Sujet Précédent Sujet Suivant

Malware defence

Fermé
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010 - 25 déc. 2009 à 21:37
 Utilisateur anonyme - 6 janv. 2010 à 20:58
Bonjour, à tous surtout à "moment de grâce". Je viens de voir les messages qu'il a posté concernant le même sujet sur le programme malware décence.

J'ai suivi toute les instruction qu'il a demandé.

Donc je poste les résultat du test RSIT ( Premier test): PREMIER MESSAGE
Le résultat du test Kill'em (mode analyse): Deuxième message
Le résultat su test kill'em (mode destruction): troisième message
A voir également:

48 réponses

Réponse 1 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 21:38
Logfile of random's system information tool 1.06 (written by random/random)
Run by titouss at 2009-12-25 21:19:03
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 439 MB (1%) free of 76 GB
Total RAM: 2047 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:05, on 25/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\titouss\AppData\Local\Temp\richtx64.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\titouss\AppData\Local\Temp\wscsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malware Defense\mdefense.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Users\titouss\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\titouss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll (file missing)
O2 - BHO: adssite - {bf997e78-651f-8c95-d6df-3cc9e49f223d} - C:\Windows\system32\278375cc-8ac1-7d7f-a437-81bcede0d6ba.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Internet Security Service] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [systems] c:\windows\inf\svchost.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\Users\titouss\AppData\Local\Temp\richtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
0
Réponse 2 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 21:40
List'em by g3n-h@ckm@n 1.1.6.1

Thx to Chiquitine29.....& CCM team

User : titouss (Administrateurs) # SIMON
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 21:07:54 | 25/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 7.0.6000.16945
Windows Firewall Status : Enabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

C:\ -> Disque fixe local | 74,52 Go (439,38 Mo free) [VistaOS] | NTFS
D:\ -> Disque fixe local | 67,69 Go (6,78 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe 456
C:\Windows\system32\csrss.exe 520
C:\Windows\system32\wininit.exe 580
C:\Windows\system32\csrss.exe 592
C:\Windows\system32\services.exe 624
C:\Windows\system32\lsass.exe 636
C:\Windows\system32\lsm.exe 644
C:\Windows\system32\svchost.exe 776
C:\Windows\system32\svchost.exe 852
C:\Windows\System32\svchost.exe 888
C:\Windows\system32\svchost.exe 932
C:\Windows\System32\svchost.exe 948
C:\Windows\system32\winlogon.exe 976
C:\Windows\System32\svchost.exe 1148
C:\Windows\System32\svchost.exe 1188
C:\Windows\system32\SLsvc.exe 1324
C:\Windows\system32\svchost.exe 1372
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 1688
C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1704
C:\Program Files\ATKGFNEX\GFNEXSrv.exe 1716
C:\Windows\System32\spoolsv.exe 1796
C:\Windows\system32\WLANExt.exe 1816
C:\Windows\system32\svchost.exe 1828
C:\Windows\system32\Dwm.exe 1844
C:\Windows\Explorer.EXE 1920
C:\Windows\system32\taskeng.exe 1624
C:\Program Files\ASUS\ASUS Live Update\ALU.exe 1176
C:\Program Files\Spyware Doctor\SDTrayApp.exe 772
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2100
C:\Program Files\ATK Hotkey\Hcontrol.exe 2116
C:\Program Files\ATKOSD2\ATKOSD2.exe 2124
C:\Program Files\Wireless Console 2\wcourier.exe 2132
C:\Program Files\ASUS\Splendid\ACMON.exe 2140
C:\Program Files\P4G\BatteryLife.exe 2148
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2168
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2184
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 2212
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 2236
C:\Windows\RtHDVCpl.exe 2244
C:\Program Files\PowerForPhone\PowerForPhone.exe 2280
C:\Windows\System32\rundll32.exe 2356
C:\Program Files\ATK Hotkey\ATKOSD.exe 2420
C:\Windows\System32\ACEngSvr.exe 2464
C:\Program Files\iTunes\iTunesHelper.exe 2484
C:\Program Files\Nero\Nero 7\InCD\InCD.exe 2504
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2544
C:\Program Files\ASUS\ATK Media\DMedia.exe 2572
C:\Windows\ASScrPro.exe 2592
C:\Windows\System32\rundll32.exe 2608
C:\Program Files\DAEMON Tools Lite\daemon.exe 2752
C:\Windows\ehome\ehtray.exe 2932
C:\Program Files\Windows Media Player\wmpnscfg.exe 2940
C:\Users\titouss\AppData\Local\Temp\richtx64.exe 2952
C:\Windows\ehome\ehmsas.exe 3000
C:\Program Files\Spyware Doctor\swdoctor.exe 3084
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 3196
C:\Program Files\Bonjour\mDNSResponder.exe 3272
C:\Windows\system32\svchost.exe 3284
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 3316
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 3452
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 3504
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 3524
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3556
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 3576
C:\Windows\system32\svchost.exe 3632
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 3696
C:\Program Files\Spyware Doctor\svcntaux.exe 3716
C:\Program Files\Spyware Doctor\swdsvc.exe 3756
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 3848
C:\Windows\system32\svchost.exe 3880
C:\Windows\System32\svchost.exe 3932
C:\Windows\system32\SearchIndexer.exe 3972
C:\Users\titouss\AppData\Local\Temp\wscsvc32.exe 2896
C:\Program Files\Windows Media Player\wmpnetwk.exe 1848
C:\Program Files\iPod\bin\iPodService.exe 1496
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe 2908
C:\Windows\system32\wuauclt.exe 4344
C:\Program Files\Malware Defense\mdefense.exe 5356
C:\Windows\system32\conime.exe 5548
C:\Program Files\Mozilla Firefox\firefox.exe 4704
C:\Windows\system32\wbem\wmiprvse.exe 2196
C:\Windows\system32\NOTEPAD.EXE 5996
C:\Program Files\Internet Explorer\Iexplore.exe 5420
C:\Windows\system32\SearchProtocolHost.exe 5396
C:\Windows\system32\SearchFilterHost.exe 4116
C:\Program Files\List_Kill'em\List_Kill'em.exe 5256
C:\Windows\system32\cmd.exe 6084
C:\Users\titouss\AppData\Local\Temp\CD4E.tmp\pv.exe 5148

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Internet Security Service REG_SZ c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
systems REG_SZ c:\windows\inf\svchost.exe
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
richtx64.exe REG_SZ C:\Users\titouss\AppData\Local\Temp\richtx64.exe
Malware Defense REG_SZ "C:\Program Files\Malware Defense\mdefense.exe" -noscan

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SDTray REG_SZ "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Symantec PIF AlertEng REG_SZ "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
SMSERIAL REG_SZ C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
PowerForPhone REG_SZ C:\Program Files\PowerForPhone\PowerForPhone.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
InCD REG_SZ C:\Program Files\Nero\Nero 7\InCD\InCD.exe
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
ATKMEDIA REG_SZ C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
ASUS Screen Saver Protector REG_SZ C:\Windows\ASScrPro.exe
ASUS Camera ScreenSaver REG_SZ C:\Windows\ASScrProlog.exe
Windows Defender REG_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe REG_SZ C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf997e78-651f-8c95-d6df-3cc9e49f223d}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.asus.com/fr/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x2
SharedAccess : 0x3
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x4

=========


D:\Autorun.inf :
----------------
[autorun]
shellexecute=wscript.exe MS32DLL.dll.vbs
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\ProgramData\Desktop
C:\ProgramData\Documents
C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\Adssite Games Collection
C:\Program Files\Everest Poker
C:\Program Files\Malware Defense
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\Windows\System32\adssite-remove.exe
C:\Windows\System32\cont_adssite-remove.exe
C:\Windows\System32\adssite-remove.exe
C:\Windows\System32\drivers\etc\hosts.msn
C:\Windows\system32\krl32mainweq.dll
C:\Windows\System32\nvs2.inf
C:\Windows\System32\rightonadz-uninst.exe
C:\Users\titouss\LOCAL Settings\Temp\aupd.exe
C:\Users\titouss\LOCAL Settings\Temp\CTun.exe
C:\Users\titouss\LOCAL Settings\Temp\d2l_Install.exe
C:\Users\titouss\LOCAL Settings\Temp\EBU2298.exe
C:\Users\titouss\LOCAL Settings\Temp\EBUA3C8.exe
C:\Users\titouss\LOCAL Settings\Temp\Install.exe
C:\Users\titouss\LOCAL Settings\Temp\Install_WLMessenger.exe
C:\Users\titouss\LOCAL Settings\Temp\msnsearch.exe
C:\Users\titouss\LOCAL Settings\Temp\nircmd.exe
C:\Users\titouss\LOCAL Settings\Temp\NSIS_SpywareSecure_trial_setup.exe
C:\Users\titouss\LOCAL Settings\Temp\pv.exe
C:\Users\titouss\LOCAL Settings\Temp\richtx64.exe
C:\Users\titouss\LOCAL Settings\Temp\s3fk.4.exe
C:\Users\titouss\LOCAL Settings\Temp\vfind.exe
C:\Users\titouss\LOCAL Settings\Temp\war3_install.exe
C:\Users\titouss\LOCAL Settings\Temp\wscsvc32.exe
C:\Users\titouss\LOCAL Settings\Temp\xyeoxm6a.exe
C:\Users\titouss\LOCAL Settings\Temp\~cln4D68.exe
C:\Users\titouss\LOCAL Settings\Temp\INSTALL.EXE
C:\Users\titouss\local settings\Temp\pack.epk
C:\Users\titouss\LOCAL Settings\Temp\tmp104D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp104E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp104F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1050.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp10F4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp10F5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp10F6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp10F7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1100.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1101.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1102.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1103.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1104.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1105.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1106.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1113.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp111F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1120.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1121.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1122.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp11A0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp11A1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp11A2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp11A3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp11BC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp11BD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp11BE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp11BF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1232.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1233.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1234.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1235.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp125C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp125D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp125E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp125F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp126E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp126F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1270.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1271.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1277.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1278.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1279.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp127A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1332.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1333.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1334.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1335.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1363.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1365.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1366.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1382.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1383.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1384.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1385.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp139F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13A0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13A1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13A2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13B3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13B4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13B5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13B6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13B7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13B8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13B9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13BA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13BB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13BC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13BD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13BE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13BF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13C0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13C1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13D0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13D1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13D2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13D3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13D4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13D5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13D6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13E4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13E5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13E6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13E7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13E8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp13E9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1439.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1450.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1459.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp145A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp145B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1461.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1462.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1463.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp149D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp149E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp149F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp14A0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1563.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1564.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1575.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1576.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1586.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1587.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1588.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1599.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp15DB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp15DC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp15DD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp15DE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp161D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp161E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp161F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1620.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1621.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1641.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1642.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1653.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1654.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1655.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1656.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1657.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1658.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1659.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp165A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp165B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp165C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp165D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp165E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp165F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp16F2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp16F3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp16F4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp16F5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp16F9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp170A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp170B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp170C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp17A0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp17A1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp17A2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp17A3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1852.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1865.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1866.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1867.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1877.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1880.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1881.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1882.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1883.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18BA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18BB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18BC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18BD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18CA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18CB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18CC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18CD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18CE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18CF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18D0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp18F0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp195A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp195B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp195C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp195D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp195E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp195F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1960.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1961.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1962.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1963.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1964.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1965.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1966.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1972.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1973.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1974.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1975.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1976.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1977.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1978.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1988.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1989.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp198A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp198B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp198C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp198D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp199D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp199E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp199F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19B8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19B9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19BA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19C3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19C4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19C5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19C6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19D3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19D4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19D5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp19D6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1A3E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1A4E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1A4F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1A60.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1A79.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1A7A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1A7B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1A7C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1B6B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1B6C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1B6D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1B7D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1CC4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1CC5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1CC6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1CC7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D26.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D27.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D28.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D29.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D2A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D4A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D4B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D4C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D4D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D4E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D58.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D5E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D5F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D60.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D61.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D62.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D63.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D64.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D65.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D66.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D67.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D88.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D89.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D8A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1D8B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DAA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DAB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DAC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DAD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DBC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DBD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DDE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DDF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DF9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DFA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DFB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1DFC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E1C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E1D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E1E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E1F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E22.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E23.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E24.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E25.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E26.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E27.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E28.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E29.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E2A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E2B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E2C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E2D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E30.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E31.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E32.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E33.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E3E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E3F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E40.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E41.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E42.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E43.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E44.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E45.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E46.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E47.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E48.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E49.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E4A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E58.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E59.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E5A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1E8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1EEA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1EEB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1EEC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1EED.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F0E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F0F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F10.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F11.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F12.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F13.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F14.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F15.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1F92.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FA2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FA3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FB4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FFC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FFD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FFE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp1FFF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp200.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp202A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp202B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp202C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp202D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp203F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2040.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2041.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2042.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2053.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2054.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2055.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2056.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2063.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2064.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2065.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2066.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2067.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2077.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2078.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2079.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2090.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2091.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2092.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2093.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2094.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2095.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2096.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2097.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp211D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp211E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp211F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2120.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2143.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2144.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2145.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2146.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2175.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2176.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2177.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2178.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2200.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2201.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2202.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2203.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2237.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2238.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2239.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp223A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2256.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2257.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2258.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2259.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp225A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp225B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp225C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp225D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp225E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp225F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2260.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2261.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp227B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp227C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp227D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp227E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2371.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2372.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2373.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2374.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp238E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp238F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2390.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2391.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp23DC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp23DD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp23DE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp23DF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp247.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp248.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp249.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp24C8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp24C9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp24CA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp24CB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp24EE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp24EF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp24F0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp24F1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp253C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp253D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp253E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp253F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2540.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2541.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2542.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2543.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp254B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp254C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp255D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp255E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp25A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp26.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2603.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2604.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2605.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2606.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2749.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp274A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp274B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp274C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp274D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp274E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp274F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2750.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2761.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp276D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp276E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp276F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2770.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2771.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2772.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2773.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2784.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2785.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2786.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp278D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp278E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp278F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2790.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2792.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2793.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2794.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2797.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2798.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2799.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp279A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp279B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27E3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27E4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27E5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27E6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27FB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27FC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27FD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp27FE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2809.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp282A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp282B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp282C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2845.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2855.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2865.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2866.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2867.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2868.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2877.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2878.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2896.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28A0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28A1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28A2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28A3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28B6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28B7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28B8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28C5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28C6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28D8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28E1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28E2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28E3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28E7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28F4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28FC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28FD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28FE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp28FF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29A7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29A8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29A9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29AA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29C9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29CA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29CB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29CC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp29F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A07.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A08.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A09.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A0A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A16.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A26.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A27.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A28.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A5D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A5E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A5F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A60.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A76.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A77.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A78.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A79.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A7A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A7B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A7C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A7D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A7E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A7F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A80.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A81.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A82.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A83.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A84.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A85.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A86.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A87.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A97.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A98.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A99.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A9A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2A9B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2AAC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2AAF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2AB0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2AB1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2AB2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2B2F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2B30.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2B31.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2B52.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2BA1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2BA2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2BA3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2BA4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2BAA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2BAB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2BAC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2BAD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C12.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C13.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C14.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C15.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C5D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C5E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C5F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C60.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C63.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C71.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C83.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C84.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C85.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C87.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C88.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C89.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2C8A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2D08.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2D09.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2D0A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2D0B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2D6C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2D6D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2D7E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2DE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2DF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E1B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E1C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E1D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E1E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E42.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E43.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E44.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E45.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E46.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E47.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E48.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E49.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E4A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E4B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E4C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E5C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E5D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E5E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E6F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E70.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E71.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E72.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E73.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E74.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E75.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E76.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E86.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2E97.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2EE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2EF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F15.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F16.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F17.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F18.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F29.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F2A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F2B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F2C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F2D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F2E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F2F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F30.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F31.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F32.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F33.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F34.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F35.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F38.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F3F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F40.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F41.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F42.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F43.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F45.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F53.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F54.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F55.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F56.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F57.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F58.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F59.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F5A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F5B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F5C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F5D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F65.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F76.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F7D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F7E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F7F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp2F90.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3056.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3057.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3058.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3059.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp306C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp306D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp306E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp306F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp307A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp307B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp307C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp307D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp310.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp313E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp313F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3140.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3141.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3142.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3143.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3154.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3155.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3156.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3157.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3158.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3159.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp315A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp315B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp315C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp315F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3160.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3161.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3162.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp316C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp316D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3171.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3172.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3173.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3174.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp317E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp317F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3180.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3186.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3187.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3188.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3189.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31AB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31AC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31AD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31AE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31CF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31D4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31D5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31D6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31D7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31E0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31E1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31E2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31EB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31EC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31ED.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31EE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp31FA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3214.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3215.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3225.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3226.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3239.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3243.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3244.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3245.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3246.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3249.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp324A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp324B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3265.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3266.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3267.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3268.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp327C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp327D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp327E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp327F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3282.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3283.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3284.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3285.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3287.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3298.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3299.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp329A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp329F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp32A0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp32A1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp32A2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp337.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp338.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp339.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33AA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33AB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33AC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33AD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33B6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33B7.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33B8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33B9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33BA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33BB.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33BC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33BF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33C0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33C9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33CC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33D1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33D2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33ED.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33EE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp33EF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3448.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3449.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp344A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp344B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34C8.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34C9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34E9.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34EA.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34F3.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34F4.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34F5.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp34F6.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp351E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp351F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3520.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3521.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3522.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3532.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3533.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3534.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3541.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3542.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3543.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3544.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3552.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3553.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3554.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3555.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp355B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp355C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp355D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp355E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp35B0.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp35B1.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp35B2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp35C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp35D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp35D2.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp360D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp360E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3629.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp362A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp362B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp362C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3664.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3665.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3666.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3667.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp36AC.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp36AD.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp36AE.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp36AF.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3707.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3708.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3709.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp370A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3712.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3713.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3714.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3715.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3726.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3727.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3728.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3767.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp3769.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp376A.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp376B.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp376C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp378C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp378D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp379E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp379F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp387C.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp387D.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp387E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp387F.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp388E.tmp
C:\Users\titouss\LOCAL Settings\Temp\tmp388F.tmp
0
Réponse 3 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 21:46
Bonjour,

Je viens de poster deux messages mais je ne sais pas si le troisième est passer je vais encore essayé de le faire.
0
Réponse 4 / 48
Utilisateur anonyme
25 déc. 2009 à 21:50
salut pour le transmettre :

clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 48
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 déc. 2009 à 21:52
Salut,

Tu es très infecté ... -_-'


Télécharge UsbFix (de C_XX , Chiquitine29, Chimay8)


▶ Lance le fichier téléchargé, ne touche pas aux paramètres de l'installe !.

Branche tes sources de données externes à ton PC, (Clé USB, disque dur externe, carte mémoire, appareil photo ...) susceptible d'avoir été infectés , mais sans les ouvrir

▶ Double clique sur le raccourci UsbFix sur ton bureau

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu choisis l'option 2 ( Suppression )

▶ Ton bureau disparaîtra et le PC redémarrera . (c'est normal)

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche a rien.

▶ Une fois terminé, Poste le rapport UsbFix.txt qui apparaîtra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

Aide : :
Comment Utiliser UsbFix

###

▶ Rends sur cette page .

▶ Clique sur "parcourir" et va jusqu'au fichier UsbFix_Upload_Me_xxxx.zip qui se trouve sur ton bureau .

▶ Clique sur "Envoyer le fichier" , et patiente jusqu'à la fin du transfère .

▶ Une fois terminé , tu peux supprimer le fichier UsbFix_Upload_Me_xxxx.zip ...

Merci d'avoir envoyé le fichier , cela permettra aux auteurs de cet l'outil de travailler sur ce type d'infection et d'aider ainsi à ce que UsbFix soit de plus en plus performant . ^^


=============

Tu as un infection Navipromo

Les programmes suivants sont a éviter :

- Funky Emoticons
- Games-Attack
- Original-Solitaire
- Go-Astro
- GoRecord
- HotTVPlayer
- Live-Player
- MailSkinner
- Messenger Skinner
- Instant Access
- InternetGameBox
- Sudoplanet
- WebMediaPlayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
- SuperSexPlayer
- Sur le site www.games-desktop.com (n'allez pas dessus!!)


Télécharge Navilog1 (de IL-MAFIOSO) sur ton bureau.

▶ Ensuite double clique sur Navilog1.exe pour lancer l'installation.

▶ Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

▶ Laisse-toi guider. Au menu principal, choisis 1 et valide.

▶ Patiente jusqu'au message :
****** Scan terminé le ..... ******

▶ Appuie sur une touche comme demandé, le bloc notes va s'ouvrir.

Copie-colle l'intégralité dans une réponse. Referme le bloc notes

NOTE: Le rapport est en outre sauvegardé à la racine du disque (cleannavi.txt)

============

Télécharge Yoog_Fix (Batch_Man) sur ton Bureau.

! Déconnecte toi d'internet ferme toutes tes applications en cours !

▶ Double-clique sur Yoog_Fix.exe, choisis 1 pour Français et valide .

▶ Un disclamer apparaît, clique sur OK , puis choisis l'option 1 ( Recherche )


▶ Attend que le scan se fasse, un rapport va s'ouvrir.

=> Poste le dans ta prochaine réponse.

Tutoriel recherche

NOTE: le rapport est à la racine de ton disque sous le nom de Yoog_Fix.txt
0
Réponse 6 / 48
Utilisateur anonyme
25 déc. 2009 à 21:54
j'aurais bien lu mon rapport de suppression avant ^^
0
Réponse 7 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 22:42
merci pour ses programmes je ne sais pas trop a quoi il serve mais je te fait confiance, je t'envoie les résultats très vite.

Merci.
0
Réponse 8 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 22:52
voila le raport Navilog1

Fix Navipromo version 4.0.5 commencé le 25/12/2009 22:39:44,02

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Default System BIOS
USER : titouss ( Administrator )
BOOT : Normal boot

Antivirus : Malware Defense 1.0 (Activated)


C:\ (Local Disk) - NTFS - Total:74 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:67 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


c:\users\titouss\appdata\local\virtua~1\progra~1\InternetGamebox supprimé !
C:\Users\titouss\AppData\Local\khmjgk.exe supprimé !
C:\Users\titouss\AppData\Local\khmjgk.dat supprimé !
C:\Users\titouss\AppData\Local\khmjgk_nav.dat supprimé !
C:\Users\titouss\AppData\Local\khmjgk_navps.dat supprimé !


Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\titouss\AppData\Local\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !



*** Scan terminé 25/12/2009 22:48:45,12 ***
0
Réponse 9 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 23:03
et voici le scan du yoog-fix

Yoog_Fix 3.0.1 by Batch_Man | titouss (Administrator)
Start at 22:59 le 25/12/2009
Microsoft® Windows Vista(6.0.6000)

Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Ram : 2046,6 Mo
Normal boot

Antivirus: Malware Defense 1.0 (Activated)
UAC : OFF
Launched from "C:\Users\titouss\Desktop\Yoog_Fix.bat"

C:\ [Fixed] - NTFS - (Total:76312 Mo/Free:3649 Mo)
D:\ [Fixed] - NTFS - (Total:69311 Mo/Free:2849 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Option [1] 2 Search / Remove

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Remove: Files / Folders / Keys / Firefox prefs]

DELETED - C:\Program Files\Mozilla Firefox\components\nsadssite.dll
DELETED - C:\Program Files\Mozilla Firefox\components\nsbads.dll
DELETED - C:\Windows\System32\146d36cd-8c47-d0bb-e8c7-1b460685a279.exe
DELETED - C:\Windows\System32\whoiscl.exe
DELETED - C:\Windows\system32\278375cc-8ac1-7d7f-a437-81bcede0d6ba.dll

DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\146d36cd-8c47-d0bb-e8c7-1b460685a279
DELETED - HKLM\SOFTWARE\Classes\CLSID\{bf997e78-651f-8c95-d6df-3cc9e49f223d}
DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf997e78-651f-8c95-d6df-3cc9e49f223d}
DELETED - HKLM\SOFTWARE\Classes\CLSID\{bf997e78-651f-8c95-d6df-3cc9e49f223d}
DELETED - HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope
DELETED - HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}
DELETED - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}
DELETED - HKLM\SOFTWARE\Classes\optimizer.adssite2
DELETED - HKLM\SOFTWARE\Classes\optimizer.adssite2.1
DELETED - HKCU\software\microsoft\adssite
DELETED - HKCU\software\microsoft\hid_layer
DELETED - HKLM\software\microsoft\windows\currentversion\uninstall\adssite
DELETED - HKLM\software\microsoft\windows\currentversion\uninstall\rightonadz
DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteGames

DELETED - prefs.js [titouss - 5n5tqwm3.default] user_pref("browser.search.defaultenginename", "Yoog Search");
DELETED - prefs.js [titouss - 5n5tqwm3.default] user_pref("browser.search.defaulturl", "http://www1.yoog.com/search.php?q=");
DELETED - prefs.js [titouss - 5n5tqwm3.default] user_pref("browser.search.selectedEngine", "Yoog Search");
DELETED - prefs.js [titouss - 5n5tqwm3.default] user_pref("keyword.URL", "http://www1.yoog.com/search.php?q=");
DELETED - user.js [titouss - 5n5tqwm3.default] user_pref("browser.search.defaultenginename", "Yoog Search");
DELETED - user.js [titouss - 5n5tqwm3.default] user_pref("browser.search.defaulturl", "http://www1.yoog.com/search.php?q=");
DELETED - user.js [titouss - 5n5tqwm3.default] user_pref("browser.search.selectedEngine", "Yoog Search");
DELETED - user.js [titouss - 5n5tqwm3.default] user_pref("keyword.URL", "http://www1.yoog.com/search.php?q=");

------------[Suspects]

Aucun fichier suspect trouvé


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Search: Analysis of Firefox]


------------[Analysis of Firefox]


Mozilla Firefox 3.0.16 (fr)
Install Directory : C:\Program Files\Mozilla Firefox
Path: C:\Users\titouss\AppData\Roaming\Mozilla\Firefox\Profiles\5n5tqwm3.default


------------[Firefox Extensions]

[titouss] NPDyyno@dyyno.com = Simple Dyyno Launcher
[titouss] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[titouss] {3112ca9c-de6d-4884-a869-9855de68056c} = Google Toolbar for Firefox

{3112ca9c-de6d-4884-a869-9855de68056c} = C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
{20a82645-c095-46ed-80e3-08825760534b} = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

------------[Mozilla Plugins]

Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe© Flash© Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.22.87

GeckoVersion = 1.7.2
Path = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5


------------[Search Plugins]

[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google-com.xml = https://www.google.com/?gws_rd=ssl
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/

------------[Listing of folders]

[18/12/2009 18:59 | 23000 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[18/12/2009 18:59 | 134616 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[07/08/2007 12:35 | 49152 bytes] C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[15/08/2007 19:15 | 69632 bytes] C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[18/12/2009 18:59 | 65496 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[27/10/2006 04:12 | 16192 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[04/02/2008 17:49 | 663072 bytes] C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[10/05/2007 21:52 | 95864 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[22/12/2008 18:36 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Search: Registry Analysis]

Internet Explorer : 7.0.6000.16945

L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
L1 = HKCU\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Window Title = Windows Internet Explorer
L1 = HKU\.DEFAULT\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKU\S-1-5-21-4042420907-3840879848-1767098931-1000\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
L1 = HKU\S-1-5-21-4042420907-3840879848-1767098931-1000\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKU\S-1-5-21-4042420907-3840879848-1767098931-1000\..\Main.Window Title = Windows Internet Explorer
L1 = HKU\S-1-5-18\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.asus.com/fr/

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm

--------[Browser Helper Object]

BHO: {53707962-6F74-2D53-2644-206D7942484F},@SANS NOM=(valeur non d‚finie)
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=(valeur non d‚finie)
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=(valeur non d‚finie)

--------[SearchScopes]

[HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}],@DisplayName=Crawler Search
[HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\..\SearchScopes\{2AD0EF2D-9361-46E6-8E46-817B37A91C1A}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-4042420907-3840879848-1767098931-1000\..\SearchScopes\{DD36DD87-FE9F-4216-B10C-C85A024ED232}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}],@DisplayName=Crawler Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2AD0EF2D-9361-46E6-8E46-817B37A91C1A}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD36DD87-FE9F-4216-B10C-C85A024ED232}],@DisplayName=@ieframe.dll,-12512

--------[Extensions]


--------[Run Key]


------------[Others infections]




»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Others reports]


[25/12/2009 23:01] C:\Yoog_Fix\Logs\Rapport_25_12_2009_n1.txt - (Choice 1 : Search / Remove)

-------------------------->>

Please upload the file C:\Yoog_Fix\Backups\Backup_25_12_2009_1.zip at : http://batchdhelus.open-web.fr/upload
How to use : http://batchdhelus.open-web.fr/upload/procedure.html

If the procedure fails, please send the file at yoog.fix.sav@gmail.com


+--------------[End at 23h 01min]
0
Réponse 10 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 23:04
Merci pour ton aide en tout cas j'espère que ces scan vont pouvoir t'aider
0
Réponse 11 / 48
Utilisateur anonyme
25 déc. 2009 à 23:10
simoncoutu , peux-tu poster ceci stp ? :

C:\Kill'em.txt
0
Réponse 12 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 23:16
Pardon mais pour ce dossier tu veux le dossier de recherche ou de destruction ?
0
Réponse 13 / 48
Utilisateur anonyme
25 déc. 2009 à 23:19
le fichier texte de destruction stp
0
Réponse 14 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 23:29
voila le fichier qui sort du scan

Kill'em by g3n-h@ckm@n 1.1.6.1

User : titouss (Administrateurs) # SIMON
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 23:22:18 | 25/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 7.0.6000.16945
Windows Firewall Status : Enabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

C:\ -> Disque fixe local | 74,52 Go (3,52 Go free) [VistaOS] | NTFS
D:\ -> Disque fixe local | 67,69 Go (6,78 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe 456
C:\Windows\system32\csrss.exe 520
C:\Windows\system32\wininit.exe 580
C:\Windows\system32\csrss.exe 592
C:\Windows\system32\services.exe 624
C:\Windows\system32\lsass.exe 636
C:\Windows\system32\lsm.exe 644
C:\Windows\system32\svchost.exe 772
C:\Windows\system32\winlogon.exe 860
C:\Windows\system32\svchost.exe 888
C:\Windows\System32\svchost.exe 932
C:\Windows\System32\svchost.exe 1020
C:\Windows\System32\svchost.exe 1084
C:\Windows\system32\svchost.exe 1132
C:\Windows\system32\SLsvc.exe 1228
C:\Windows\system32\svchost.exe 1292
C:\Windows\system32\svchost.exe 1428
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 1600
C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1612
C:\Program Files\ATKGFNEX\GFNEXSrv.exe 1632
C:\Windows\system32\WLANExt.exe 1640
C:\Windows\System32\spoolsv.exe 1760
C:\Windows\system32\svchost.exe 1804
C:\Windows\system32\Dwm.exe 1456
C:\Windows\Explorer.EXE 1772
C:\Windows\system32\taskeng.exe 2008
C:\Program Files\ASUS\ASUS Live Update\ALU.exe 376
C:\Program Files\ATK Hotkey\Hcontrol.exe 1184
C:\Program Files\ATKOSD2\ATKOSD2.exe 1792
C:\Program Files\Wireless Console 2\wcourier.exe 1356
C:\Program Files\ASUS\Splendid\ACMON.exe 2052
C:\Program Files\P4G\BatteryLife.exe 2060
C:\Windows\System32\ACEngSvr.exe 2328
C:\Program Files\ATK Hotkey\ATKOSD.exe 2536
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2944
C:\Program Files\Bonjour\mDNSResponder.exe 3028
C:\Windows\system32\svchost.exe 3040
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 3072
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 3236
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 3296
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 3320
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3340
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 3372
C:\Windows\system32\svchost.exe 3396
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 3408
C:\Program Files\Spyware Doctor\svcntaux.exe 3436
C:\Program Files\Spyware Doctor\swdsvc.exe 3552
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 3636
C:\Program Files\Spyware Doctor\SDTrayApp.exe 3648
C:\Windows\system32\svchost.exe 3664
C:\Windows\System32\svchost.exe 3704
C:\Windows\system32\SearchIndexer.exe 3768
C:\Windows\system32\wbem\wmiprvse.exe 2148
C:\Windows\system32\taskeng.exe 1828
C:\Windows\system32\wbem\wmiprvse.exe 2972
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2840
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2908
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2652
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 2020
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 3276
C:\Windows\RtHDVCpl.exe 3696
C:\Program Files\PowerForPhone\PowerForPhone.exe 3760
C:\Windows\System32\rundll32.exe 2076
C:\Windows\System32\rundll32.exe 3996
C:\Program Files\iTunes\iTunesHelper.exe 2152
C:\Program Files\Nero\Nero 7\InCD\InCD.exe 2204
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2220
C:\Program Files\ASUS\ATK Media\DMedia.exe 2276
C:\Windows\ASScrPro.exe 2096
C:\Program Files\DAEMON Tools Lite\daemon.exe 1072
C:\Windows\ehome\ehtray.exe 1444
C:\Program Files\Windows Media Player\wmpnscfg.exe 3060
C:\Windows\ehome\ehmsas.exe 2760
C:\Program Files\Windows Media Player\wmpnetwk.exe 3660
C:\Program Files\iPod\bin\iPodService.exe 4248
C:\Windows\system32\wuauclt.exe 5264
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe 5952
C:\Windows\system32\conime.exe 5412
C:\Program Files\List_Kill'em\List_Kill'em.exe 4520
C:\Windows\system32\cmd.exe 1544
C:\Users\titouss\AppData\Local\Temp\4356.tmp\pv.exe 2588

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :



¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :


==============
host file OK !
==============

========
Registry
========

============
Disk Cleaned
============

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 15 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 23:30
Même si je pense que ce n'est pas terminer merci beaucoup pour ton aide je n'est plus les messages d'alerte du virus malware defence c'est génial.
0
Réponse 16 / 48
Utilisateur anonyme
25 déc. 2009 à 23:36
non c est le premier rapport que tu as eu qui m interessait....le fait de refaire l option 2 l'a supprimé...tant pis

Merci quand meme , je laisse Fix200 continuer...@+
0
Réponse 17 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 23:38
haaaaa désoler pour sa.
Merci de ton aide en tout cas !!!
0
Réponse 18 / 48
Utilisateur anonyme
25 déc. 2009 à 23:40
je te conseille juste de desinstaller spyware doctor par contre
0
Réponse 19 / 48
simoncoutu Messages postés 28 Date d'inscription vendredi 25 décembre 2009 Statut Membre Dernière intervention 6 janvier 2010
25 déc. 2009 à 23:44
merci du conseil
0
Réponse 20 / 48
Utilisateur anonyme
25 déc. 2009 à 23:46
desinstalle aussi List_Kill'em il ne te servira plus
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses
Problème de malware
jbijp -
MisteryBean -

1 réponse
je n'arrive pas a supprimer un virus sur mon téléphone
nath340 -
christou -

26 réponses