Se connecter / S'enregistrer
Votre question

Faux reboot,antivirus en fond d'écran

Tags :
  • Sécurité
  • Écrans
Dernière réponse : dans Sécurité et virus
25 Août 2008 03:20:07

Bonsoir depuis quelques heures j'ai un nouveau fond d'écran impossible à changer puisque dans affichage j'ai perdu certaines options et puis je suis partis pendant environ quelque minute,à mon retour je vois un ecran bleu puis l'ordinateur reboot encore l'écran il reboot moi j'appuie f8 et là il me remets les pages internet que j''était en train de regardé comme si je l'avais simplement mis en veille quelqun peut m'aidé ?

voici un rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:19:07, on 25/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SVCHOST.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\a.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\leidflld.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lphcn3jj0e5fa] C:\WINDOWS\system32\lphcn3jj0e5fa.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7056 bytes

Aidez moi s'il vous plait,merci.

Autres pages sur : faux reboot antivirus fond ecran

25 Août 2008 10:14:56

Bonjour,

Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre ;) 

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    Note : Si SDFix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci:
    Citation :
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDFix.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.

    ;) 
    25 Août 2008 13:53:55


    SDFix: Version 1.219
    Run by Administrateur on 25/08/2008 at 13:38

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Default Desktop Wallpaper
    Restoring Default ScreenSaver value
    Restoring Missing Security Center Service

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\lphcn3jj0e5fa.exe - Deleted
    C:\WINDOWS\system32\phcn3jj0e5fa.bmp - Deleted
    C:\WINDOWS\system32\blphcn3jj0e5fa.scr - Deleted
    C:\autorun.inf - Deleted
    C:\Documents and Settings\Administrateur\Local Settings\Temp\ubi296.tmp.exe - Deleted
    C:\Documents and Settings\Administrateur\Local Settings\Temp\ubi38B.tmp.exe - Deleted
    C:\Documents and Settings\Administrateur\Local Settings\Temp\ubi439.tmp.exe - Deleted
    C:\Documents and Settings\Administrateur\Local Settings\Temp\ubiA57.tmp.exe - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt137.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt14.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt158.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt181.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt187.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt196.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt19A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt19E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1A2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1A6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1AA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1AE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1B2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1B6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1BA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1BE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1CA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1CE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1D2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1D6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1DA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1DE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1E2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1E6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1EA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1EE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1F2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1F6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1FA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1FE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt202.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt206.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt20A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt20E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt212.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt216.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt21A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt21E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt222.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt226.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt22A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt22E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt232.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt236.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt23A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt23E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt242.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt246.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt24A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt24E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt252.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt256.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt25A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt25E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt262.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt266.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt26A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt271.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12B.tmp.vbs - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp.vbs - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp10.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp12.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp13.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp14.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp16.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp17.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp18.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp19.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp20.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp21.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp22.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp23.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp24.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp25.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp26.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp27.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp28.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp29.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp30.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp31.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp32.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp33.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp34.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp35.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp36.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp37.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp38.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp39.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp40.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp41.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp42.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp43.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp44.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp45.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp46.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp47.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp48.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp49.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp51.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp52.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp53.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp54.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp55.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp56.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp57.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp58.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp59.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp5A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp5B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp5C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp5D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp5E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp5F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp60.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp61.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp63.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp64.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp65.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp66.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp69.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp70.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp71.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp72.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp73.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp74.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp75.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp76.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp77.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp78.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp79.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp80.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp81.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp82.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp83.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp84.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp85.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp86.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp87.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp88.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp89.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp90.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp91.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp92.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp93.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp94.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp95.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp96.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp97.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp98.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp99.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9A.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9B.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9C.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9D.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9E.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9F.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA0.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA3.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA8.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA9.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAC.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAF.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB0.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB1.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB3.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB8.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB9.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpBA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpBB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpBC.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpBD.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpBE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpBF.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC0.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC1.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC3.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC8.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpC9.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpCA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpCB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpCC.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpCD.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpCE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpCF.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD0.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD1.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD3.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD8.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD9.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpDA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpDB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpDC.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpDD.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpDE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpDF.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE0.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE1.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE3.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE8.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpE9.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpEA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpEB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpEC.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpED.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpEE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpEF.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF0.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF1.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF2.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF3.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF4.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF5.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF6.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF7.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF8.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF9.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpFA.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpFB.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpFC.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpFD.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpFE.tmp - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpFF.tmp - Deleted
    C:\WINDOWS\a.bat - Deleted
    C:\WINDOWS\system32\a.exe - Deleted
    C:\WINDOWS\a.bat - Deleted
    C:\WINDOWS\bdn.com - Deleted
    C:\WINDOWS\iTunesMusic.exe - Deleted
    C:\WINDOWS\mdm.exe - Deleted
    C:\WINDOWS\mssecu.exe - Deleted
    C:\WINDOWS\qvdntlmw.dll - Deleted
    C:\WINDOWS\svchost.ini - Deleted
    C:\WINDOWS\svchost.exe - Deleted
    C:\WINDOWS\system32smp - Deleted
    C:\WINDOWS\Web\def.htm - Deleted



    Folder C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed
    Folder C:\WINDOWS\mslagent - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-25 13:48:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    "h0"=dword:00000001
    "ujdew"=hex:b7,bb,cc,e3,7e,15,1b,81,2d,44,c3,68,2f,bc,b0,ad,8e,53,71,cd,25,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:a5,a7,22,b4,96,a7,00,da,f3,37,6e,56,04,ee,fc,d7,c6,23,8f,2d,7c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,58,ff,6f,0d,18,42,10,08,58,6c,f8,d1,dc,b0,f9,92,7e,..
    "khjeh"=hex:0e,61,96,d9,ff,71,12,d5,52,9a,b3,f9,66,79,cd,e6,56,f6,34,dc,c8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:cd,93,40,84,d9,ca,85,e7,84,51,a7,b4,df,77,81,96,d5,ac,f9,a6,f1,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    "h0"=dword:00000001
    "ujdew"=hex:b7,bb,cc,e3,7e,15,1b,81,2d,44,c3,68,2f,bc,b0,ad,8e,53,71,cd,25,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:a5,a7,22,b4,96,a7,00,da,f3,37,6e,56,04,ee,fc,d7,c6,23,8f,2d,7c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,58,ff,6f,0d,18,42,10,08,58,6c,f8,d1,dc,b0,f9,92,7e,..
    "khjeh"=hex:0e,61,96,d9,ff,71,12,d5,52,9a,b3,f9,66,79,cd,e6,56,f6,34,dc,c8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:cd,93,40,84,d9,ca,85,e7,84,51,a7,b4,df,77,81,96,d5,ac,f9,a6,f1,..

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\oembios.exe 240128 bytes executable
    C:\WINDOWS\system32\sysproc64
    C:\WINDOWS\system32\sysproc64\000117B9.uf 105265 bytes
    C:\WINDOWS\system32\sysproc64\000117F7.uf 15157 bytes
    C:\WINDOWS\system32\sysproc64\00011826.uf 4925 bytes
    C:\WINDOWS\system32\sysproc64\00011865.uf 98317 bytes
    C:\WINDOWS\system32\sysproc64\04866ED6.uf 105265 bytes
    C:\WINDOWS\system32\sysproc64\04866F24.uf 20141 bytes
    C:\WINDOWS\system32\sysproc64\04866F72.uf 4925 bytes
    C:\WINDOWS\system32\sysproc64\04866FB1.uf 98317 bytes
    C:\WINDOWS\system32\sysproc64\sysproc32.sys 218 bytes
    C:\WINDOWS\system32\sysproc64\sysproc32.sys.cla 109 bytes
    C:\WINDOWS\system32\sysproc64\sysproc86.sys 50341 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 13


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
    "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:p ando Application"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe:*:Enabled:etqwded.exe"
    "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
    "C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"="C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe:*:Enabled:GRID Demo"
    "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
    "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
    "C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
    "C:\\Documents and Settings\\Administrateur\\Bureau\\Splinter Cell Double Agent\\TCSC Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\Splinter Cell Double Agent\\TCSC Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\Steam\\steamapps\\jovovich\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\jovovich\\day of defeat source\\hl2.exe:*:Enabled:hl2"
    "C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2 Demo SP\\graw2.exe"="C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2 Demo SP\\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter© 2 Demo SP"
    "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\SDK 1.4\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\SDK 1.4\\etqw.exe:*:Enabled:Enemy Territory: QUAKE Wars"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
    "C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
    "C:\\Documents and Settings\\Administrateur\\Bureau\\Dossier Dilllon\\SCDA-Offline\\Splinter Cell Double Agent\\TCSC Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\Dossier Dilllon\\SCDA-Offline\\Splinter Cell Double Agent\\TCSC Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
    "C:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"="C:\\Games\\Mass Effect\\Binaries\\MassEffect.exe:*:Enabled:Mass Effect Game"
    "C:\\Games\\Mass Effect\\MassEffectLauncher.exe"="C:\\Games\\Mass Effect\\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
    "C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 16 Jan 2007 49,244 ..SHR --- "C:\RavMon.exe"
    Fri 11 Apr 2008 218,906 A..H. --- "C:\Downloads\Astuce batterie de missiles.zip"
    Tue 3 Jun 2008 632,755,300 A..H. --- "C:\Downloads\cod4mw_modtools_v1.zip"
    Thu 5 Jun 2008 839,313,956 A..H. --- "C:\Downloads\dmc4_JeuxVideo.com_13728.zip"
    Sat 12 Apr 2008 9,022,448 A..H. --- "C:\Downloads\etqwpro040.zip"
    Thu 17 Apr 2008 9,022,448 A..H. --- "C:\Downloads\etqwpro040(1).zip"
    Fri 30 May 2008 960,492 A..H. --- "C:\Downloads\VC_2004.zip"
    Wed 21 May 2008 554,538,416 A..H. --- "C:\Downloads\Software\ETQW-client-1.0-1.5-update.exe"
    Tue 27 May 2008 106,318,664 A..H. --- "C:\Downloads\Software\ETQW-client-1.4-1.5-update.exe"
    Tue 20 May 2008 974,336 A..H. --- "C:\Downloads\Software\totrec32.exe"
    Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe"
    Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\455e66.dll"
    Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\4b2ca40.dll"
    Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\72ce980.dll"
    Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\af64ab9.dll"
    Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
    Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
    Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
    Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
    Mon 31 Mar 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
    Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
    Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
    Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
    Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
    Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
    Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
    Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
    Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
    Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
    Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
    Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
    Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
    Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
    Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
    Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
    Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
    Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
    Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
    Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
    Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
    Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
    Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
    Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
    Fri 22 Aug 2008 2,865 ...HR --- "C:\Documents and Settings\Administrateur\Application Data\SecuROM\UserData\securom_v7_01.bak"

    Finished!

    merci pour ton aide vraiment,ne t'en fais pas je sais bien que tous les internautes ont une vie privée,sauf certain peut être^^,donc merci beaucoup:) 
    Contenus similaires
    25 Août 2008 21:52:36

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    5 Septembre 2008 19:49:51

    Désolé pour ce gros retard
    j'avais de gros souci mais maintenant ça va mieux

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1104
    Windows 5.1.2600 Service Pack 2

    04/09/2008 06:44:42
    mbam-log-2008-09-04 (06-44-42).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 184235
    Temps écoulé: 3 hour(s), 37 minute(s), 31 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 14
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 5
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 79

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\qvdntlmw.bmsb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{841098dc-eea3-4332-9c67-51cf88fe66a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{19188bc4-4e06-48e6-9c54-8e94425aef02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9e15cbba-a508-4838-ac11-8d44be41cea9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\oembios.exe -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\oembios.exe -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Delete on reboot.

    Fichier(s) infecté(s):
    C:\WINDOWS\MDM.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\qhgfezcj\qpudutwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080325-202155-644.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP10\A0000767.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP11\A0000769.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP12\A0000770.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP14\A0001204.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP15\A0001208.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP15\A0001360.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP16\A0001361.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP16\A0001392.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP16\A0001408.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP16\A0002493.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP16\A0003538.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP16\A0003579.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP5\A0000068.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP6\A0000069.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP6\A0000081.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP6\A0000087.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP6\A0000105.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{47DD167E-6BA9-4D82-91F1-BB25B4C15AD6}\RP6\A0000108.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yhojqncf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\000117B9.uf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\000117F7.uf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\00011826.uf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\00011865.uf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\04866ED6.uf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\04866F24.uf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\04866F72.uf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\04866FB1.uf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\sysproc64\sysproc32.sys.cla (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32ps1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\SVCHOST.INI (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    6 Septembre 2008 10:51:12

    bonjour

    je remplace Eg, absent pour le moment. ;) 


    1
    le rapport avec Malwarebytes' Anti-Malware n'est pas complet.
    refais un passage avec l'outil stp et poste le rapport
    2
    ajoute un log hijackthis.
    6 Septembre 2008 13:43:14

    j'ai depuis quelques jours aussi un nouveau problème.
    Sur tous mes jeux (cod4,grid ou peux importe).
    Quand j'appuie sur Z(avancer) mon perso avance pendant un certain temps comme si j'avais maintenu la touche or quand je ne joue pas mon clavier fonctionne très bien.

    sinon voilà un new rapport hijack this

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:38:52, on 06/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Pando Networks\Pando\Pando.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
    C:\WINDOWS\SVCHOST.EXE
    C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
    C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'SERVICE LOCAL')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
    O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 7490 bytes

    j'ai pas compris pour le rapport incomplet ya un truc que j'ai mal fais ?
    6 Septembre 2008 18:05:24

    re
    fury93 a dit :
    j'ai pas compris pour le rapport incomplet ya un truc que j'ai mal fais ?


    refais un passage avec Malwarebytes' Anti-Malware, je n'ai pas pu voir le rapport en entier.
    tu posteras le rapport complet cette fois stp
    donc:
    redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM



    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS