wevtapi.dll
    0x737d0000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll
    0x6fbb0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
    0x725b0000 0x27000 6.00.6000.16386 C:\Windows\system32\FunDisc.dll
    0x724a0000 0x9000 6.00.6000.16386 C:\Windows\system32\fdproxy.dll
    0x72350000 0x126000 8.90.1101.0000 C:\Windows\System32\msxml3.dll
    0x75d30000 0x5f000 6.00.6000.16386 C:\Windows\system32\SXS.DLL
    0x72480000 0xe000 6.00.6000.16551 C:\Windows\system32\Wlanapi.dll
    0x73920000 0x2d000 6.00.6000.16386 C:\Windows\system32\OneX.DLL
    0x73a10000 0xd000 6.00.6000.16386 C:\Windows\system32\eappprxy.dll
    0x73810000 0x28000 6.00.6000.16386 C:\Windows\system32\eappcfg.dll
    0x75770000 0x44000 6.00.6000.16386 C:\Windows\system32\bcrypt.dll
    0x72130000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll
    0x71ca0000 0x23000 6.00.6000.16386 C:\Windows\system32\wpdshserviceobj.dll
    0x731f0000 0x5f000 6.00.6000.16386 C:\Windows\system32\WINHTTP.dll
    0x709e0000 0x40000 6.00.6000.16386 C:\Windows\System32\srchadmin.dll
    0x034b0000 0x91000 6.83.0074.0009 C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    0x04bb0000 0xa4000 6.83.0092.0011 C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll
    0x75020000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
    0x74fc0000 0x18000 6.00.6000.16386 C:\Windows\system32\OLEPRO32.DLL
    0x767c0000 0x74000 6.00.6000.16386 C:\Windows\system32\comdlg32.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\Windows\system32\MSVCP71.dll
    0x7c340000 0x56000 7.10.3052.0004 C:\Windows\system32\MSVCR71.dll
    0x01fa0000 0xb000 6.83.0047.0001 C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
    0x05770000 0x87000 6.83.0015.0001 C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    0x709a0000 0x3c000 7.00.6000.16386 C:\Windows\system32\webcheck.dll
    0x6a8e0000 0x21c000 6.00.6000.16386 C:\Windows\System32\SyncCenter.dll
    0x71540000 0x39000 6.00.6000.16386 C:\Windows\system32\wscntfy.dll
    0x6ed80000 0xb000 6.00.6000.16386 C:\Windows\system32\WSCAPI.dll
    0x6b600000 0xf9000 6.00.6000.16386 C:\Windows\system32\bthprops.cpl
    0x720f0000 0xb000 6.00.6000.16386 C:\Windows\system32\mssprxy.dll
    0x72740000 0x2c000 6.00.6000.16386 C:\Windows\System32\QAgent.dll
    0x73100000 0x8a000 6.00.6000.16386 C:\Windows\System32\fwpuclnt.dll
    0x71510000 0x2b000 6.00.6000.16386 C:\Windows\system32\PortableDeviceTypes.dll
    0x6fb60000 0x46000 6.00.6000.16386 C:\Windows\system32\PortableDeviceApi.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 672
    Command line: winlogon.exe

    Base Size Version Path
    0x00ad0000 0x4e000 6.00.6000.16386 C:\Windows\system32\winlogon.exe
    0x77700000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
    0x76630000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
    0x76320000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
    0x75fd0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
    0x760a0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
    0x762d0000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
    0x76710000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
    0x75e50000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
    0x75660000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
    0x75fb0000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
    0x75e70000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
    0x77840000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.DLL
    0x76530000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
    0x75fc0000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
    0x76870000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
    0x75df0000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
    0x75330000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
    0x778f0000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
    0x76840000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
    0x77830000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
    0x75aa0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
    0x763e0000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
    0x73df0000 0x3e000 6.00.6000.16386 C:\Windows\system32\SHSVCS.dll
    0x75080000 0x3f000 6.00.6000.16386 C:\Windows\system32\uxtheme.dll
    0x753b0000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
    0x73c90000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
    0x75cc0000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
    0x75900000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
    0x75a40000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll
    0x10000000 0x14000 C:\Windows\system32\nnlki.dll
    0x77860000 0x8c000 6.00.6000.16609 C:\Windows\system32\oleaut32.dll
    0x76c30000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
    0x76aa0000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
    0x74d80000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
    0x76b00000 0x127000 7.00.6000.16609 C:\Windows\system32\urlmon.dll
    0x76980000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
    0x769d0000 0xcf000 7.00.6000.16609 C:\Windows\system32\WININET.dll
    0x77820000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll


    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 0928-7F7C

    Répertoire de C:\Windows\system32

    2006-11-02 10:45 7,680 csrss.exe
    1 fichier(s) 7,680 octets
    0 Rép(s) 46,640,852,992 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 0928-7F7C

    Répertoire de C:\Windows\Downloaded Program Files

    2008-01-19 22:58 <REP> .
    2008-01-19 22:58 <REP> ..
    2006-09-18 22:26 65 desktop.ini
    2005-04-07 16:59 191,488 DigWXMSN.dll
    2005-04-07 17:00 261 DigWXMSN.inf
    2002-07-25 17:13 24,576 dwusplay.dll
    2002-07-25 17:13 196,608 dwusplay.exe
    2007-04-13 02:14 382,344 GAME_UNO1.dll
    2007-01-17 15:44 316 GAME_UNO1.INF
    2007-06-28 14:18 907 GoPetsWeb.inf
    2007-06-29 22:34 448,024 GoPetsWeb.ocx
    2005-02-16 16:15 401,408 isusweb.dll
    2007-02-22 23:41 304,544 MessengerStatsPAClient.dll
    2007-02-28 14:21 142,248 SolitaireShowdown.dll
    12 fichier(s) 2,092,789 octets

    Total des fichiers listés :
    12 fichier(s) 2,092,789 octets
    2 Rép(s) 46,640,852,992 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..


    Liste des fichiers en exception sur le pare-feu XP SP2

    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]



    exports des policies
    REGEDIT4

    [System]
    "ConsentPromptBehaviorAdmin"=dword:00000002
    "ConsentPromptBehaviorUser"=dword:00000001
    "EnableInstallerDetection"=dword:00000001
    "EnableLUA"=dword:00000000
    "EnableSecureUIAPaths"=dword:00000001
    "EnableVirtualization"=dword:00000001
    "PromptOnSecureDesktop"=dword:00000001
    "ValidateAdminCodeSignatures"=dword:00000000
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "scforceoption"=dword:00000000
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "FilterAdministratorToken"=dword:00000000

    [System\UIPI]

    [System\UIPI\Clipboard]

    [System\UIPI\Clipboard\ExceptionFormats]
    "CF_TEXT"=dword:00000001
    "CF_BITMAP"=dword:00000002
    "CF_OEMTEXT"=dword:00000007
    "CF_DIB"=dword:00000008
    "CF_PALETTE"=dword:00000009
    "CF_UNICODETEXT"=dword:0000000d
    "CF_DIBV5"=dword:00000011



    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-16 15:38:57
    Windows 6.0.6000 NTFS

    scanning hidden services & system hive ...

    IPC error: 87 Le fichier spécifié est introuvable.
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:0d,01,07,17,79,b8,0c,4d,d1,b1,78,6c,51,f6,e5,54,95,c7,53,ce,84,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,2c,09,64,7b,1d,73,0a,d2,0c,1c,d0,50,f0,a3,7c,6a,62,..
    "khjeh"=hex:3d,77,1a,6d,d6,42,55,30,36,9f,c7,f0,9a,68,38,9b,2a,e1,4e,4f,9f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:31,6a,a5,c4,cf,39,e9,c7,3e,1f,3c,32,dd,2b,1e,ef,eb,e4,ad,87,83,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:0d,01,07,17,79,b8,0c,4d,d1,b1,78,6c,51,f6,e5,54,95,c7,53,ce,84,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,2c,09,64,7b,1d,73,0a,d2,0c,1c,d0,50,f0,a3,7c,6a,62,..
    "khjeh"=hex:3d,77,1a,6d,d6,42,55,30,36,9f,c7,f0,9a,68,38,9b,2a,e1,4e,4f,9f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:31,6a,a5,c4,cf,39,e9,c7,3e,1f,3c,32,dd,2b,1e,ef,eb,e4,ad,87,83,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0


    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Sorry, this version supports only Win2K/XP

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Sorry, this version supports only Win2K/XP
    16 Mars 2008 16:39:03

    Re,

    Sélectionne le contenu du cadre ci-dessous :

    Files to delete:
    C:\Windows\system32\ysvtxgdw.dll
    C:\Windows\System32\nnlki.dll
    C:\Windows\System32\ooccpenb.dll
    C:\Windows\System32\ysvtxgdw.dll
    C:\Windows\System32\casfwgcf.dll
    C:\Windows\System32\vuvgpqbm.dll
    C:\Windows\System32\wdgxtvsy.ini

    Folders to delete:
    C:\Windows\System32\09286d5d

    Copie-colle le contenu précis de ce cadre dans ton bloc note en l’ouvrant.
    Il ne doit manquer aucune ligne !

    Enregistre ce fichier sur ton bureau que tu renommeras remove.txt



    Télécharge The Avenger (de Swandog46)

    Dézippe le sur ton bureau.
    Lance le en double cliquant sur l’exe puis fais ok.
    Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
    Sélectionne ton fichier remove.txt se trouvant sur le bureau.

    Clique sur le feu vert puis sur oui.

    Le programme va te demander de redémarrer ton pc, accepte.

    Poste le rapport qui se trouve ici >>C:\avenger.txt<<
    16 Mars 2008 18:10:11

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File "C:\Windows\system32\ysvtxgdw.dll" deleted successfully.
    File "C:\Windows\System32\nnlki.dll" deleted successfully.
    File "C:\Windows\System32\ooccpenb.dll" deleted successfully.

    Error: file "C:\Windows\System32\ysvtxgdw.dll" not found!
    Deletion of file "C:\Windows\System32\ysvtxgdw.dll" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    A noter qu'aprés chaque reboot j'ai des message d'alerte qui me signalent l'absence des .dll, c'est normal que windows me fasse ca?
    16 Mars 2008 18:25:14

    Voui, il doit rester des traces dans le registre qu'on fixera via HijackThis.
    Tu as posté tout le rapport ?
    16 Mars 2008 18:28:22

    jviens de verifier apparement le txt affiché au démarage du pc est différent de celui présent dans C
    voila la totalité:


    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File "C:\Windows\system32\ysvtxgdw.dll" deleted successfully.
    File "C:\Windows\System32\nnlki.dll" deleted successfully.
    File "C:\Windows\System32\ooccpenb.dll" deleted successfully.

    Error: file "C:\Windows\System32\ysvtxgdw.dll" not found!
    Deletion of file "C:\Windows\System32\ysvtxgdw.dll" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist

    File "C:\Windows\System32\casfwgcf.dll" deleted successfully.
    File "C:\Windows\System32\vuvgpqbm.dll" deleted successfully.
    File "C:\Windows\System32\wdgxtvsy.ini" deleted successfully.

    Error: "C:\Windows\System32\09286d5d" is not a folder! It may instead be a file.
    Deletion of folder "C:\Windows\System32\09286d5d" failed!
    Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
    --> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


    Completed script processing.

    *******************


    16 Mars 2008 18:32:53

    Re,

    Supprime manuellement C:\Windows\System32\09286d5d

    Puis reposte un Hijack, où en sont tes problèmes ?
    16 Mars 2008 18:36:19

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:34, on 2008-03-16
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
    O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnlki.dll,#1
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [09287fd3] rundll32.exe "C:\Windows\system32\ysvtxgdw.dll",b
    O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
    O4 - HKCU\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Users\hp\AppData\Local\Temp\ehdenrnb.dll",s
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: Hush Messenger.lnk = ?
    O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14023 bytes

    Grace à toi j'arrive a acceder a explorateur windows maintenant ^^
    reste juste un tit souci: quand je met l'affchage en mode 'icone' les icones n'apparaissent pas
    16 Mars 2008 19:06:04

    et je n'arrive plus a mettre de fond d'écran (noir là)
    16 Mars 2008 19:17:20

    Quand tu auras fait ceci, on continuera :

    Le post que je t'ai mis plus haut, te disant de désinstaller des toolbars et de fixer des lignes par HIjackTHis.
    17 Mars 2008 14:01:52

    ah ui, j'arrivai meme pas a ouvrir le panneau de config lol
    voilà c'est fait :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:53, on 2008-03-17
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
    O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
    O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Hush Messenger.lnk = ?
    O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10789 bytes
    17 Mars 2008 14:52:00

    lc'est bon j'ai fixé les lignes
    17 Mars 2008 18:41:39

    Re,

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: {63afc1c0-e038-9998-b714-45998e9149cb} - {bc9419e8-9954-417b-8999-830e0c1cfa36} - C:\Windows\system32\ooccpenb.dll (file missing)
    O2 - BHO: (no name) - {FE95F9B6-C671-4486-8DDC-2EED1CB7974B} - C:\Users\hp\AppData\Local\Temp\iiiii.dll (file missing)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BM0a1b4c4f] Rundll32.exe "C:\Windows\system32\casfwgcf.dll",s
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\hp\AppData\Local\Temp\vturo.dll,#1
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

    Puis Fix Checked !

    ****

    VirusKepper est un antivirus comme avast! ? avec bouclier résident ..?

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
    17 Mars 2008 22:20:05


    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]

    Version information:
    BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 17:59:13
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 2008-03-07 17:59:14
    ANTIVIR3.VDF : 7.0.3.41 197632 Bytes 2008-03-17 17:59:14
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-17 17:59:14
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-17 17:59:14
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-03-17 20:26

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
    Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
    Scan process 'XAudio.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'NBService.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'Skype.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
    Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
    Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'QPService.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
    Scan process 'CNAB4RPK.EXE' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    60 processes with 60 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '19' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>


    End of the scan: 2008-03-17 21:29
    Used time: 1:03:45 min

    The scan has been done completely.

    17068 Scanning directories
    334811 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    334811 Files not concerned
    3901 Archives were scanned
    3 Warnings
    12 Notes
    17 Mars 2008 22:42:15

    Bien, plus de problèmes ?
    Reposte un Hijackthis.
    17 Mars 2008 23:28:55

    si: j'arrive pas à mettre de fond d'écran et j'ai encore des notification d'absence de dll
    17 Mars 2008 23:29:53

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:29, on 2008-03-17
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Hush Messenger.lnk = ?
    O4 - Global Startup: Canon LBP2900 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10002 bytes
    18 Mars 2008 14:51:14

    Tu n'as pas coché toutes les lignes comme je t'ai mis avant.

    Télécharge et exécute : http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    *****

    Quelles sont les dll dites comme manquantes ?
    18 Mars 2008 16:16:33

    ah oui jvien de verifier, j'avais laissé passer une ligne => corrigé
    18 Mars 2008 17:31:14

    Pas qu'une :p 
    18 Mars 2008 18:10:01

    rapport de clean:
    2008-03-18 a 16:09:10.95

    *** Recherche C:

    *** Recherche C:\Windows\

    *** Recherche C:\Windows\system32
    C:\Windows\system32\wininit.exe FOUND
    C:\Windows\system32\SBFC.dat FOUND
    C:\Windows\system32\SBRC.dat FOUND
    C:\Windows\system32\wininit.exe FOUND

    *** Recherche C:\Program Files
    (y'a rien aprés, bizare Oo)


    erf...pourtant j'ai verifié toutes les lignes que tu m'a demandé de fix sur ce topic :s:s
    18 Mars 2008 18:12:43

    Re,

    Télécharge AVG Anti-Spyware Installes-le.
    Si le lien ne fonctionne pas : >Clique ici<
    Lance AVG et fais une mise à jour.
    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
    Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
    Relance Avg.
    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
    A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
    Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
    Poste le ici.

    &

    Télécharger OTMoveIt2. ( de OldTimer)

  • Enregistrece fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Windows\system32\SBFC.dat
    C:\Windows\system32\SBRC.dat

  • Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller.
  • Clique sur le bouton rouge Moveit!.
  • Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Ferme OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
    23 Mars 2008 17:08:30

    re, sorry petite absence

    je ne trouve pas le rapport d'avg mais lors du scan il n'a trouvé que des cookies

    et pour otmoveit:
    File/Folder C:\Windows\system32\SBFC.dat not found.
    File/Folder C:\Windows\system32\SBRC.dat not found.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03232008_170652
    23 Mars 2008 19:31:47

    Bien, où en sont tes problèmes ?
    Reposte un HijackThis.
    24 Mars 2008 22:34:26

    reste le problème que je ne peut pas mettre de fond d'écran
    25 Mars 2008 22:07:57

    Snif.

    Essaie Combofix en mode sans échec ;) 
    27 Mars 2008 12:16:42

    hoplà
    problème résolu !!
    Merci pour ton aide plus que précieuse et surtout ta patience !! :) 
    ComboFix 08-03-25.4 - hp 2008-03-27 11:50:59.3 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.678 [GMT 1:00]
    Endroit: C:\Users\hp\Desktop\ComboFix.exe
    .
    TimedOut: Windir.dat
    -- Script messages for sUBs --
    GREP -Fis \baiso
    VFind -td "C:\Windows\system32\*"
    pv -d20000 * -t -l

    \SystemRoot\System32\smss.exe
    C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k DcomLaunch
    winlogon.exe

    VFind "C:\Program Files\Real\????.dll"
    pv -d40000 * -t -l

    \SystemRoot\System32\smss.exe
    C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k DcomLaunch
    winlogon.exe

    pv -d25000 * -t -l

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\BM0a1b4c4f.xml
    C:\Windows\pskt.ini
    C:\Windows\system32\x64

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_poof


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier cr‚‚ dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-27 11:01 --------- d-----w C:\Users\hp\AppData\Roaming\Skype
    2008-03-23 10:48 --------- d-----w C:\Users\hp\AppData\Roaming\Grisoft
    2008-03-23 10:48 --------- d-----w C:\PROGRA~2\Grisoft
    2008-03-21 14:37 73,216 ----a-w C:\Windows\ST6UNST.EXE
    2008-03-21 14:37 311,296 ------w C:\Windows\Setup1.exe
    2008-03-18 15:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-17 21:24 --------- d-----w C:\Program Files\Freecorder Toolbar
    2008-03-17 17:57 --------- d-----w C:\Program Files\Avira
    2008-03-17 17:57 --------- d-----w C:\PROGRA~2\Avira
    2008-03-16 20:39 --------- d-----w C:\Program Files\Google
    2008-03-16 20:39 --------- d-----w C:\Program Files\Freecorder
    2008-03-16 20:25 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-16 19:08 --------- d-----w C:\Users\hp\AppData\Roaming\BitTorrent
    2008-03-15 13:38 --------- d-----w C:\Program Files\Trend Micro
    2008-03-15 10:31 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-03-15 09:55 --------- d-----w C:\Users\hp\AppData\Roaming\Nero
    2008-03-15 09:46 --------- d-----w C:\Program Files\Common Files\Nero
    2008-03-15 09:35 --------- d-----w C:\Program Files\Nero
    2008-03-15 09:35 --------- d-----w C:\PROGRA~2\Nero
    2008-03-15 08:42 --------- d-----w C:\Program Files\BitComet
    2008-03-15 00:10 --------- d-----w C:\Program Files\CCleaner
    2008-03-14 22:13 --------- d-----w C:\Program Files\AxBx
    2008-03-14 20:39 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
    2008-03-14 14:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-03-14 13:01 --------- d-----w C:\Program Files\Logitech
    2008-03-13 16:39 --------- d-----w C:\Program Files\Hush Communications
    2008-03-13 16:38 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-13 08:17 --------- d-----w C:\Program Files\Windows Mail
    2008-03-13 08:11 --------- d-----w C:\PROGRA~2\Microsoft Help
    2008-03-08 16:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-04 22:26 --------- d-----w C:\Program Files\Windows Live
    2008-03-03 19:46 --------- d-----w C:\Program Files\Real
    2008-03-03 19:46 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-03-03 19:46 --------- d-----w C:\Program Files\Common Files\Real
    2008-03-03 08:19 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-03-02 09:43 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-03-02 09:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-02 09:39 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-02 09:25 --------- d-----w C:\PROGRA~2\WLInstaller
    2008-02-27 10:13 --------- d-----w C:\Users\hp\AppData\Roaming\DMCache
    2008-02-25 15:54 --------- d-----w C:\Program Files\Apple Software Update
    2008-02-25 15:54 --------- d-----w C:\PROGRA~2\Apple
    2008-02-23 22:07 --------- d-----w C:\Program Files\Alliance-RO_2.0
    2008-02-23 12:25 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-22 12:27 --------- d-----w C:\Program Files\TrueDownloader
    2008-02-15 16:28 --------- d-----w C:\Users\hp\AppData\Roaming\Sunbelt Software
    2008-02-14 16:47 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 16:44 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
    2008-02-14 16:44 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
    2008-02-14 16:44 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
    2008-02-14 16:44 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
    2008-02-14 16:44 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
    2008-02-14 16:44 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
    2008-02-14 16:44 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
    2008-02-14 16:44 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
    2008-02-14 16:39 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 16:39 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
    2008-02-14 16:39 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 16:39 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
    2008-02-14 16:39 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 16:39 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 16:38 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 16:38 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 16:37 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 16:37 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 16:37 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 16:37 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 16:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
    2007-09-02 14:32 174 --sha-w C:\Program Files\desktop.ini
    2007-08-11 10:12 0 ----a-w C:\Users\hp\AppData\Roaming\wklnhst.dat
    .
    1. <pre>
    2. ----a-w 325,204 2006-12-21 19:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
    3. </pre>



    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 09:10 1232896]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-13 23:41 20034600]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 09:26 1006264]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 07:02 815104]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-05 18:02 98304]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-05 18:05 106496]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-05 18:02 81920]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-01 13:24 77824]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-17 18:59 249896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Hush Messenger.lnk - C:\Windows\system32\javaw.exe [2007-02-01 13:25:05 135168]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    --------- 2003-11-10 16:06 406016 C:\Windows\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
    --a------ 2006-10-17 14:56 180224 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6ADF0487-6D14-4FCA-989B-C21EA102D33E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{8CA79458-46BF-47D8-9B58-2D5817FC6621}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{FF4B4CA9-D700-4375-98E1-822DCE60B45C}"= UDP:9692:BitComet 9692 TCP
    "{0BA83201-F3B7-4CDE-938E-A7C68E31DED0}"= TCP:9692:BitComet 9692 UDP
    "TCP Query User{3DB41A50-319C-4F6D-BBA1-BA62B248B427}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{2101B966-1EB0-4B4E-8186-09F2027B3018}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "TCP Query User{72CC2C7E-618C-4146-9477-E3AF0A8A4E64}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{5A702277-52B8-4C6D-9329-81BF7BC582A2}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{D1A1D700-C2DD-4AB1-98CA-7FFCC469A651}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{8A291FE8-230B-4C06-846A-EC028C4A7276}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{4C078A36-2558-4A1C-BDD4-CDEBA432B5D3}"= UDP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
    "{188D78C1-DD2C-4C75-B81B-0FA9F9A7386B}"= TCP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
    "TCP Query User{93D16B2A-3ED8-4A94-A8B5-C9C31F7D629F}C:\\program files\\internet download manager\\idman.exe"= UDP:C:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
    "UDP Query User{21518B6D-C097-4490-85C0-9CBAFE728218}C:\\program files\\internet download manager\\idman.exe"= TCP:C:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
    "{2963AF20-1A41-4BCE-8C0E-45B0D5919EE9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{FE939899-83D2-44CF-AC99-7F7298E5C82C}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{F08725A6-58E0-4E09-BDA3-4D7B300117D4}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "TCP Query User{2ECE11CF-003E-45F5-B8FB-55AB5F591C17}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{D8FFC004-B8B8-4692-96C7-40D97CCBF939}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{FF2F8782-39C6-431F-B415-D2B79910BFE2}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{E7C0A1BC-CBB6-495B-AB05-EAA2A9961993}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{C2786CDD-E20C-4BBB-885F-C5F4934E4716}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:p mc.exe
    "{06B4F88D-7E44-4B98-9DE6-792D7BF0D3A3}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:p mc.exe
    "{9F23ADC1-47D9-41B2-A9B4-F2AE9D54BDDC}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:p SST.exe
    "{B881374E-4751-4234-9EC3-ECD3A1D14E3A}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:p SST.exe
    "{817B7ADE-33CE-4130-949C-388F89AC4F7F}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:p MSInstallInit.exe
    "{C2F81333-F230-4D79-89F7-68CCB3CED143}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:p MSInstallInit.exe
    "{C6649F46-5664-4902-9664-4F7D91929A50}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:p MC.Tvtv.Wizard.exe
    "{C5D43870-7E9B-4D3A-8BC7-E52E48F0FFDD}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:p MC.Tvtv.Wizard.exe
    "TCP Query User{9F02A418-315E-49AD-8B4C-68F7510CDDD4}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{E3592257-2324-4E91-9A5E-BF78BED33CCF}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{68B9680B-99D8-4F18-9D1A-40761DDFB49C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4B4DBE3C-2412-4AC0-873E-0371B7902484}"= UDP:9692:BitComet 9692 TCP
    "{D4CF4E55-E10B-4908-BB9B-B384D8E4071D}"= TCP:9692:BitComet 9692 UDP
    "{99E7DE53-E41E-4432-AA10-35D8D378B398}"= Disabled:UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:p MCService
    "{0FEBE5F4-C194-4ADE-A55A-E90ADB12E594}"= Disabled:TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:p MCService
    "TCP Query User{15EC235F-FB5E-43A0-9A0F-67722E07F57D}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application
    "UDP Query User{86900462-C8E4-4D8D-84C8-3F7055F4939A}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application
    "{7D8DF740-7A00-4D8E-A729-D68BA1B305B7}"= Disabled:UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:p MCService
    "{751940FC-E7ED-4F1B-853C-645B76A698BB}"= Disabled:TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:p MCService
    "{7C9F437E-50FE-4364-A962-EC85770ED014}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{570EF092-2DAF-4DB4-A0FE-00AD32F8B973}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{CC4D144F-2B8B-46E8-97AB-DB1DDEB6583F}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{449EFBDF-97EA-4A95-A8BA-DDD0207BBBE3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{D2DADC03-2ED4-4A5A-BB5D-CD0CC0583AD3}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\Drivers\AF15BDA.sys [2006-11-03 11:46]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-05 19:29]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7506211-808c-11dc-898a-0016d31eaa47}]
    \shell\AutoRun\command - G:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f798e8a4-3ce2-11dc-9592-0016d31eaa47}]
    \shell\AutoRun\command - F:\arun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-14 14:00:22 C:\Windows\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-03-26 19:20:57 C:\Windows\Tasks\User_Feed_Synchronization-{C83E493A-5CC5-4C6A-8863-594B9C08BFAD}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-27 12:00:31
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Windows\system32\CNAB4RPK.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\conime.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-27 12:07:51 - machine was rebooted [hp]
    ComboFix-quarantined-files.txt 2008-03-27 11:07:41
    .
    2008-03-26 19:27:07 --- E O F ---


    (merci de prendre du temps pour ca , on le dit jamais assez ;) )
    27 Mars 2008 18:17:21

    Bien,

    reposte un HijackThis.
    31 Mars 2008 11:44:59

    Bonjour,

    Grâce à toi, j'ai pu corriger une partie de mon problème, mais j'ai pu constater qu'il y avait beaucoup de choses à vérifier après le passage de Combofix...
    J'ai ouvert un autre sujet (Topic - MS Juan, virus ou pas?), si tu as le temps de m'aider...
    Merci,
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS