Se connecter avec
S'enregistrer | Connectez-vous

Virtumonde.dll

Dernière réponse : dans Sécurité

Bonjour à tous,

J'ai passer un coup de spybot sur mon pc histoire de voir si j'avais quelques spyware qui trainés. Et je me suis aperçut que j'avais virtumonde et virtumonde.dll.

J'ai donc voulus les supprimer avec le bouton "Corriger tous les problèmes", malheuresement ils reviennent en permanance et je ne sais pas comment faire pour les supprimer.

J'ai essayé plusieurs outils proposer par des sites mais rien n'y fait.

Je vous poste ici mon rapport HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:02, on 06/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update2\ALU.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\conime.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\prevhost.exe
C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Kiva\Desktop\Sanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D245D02-70D9-40D0-9816-107ED2F7EC37} - (no file)
O2 - BHO: (no name) - {6E9EC25D-DD80-4EC6-BB73-208199086D5A} - C:\Windows\system32\jkkICvSK.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91E1F26F-7B09-4BB6-855C-7897C3AF43C7} - (no file)
O2 - BHO: (no name) - {9951C7E8-B41E-4D7B-BB37-9FF4AAC21CA6} - (no file)
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {D8EB6160-3C8F-43BD-B55F-88183FCFDEDC} - (no file)
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - C:\Windows\system32\hgGVpmNF.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGVpmNF.dll,#1
O4 - HKLM\..\Run: [BM195324ec] Rundll32.exe "C:\Windows\system32\vxcggvoq.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA5661] command /c del "C:\Windows\System32\xxyaBUon.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3616] cmd /c del "C:\Windows\System32\xxyaBUon.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7956] command /c del "C:\Windows\System32\orqkxpel.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6169] cmd /c del "C:\Windows\System32\orqkxpel.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1708] command /c del "C:\Windows\System32\lpqpruqj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3714] cmd /c del "C:\Windows\System32\lpqpruqj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3125] command /c del "C:\Windows\System32\khfdgelo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7115] cmd /c del "C:\Windows\System32\khfdgelo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6694] command /c del "C:\Windows\System32\jkkICvSK.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2821] cmd /c del "C:\Windows\System32\jkkICvSK.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3910] command /c del "C:\Windows\System32\gxsnudfj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3881] cmd /c del "C:\Windows\System32\gxsnudfj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA445] command /c del "C:\Windows\System32\dabjoffa.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7873] cmd /c del "C:\Windows\System32\dabjoffa.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8867] command /c del "C:\Windows\System32\bcpbouye.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3388] cmd /c del "C:\Windows\System32\bcpbouye.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD497] cmd /c del "C:\Windows\System32\bcpbouye.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2420] command /c del "C:\Windows\System32\xxyaBUon.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9276] cmd /c del "C:\Windows\System32\xxyaBUon.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1453] command /c del "C:\Windows\System32\orqkxpel.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4566] cmd /c del "C:\Windows\System32\orqkxpel.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3074] command /c del "C:\Windows\System32\lpqpruqj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7586] cmd /c del "C:\Windows\System32\lpqpruqj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6096] command /c del "C:\Windows\System32\khfdgelo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1573] cmd /c del "C:\Windows\System32\khfdgelo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8658] command /c del "C:\Windows\System32\jkkICvSK.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3740] cmd /c del "C:\Windows\System32\jkkICvSK.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1858] command /c del "C:\Windows\System32\gxsnudfj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4058] cmd /c del "C:\Windows\System32\gxsnudfj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2583] command /c del "C:\Windows\System32\dabjoffa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6487] cmd /c del "C:\Windows\System32\dabjoffa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1768] command /c del "C:\Windows\System32\bcpbouye.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12655 bytes

Si quelqu'un peut m'aider :) 

Merci.

Autres pages sur : virtumonde dll

Lassé par la pub ? Créez un compte

Bonsoir,

3) ~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo.

~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.

~Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Bonjour,

Refais un scan vundo, parfois il ne supprime la première fois. ;) 

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo.

~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.

~Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Bonsoir,

tu peux me poster le rapport.

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    Deckard's System Scanner v20071014.68
    Run by Kiva on 2008-05-07 21:22:08
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    System Drive C: has 2.62 GiB (less than 15%) free.


    -- HijackThis (run as Kiva.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:23:19, on 07/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Windows\ASScrPro.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Kiva\Desktop\dss.exe
    C:\Windows\system32\taskmgr.exe
    C:\Users\Kiva\Desktop\Kiva.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: (no name) - {5D245D02-70D9-40D0-9816-107ED2F7EC37} - (no file)
    O2 - BHO: (no name) - {6E9EC25D-DD80-4EC6-BB73-208199086D5A} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {91E1F26F-7B09-4BB6-855C-7897C3AF43C7} - (no file)
    O2 - BHO: (no name) - {9951C7E8-B41E-4D7B-BB37-9FF4AAC21CA6} - (no file)
    O2 - BHO: (no name) - {C401573B-AEBE-4C00-BB63-0CAA6627534C} - C:\Windows\system32\jkkICvSK.dll
    O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O2 - BHO: (no name) - {D8EB6160-3C8F-43BD-B55F-88183FCFDEDC} - (no file)
    O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - C:\Windows\system32\wvUmkkjJ.dll
    O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk.disabled
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
    O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
    O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy2\SDWinSec.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 8845 bytes

    -- Files created between 2008-04-07 and 2008-05-07 -----------------------------

    2010-02-22 21:09:48 0 d-------- C:\ruby
    2010-02-22 21:08:25 0 d-------- C:\Program Files\SapphireSteel Software
    2008-05-07 20:28:36 106560 --a------ C:\Windows\system32\tbixjjjp.dll
    2008-05-07 20:25:50 2112 --a------ C:\Windows\system32\ldnulfgb.exe
    2008-05-07 20:25:48 96832 --a------ C:\Windows\system32\yrsdubcw.dll
    2008-05-06 23:39:48 2112 --a------ C:\Windows\system32\hjjssqmu.exe
    2008-05-06 23:33:47 190590 --ahs---- C:\Windows\system32\nmWFPXyb.ini2
    2008-05-06 23:30:26 0 d-------- C:\Program Files\Spybot - Search & Destroy2
    2008-05-06 23:28:37 36352 --a------ C:\Windows\system32\wvUmkkjJ.dll
    2008-05-06 22:50:59 2112 --a------ C:\Windows\system32\mrkanhtp.exe
    2008-05-05 23:10:01 0 d-------- C:\Program Files\Hitman Pro
    2008-05-05 22:15:42 262144 --a------ C:\ntuser.dat
    2008-05-05 20:33:57 0 d-------- C:\VundoFix Backups
    2008-05-05 19:54:17 187877 --ahs---- C:\Windows\system32\noUBayxx.ini2
    2008-05-05 08:36:38 0 -rahs---- C:\MSDOS.SYS
    2008-05-05 08:36:38 0 -rahs---- C:\IO.SYS
    2008-05-04 11:02:01 0 d-------- C:\Program Files\Panda Security
    2008-05-03 18:58:40 191776 --ahs---- C:\Windows\system32\KSvCIkkj.ini2
    2008-05-03 18:58:37 281600 -----n--- C:\Windows\system32\jkkICvSK.dll
    2008-04-28 21:22:14 18048 --a------ C:\Windows\system32\drivers\lirsgt.sys
    2008-04-28 21:22:14 271360 --a------ C:\Windows\system32\drivers\atksgt.sys
    2008-04-28 21:15:11 0 d-------- C:\Program Files\Anno 1701
    2008-04-28 20:46:52 0 d-------- C:\Program Files\Common Files\fabFORCE
    2008-04-28 20:46:28 0 d-------- C:\Program Files\fabFORCE
    2008-04-25 21:16:36 0 d-------- C:\Program Files\Opera
    2008-04-17 23:07:18 0 d-------- C:\Program Files\Advanced Image Viewer and Converter
    2008-04-13 16:12:43 2829 --a------ C:\Windows\W2BNEUnin.pif
    2008-04-13 16:12:43 98304 --a------ C:\Windows\W2BNEUnin.exe <Not Verified; Blizzard Entertainment; Warcraft II Battle.net Edition Uninstaller>
    2008-04-13 16:12:43 19543 --a------ C:\Windows\W2BNEUnin.dat
    2008-04-13 16:12:11 0 d-------- C:\Program Files\Warcraft II BNE


    -- Find3M Report ---------------------------------------------------------------

    2008-05-07 21:11:26 690832 --a------ C:\Windows\system32\perfh00C.dat
    2008-05-07 21:11:26 117572 --a------ C:\Windows\system32\perfc00C.dat
    2008-05-07 20:14:25 12 --a------ C:\Windows\bthservsdp.dat
    2008-05-07 20:07:24 45056 --a------ C:\Windows\system32\acovcnt.exe
    2008-05-07 00:22:15 0 d-------- C:\Program Files\LogMeIn
    2008-05-05 21:37:56 0 d-------- C:\Users\Kiva\AppData\Roaming\DBDesigner4
    2008-05-05 21:05:16 0 d-------- C:\Program Files\Visual Assist X
    2008-05-04 21:05:00 512 --a------ C:\ScanSectorLog.dat
    2008-05-03 13:22:42 0 d-------- C:\Users\Kiva\AppData\Roaming\uTorrent
    2008-04-28 21:15:10 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-28 20:46:52 0 d-------- C:\Program Files\Common Files
    2008-04-27 14:19:28 0 d-------- C:\Program Files\Windows Mail
    2008-04-25 21:16:46 0 d-------- C:\Users\Kiva\AppData\Roaming\Opera
    2008-04-21 20:26:09 0 d-------- C:\Program Files\eMule
    2008-04-21 19:56:42 0 d-------- C:\Users\Kiva\AppData\Roaming\eMule
    2008-04-20 16:54:51 0 d-------- C:\Program Files\WinMerge
    2008-03-31 21:38:08 0 d-------- C:\Program Files\Visual Zip Password Recovery Processor
    2008-03-26 22:29:15 0 d-------- C:\Program Files\SiSoftware
    2008-03-26 13:06:01 0 d-------- C:\Program Files\Puretna For Jerked
    2008-03-15 18:50:29 0 d-------- C:\Users\Kiva\AppData\Roaming\Notepad++
    2008-03-15 18:49:49 0 d-------- C:\Program Files\Notepad++
    2008-03-14 23:16:27 0 d-------- C:\Program Files\Steam
    2008-03-14 22:16:44 0 d-------- C:\Users\Kiva\AppData\Roaming\Bitdefender
    2008-03-14 22:15:42 0 d-------- C:\Program Files\Common Files\BitDefender
    2008-03-14 22:14:10 0 d-------- C:\Program Files\BitDefender


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D245D02-70D9-40D0-9816-107ED2F7EC37}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E9EC25D-DD80-4EC6-BB73-208199086D5A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91E1F26F-7B09-4BB6-855C-7897C3AF43C7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9951C7E8-B41E-4D7B-BB37-9FF4AAC21CA6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C401573B-AEBE-4C00-BB63-0CAA6627534C}]
    03/05/2008 18:58 281600 --------- C:\Windows\system32\jkkICvSK.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8EB6160-3C8F-43BD-B55F-88183FCFDEDC}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}]
    03/05/2008 18:53 36352 --a------ C:\Windows\system32\wvUmkkjJ.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [02/11/2006 18:27]
    "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [03/12/2007 23:47]
    "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [03/12/2007 23:47]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 16:09]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/03/2007 15:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 11:03]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [19/04/2007 07:39]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [17/11/2007 13:53]

    C:\Users\Kiva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk.disabled [21/01/2008 23:07:14]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk.disabled [03/12/2007 23:47:53]
    Adobe Reader Synchronizer.lnk.disabled [03/12/2007 23:47:53]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [07/12/2007 17:23:11]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}"= C:\Windows\system32\wvUmkkjJ.dll [03/05/2008 18:53 36352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= scecli ASWLNPkg
    "Authentication Packages"= msv1_0 C:\Windows\system32\jkkICvSK

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1a601770]
    rundll32.exe "C:\Windows\system32\yrsdubcw.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SameSoul"=C:\Windows\system32\SameSoul.exe
    "Steam"="C:\Program Files\Steam\Steam.exe" -silent
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PowerForPhone"="C:\Program Files\P4P\P4P.exe"
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    "BM195324ec"=Rundll32.exe "C:\Windows\system32\epleyakn.dll",s
    "MSServer"=rundll32.exe C:\Windows\system32\wvUmkkjJ.dll,#1
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    Cognizance ASBroker ASChannel
    GPSvcGroup GPSvc
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr
    bdx scan


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    AutoRun\command- G:\autorun6e.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    Auto\command- AdobeR.exe e
    AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a32fb93-a1ea-11dc-927e-001d6069bd92}]
    Auto\command- AdobeR.exe e
    AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c33ed99-a2af-11dc-9a73-001d60afb085}]
    AutoRun\command- G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd6c8ba8-a220-11dc-992e-806e6f6e6963}]
    AutoRun\command- E:\SETUP.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ce31fd-a886-11dc-97d5-001d60afb085}]
    AutoRun\command- F:\autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-05-07 21:24:13 ------------

    Voila le rapport que me donne dss.

    Désactive l'uac : http://bibou0007.com/tutos-f45/tut [...] a-t132.htm
    Désactive Tea timer:
    -Afficher d'abord le Mode Avancé dans SpyBot
    Options Avancées :
    - menu Mode, Mode Avancé.
    Une colonne de menus apparaît dans la partie gauche :
    - cliquer sur Outils,
    - cliquer sur Résident,
    Dans Résident :
    - décocher Résident "TeaTimer" pour le désactiver.

    1) Crée un fichier Bloc Notes avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :
    (Sauf citation)

    Citation :
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D245D02-70D9-40D0-9816-107ED2F7EC37}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E9EC25D-DD80-4EC6-BB73-208199086D5A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91E1F26F-7B09-4BB6-855C-7897C3AF43C7}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9951C7E8-B41E-4D7B-BB37-9FF4AAC21CA6}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C401573B-AEBE-4C00-BB63-0CAA6627534C}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8EB6160-3C8F-43BD-B55F-88183FCFDEDC}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1a601770]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "BM195324ec"=-
    "MSServer"=-


    -Enregistrer ce fichier dans : Bureau
    -Nom du fichier : fix.reg
    -Type : tous les fichiers !!!
    -cliquer sur Enregistrer
    -quitter le Bloc Notes

    Utilisation du fichier: fix.reg
    - double cliquer sur le fichier (Bureau) / Accepter l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valider le message disant que la fusion est terminée.

    2) Télécharger OTMoveIt2 par OldTimer.

    * Enregistrer ce fichier sur le Bureau.
    * Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
    * Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

    C:\Windows\system32\tbixjjjp.dll
    C:\Windows\system32\ldnulfgb.exe
    C:\Windows\system32\yrsdubcw.dll
    C:\Windows\system32\hjjssqmu.exe
    C:\Windows\system32\nmWFPXyb.ini2
    C:\Windows\system32\wvUmkkjJ.dll
    C:\Windows\system32\mrkanhtp.exe
    C:\Windows\system32\noUBayxx.ini2
    C:\Windows\system32\KSvCIkkj.ini2
    C:\Windows\system32\jkkICvSK.dll
    C:\Windows\system32\acovcnt.exe


    * Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
    * Cliquer sur le bouton rouge Moveit!.
    * Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
    * Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    3) Poste un nouveau rapport Dss scan et dis-moi comment va le PC. Toujours des problèmes ?

    otmoveit2:

    File/Folder C:\Windows\system32\tbixjjjp.dll not found.
    C:\Windows\system32\ldnulfgb.exe moved successfully.
    File/Folder C:\Windows\system32\yrsdubcw.dll not found.
    C:\Windows\system32\hjjssqmu.exe moved successfully.
    C:\Windows\system32\nmWFPXyb.ini2 moved successfully.
    File/Folder C:\Windows\system32\wvUmkkjJ.dll not found.
    C:\Windows\system32\mrkanhtp.exe moved successfully.
    C:\Windows\system32\noUBayxx.ini2 moved successfully.
    C:\Windows\system32\KSvCIkkj.ini2 moved successfully.
    File/Folder C:\Windows\system32\jkkICvSK.dll not found.
    C:\Windows\system32\acovcnt.exe moved successfully.

    Dss:

    Deckard's System Scanner v20071014.68
    Run by Kiva on 2008-05-09 20:15:49
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    System Drive C: has 2.84 GiB (less than 15%) free.


    -- HijackThis (run as Kiva.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:15:58, on 09/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\ASUS\ASUS Live Update2\ALU.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Windows\ASScrPro.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Kiva\Desktop\dss.exe
    C:\Users\Kiva\Desktop\Kiva.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: (no name) - {5D245D02-70D9-40D0-9816-107ED2F7EC37} - (no file)
    O2 - BHO: (no name) - {6E9EC25D-DD80-4EC6-BB73-208199086D5A} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {91E1F26F-7B09-4BB6-855C-7897C3AF43C7} - (no file)
    O2 - BHO: (no name) - {9951C7E8-B41E-4D7B-BB37-9FF4AAC21CA6} - (no file)
    O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O2 - BHO: (no name) - {D8EB6160-3C8F-43BD-B55F-88183FCFDEDC} - (no file)
    O2 - BHO: (no name) - {E1E63D3A-9B7A-4F1B-A1DB-ADE0C022711B} - C:\Windows\system32\jkkICvSK.dll (file missing)
    O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk.disabled
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
    O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
    O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy2\SDWinSec.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9590 bytes

    -- Files created between 2008-04-09 and 2008-05-09 -----------------------------

    2010-02-22 21:09:48 0 d-------- C:\ruby
    2010-02-22 21:08:25 0 d-------- C:\Program Files\SapphireSteel Software
    2008-05-06 23:30:26 0 d-------- C:\Program Files\Spybot - Search & Destroy2
    2008-05-05 23:10:01 0 d-------- C:\Program Files\Hitman Pro
    2008-05-05 22:15:42 262144 --a------ C:\ntuser.dat
    2008-05-05 20:33:57 0 d-------- C:\VundoFix Backups
    2008-05-05 08:36:38 0 -rahs---- C:\MSDOS.SYS
    2008-05-05 08:36:38 0 -rahs---- C:\IO.SYS
    2008-05-04 11:02:01 0 d-------- C:\Program Files\Panda Security
    2008-04-28 21:22:14 18048 --a------ C:\Windows\system32\drivers\lirsgt.sys
    2008-04-28 21:22:14 271360 --a------ C:\Windows\system32\drivers\atksgt.sys
    2008-04-28 21:15:11 0 d-------- C:\Program Files\Anno 1701
    2008-04-28 20:46:52 0 d-------- C:\Program Files\Common Files\fabFORCE
    2008-04-28 20:46:28 0 d-------- C:\Program Files\fabFORCE
    2008-04-25 21:16:36 0 d-------- C:\Program Files\Opera
    2008-04-17 23:07:18 0 d-------- C:\Program Files\Advanced Image Viewer and Converter
    2008-04-13 16:12:43 2829 --a------ C:\Windows\W2BNEUnin.pif
    2008-04-13 16:12:43 98304 --a------ C:\Windows\W2BNEUnin.exe <Not Verified; Blizzard Entertainment; Warcraft II Battle.net Edition Uninstaller>
    2008-04-13 16:12:43 19543 --a------ C:\Windows\W2BNEUnin.dat
    2008-04-13 16:12:11 0 d-------- C:\Program Files\Warcraft II BNE


    -- Find3M Report ---------------------------------------------------------------

    2008-05-09 20:10:11 0 d-------- C:\Program Files\Notepad++
    2008-05-09 20:00:04 690832 --a------ C:\Windows\system32\perfh00C.dat
    2008-05-09 20:00:04 117572 --a------ C:\Windows\system32\perfc00C.dat
    2008-05-09 17:41:54 12 --a------ C:\Windows\bthservsdp.dat
    2008-05-09 00:46:29 0 d-------- C:\Program Files\LogMeIn
    2008-05-05 21:37:56 0 d-------- C:\Users\Kiva\AppData\Roaming\DBDesigner4
    2008-05-05 21:05:16 0 d-------- C:\Program Files\Visual Assist X
    2008-05-04 21:05:00 512 --a------ C:\ScanSectorLog.dat
    2008-05-03 13:22:42 0 d-------- C:\Users\Kiva\AppData\Roaming\uTorrent
    2008-04-28 21:15:10 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-28 20:46:52 0 d-------- C:\Program Files\Common Files
    2008-04-27 14:19:28 0 d-------- C:\Program Files\Windows Mail
    2008-04-25 21:16:46 0 d-------- C:\Users\Kiva\AppData\Roaming\Opera
    2008-04-21 20:26:09 0 d-------- C:\Program Files\eMule
    2008-04-21 19:56:42 0 d-------- C:\Users\Kiva\AppData\Roaming\eMule
    2008-04-20 16:54:51 0 d-------- C:\Program Files\WinMerge
    2008-03-31 21:38:08 0 d-------- C:\Program Files\Visual Zip Password Recovery Processor
    2008-03-26 22:29:15 0 d-------- C:\Program Files\SiSoftware
    2008-03-15 18:50:29 0 d-------- C:\Users\Kiva\AppData\Roaming\Notepad++
    2008-03-14 23:16:27 0 d-------- C:\Program Files\Steam
    2008-03-14 22:16:44 0 d-------- C:\Users\Kiva\AppData\Roaming\Bitdefender
    2008-03-14 22:15:42 0 d-------- C:\Program Files\Common Files\BitDefender
    2008-03-14 22:14:10 0 d-------- C:\Program Files\BitDefender


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D245D02-70D9-40D0-9816-107ED2F7EC37}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E9EC25D-DD80-4EC6-BB73-208199086D5A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91E1F26F-7B09-4BB6-855C-7897C3AF43C7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9951C7E8-B41E-4D7B-BB37-9FF4AAC21CA6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8EB6160-3C8F-43BD-B55F-88183FCFDEDC}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E63D3A-9B7A-4F1B-A1DB-ADE0C022711B}]
    C:\Windows\system32\jkkICvSK.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [02/11/2006 18:27]
    "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [03/12/2007 23:47]
    "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [03/12/2007 23:47]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 16:09]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/03/2007 15:24]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 11:03]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [19/04/2007 07:39]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [17/11/2007 13:53]

    C:\Users\Kiva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk.disabled [21/01/2008 23:07:14]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk.disabled [03/12/2007 23:47:53]
    Adobe Reader Synchronizer.lnk.disabled [03/12/2007 23:47:53]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [07/12/2007 17:23:11]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= scecli ASWLNPkg

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SameSoul"=C:\Windows\system32\SameSoul.exe
    "Steam"="C:\Program Files\Steam\Steam.exe" -silent
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PowerForPhone"="C:\Program Files\P4P\P4P.exe"
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    Cognizance ASBroker ASChannel
    GPSvcGroup GPSvc
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr
    bdx scan


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    AutoRun\command- G:\autorun6e.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    Auto\command- AdobeR.exe e
    AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a32fb93-a1ea-11dc-927e-001d6069bd92}]
    Auto\command- AdobeR.exe e
    AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c33ed99-a2af-11dc-9a73-001d60afb085}]
    AutoRun\command- G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd6c8ba8-a220-11dc-992e-806e6f6e6963}]
    AutoRun\command- E:\SETUP.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ce31fd-a886-11dc-97d5-001d60afb085}]
    AutoRun\command- F:\autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-05-09 20:17:58 ------------

    Pour le moment spybot me dit que tout va bien, je reboot et fait un test et repost.

    Bonsoir, je suis moi aussi infecté par Virtumonde.dll.

    Voici mes rapports Deckard's System Scanner :

    Deckard's System Scanner v20071014.68
    Run by Julien on 2008-05-26 19:21:10
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    6: 2008-05-23 15:47:17 UTC - RP188 - Windows Update
    5: 2008-05-21 16:03:04 UTC - RP187 - Windows Update
    4: 2008-05-20 10:33:40 UTC - RP186 - Windows Update
    3: 2008-05-17 22:16:35 UTC - RP185 - Windows Update
    2: 2008-05-17 17:02:45 UTC - RP184 - Installed Ad-Aware 2007


    -- First Restore Point --
    1: 2008-05-17 15:46:01 UTC - RP183 - Last known good configuration


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Julien.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:24:10, on 26/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Windows\ehome\ehtray.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\Bureau\dss.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Julien.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5} - C:\Windows\system32\hgGxWqqn.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {DD9335A5-96E5-417D-B47C-76CFD72ADF63} - C:\Windows\system32\cbXPhfDT.dll
    O2 - BHO: (no name) - {F79251E0-568C-4720-8155-4817E8D5324A} - (no file)
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGxWqqn.dll,#1
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1163] command /c del "C:\Windows\System32\cbXPhfDT.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7863] cmd /c del "C:\Windows\System32\cbXPhfDT.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9479] command /c del "C:\Windows\System32\ubitrgxy.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9958] cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9415] cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9003] cmd /c del "C:\Windows\System32\cbXPhfDT.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5483] cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3060] command /c del "C:\Windows\System32\cbXPhfDT.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5691] cmd /c del "C:\Windows\System32\cbXPhfDT.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8509] command /c del "C:\Windows\System32\ubitrgxy.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3931] cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3787] command /c del "C:\Windows\System32\cbXPhfDT.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD706] cmd /c del "C:\Windows\System32\cbXPhfDT.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1686] command /c del "C:\Windows\System32\ubitrgxy.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4188] cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\SFR ADSL\Box\Wizard\jswpsapi.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 11889 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 StarOpen - c:\windows\system32\drivers\staropen.sys

    S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
    S3 jswpsapi (Jumpstart Wifi Protected Setup) - c:\program files\sfr adsl\box\wizard\jswpsapi.exe <Not Verified; Atheros Communications, Inc.; JumpStart>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-05-25 23:00:37 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{DD0F6F43-A019-488A-BBAD-C4F836FDB443}.job


    -- Files created between 2008-04-26 and 2008-05-26 -----------------------------

    2008-05-26 18:58:54 0 d-------- C:\Users\Julien\Desktop
    2008-05-26 18:58:53 0 d-------- C:\Program Files\Trend Micro
    2008-05-20 19:59:35 2624 --a------ C:\Windows\system32\hwkevsiw.exe
    2008-05-20 19:45:43 43008 --a------ C:\Windows\system32\hgGxWqqn.dll
    2008-05-20 13:12:33 660986 --ahs---- C:\Windows\system32\acbLkmoq.ini2
    2008-05-19 18:38:24 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-05-19 13:03:04 702499 --ahs---- C:\Windows\system32\jlRBHkkj.ini2
    2008-05-17 19:03:07 0 d-------- C:\Program Files\Lavasoft
    2008-05-17 19:01:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-17 17:42:17 673391 --ahs---- C:\Windows\system32\TDfhPXbc.ini2
    2008-05-17 17:42:15 275968 -----n--- C:\Windows\system32\cbXPhfDT.dll
    2008-05-16 17:35:07 43008 --a------ C:\Windows\system32\byXPJDwU.dll
    2008-05-16 17:33:05 0 -rahs---- C:\MSDOS.SYS
    2008-05-16 17:33:05 0 -rahs---- C:\IO.SYS
    2008-05-12 19:48:01 876544 --a------ C:\Windows\system32\jswscsup.dll <Not Verified; Atheros Communications, Inc.; JSCSCSUP>
    2008-05-12 19:47:34 0 d-------- C:\Program Files\SFR ADSL
    2008-05-12 19:46:52 0 d-------- C:\Users\All Users\SFR
    2008-05-12 19:43:16 48128 --a------ C:\Windows\system32\SMMSCRPT.DLL <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
    2008-05-12 19:43:16 9728 --a------ C:\Windows\system32\RNAPH.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
    2008-05-12 19:43:16 0 d-------- C:\Users\Julien\Favorites
    2008-05-12 19:43:16 0 d-------- C:\Public
    2008-05-12 19:41:47 0 d-------- C:\Windows\SFR_ADSL
    2008-05-09 19:28:45 0 d-------- C:\Users\All Users\Ubisoft
    2008-05-09 19:14:17 0 d-------- C:\Program Files\Ubisoft
    2008-05-03 19:15:39 0 d-------- C:\Users\Julien\Bluetooth Software
    2008-05-03 13:39:53 308224 --a------ C:\Windows\IsUn040c.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-04-27 19:01:16 73728 --a------ C:\Windows\VMInstNT.exe
    2008-04-27 19:01:16 69632 --a------ C:\Windows\VMInst64.exe
    2008-04-27 19:01:16 32768 --a------ C:\Windows\VMInst.exe
    2008-04-27 19:01:16 40960 --a------ C:\Windows\VM303UninstNT.exe
    2008-04-27 19:01:16 138752 --a------ C:\Windows\VM303Uninst64.exe
    2008-04-27 19:01:16 40960 --a------ C:\Windows\VM303Uninst.exe
    2008-04-27 19:01:16 192512 --a------ C:\Windows\VimicroCam.exe <Not Verified; Vimicro Corporation; Update from DirectX 9.0 Sample>
    2008-04-27 19:01:16 0 d-------- C:\Windows\CatRoot
    2008-04-27 18:59:01 0 d-------- C:\Program Files\HP 1.3MP Webcam
    2008-04-27 14:56:58 0 d-------- C:\CheapSoft


    -- Find3M Report ---------------------------------------------------------------

    2008-05-26 19:20:20 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
    2008-05-26 19:18:52 27934 --a------ C:\Users\Julien\AppData\Roaming\nvModes.001
    2008-05-20 19:30:09 693588 --a------ C:\Windows\system32\perfh00C.dat
    2008-05-20 19:30:09 118450 --a------ C:\Windows\system32\perfc00C.dat
    2008-05-20 12:37:35 836 --a------ C:\Windows\bthservsdp.dat
    2008-05-20 12:34:21 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-05-17 19:01:50 0 d-------- C:\Program Files\Common Files
    2008-05-14 23:48:30 0 d-------- C:\Program Files\Windows Mail
    2008-05-12 19:48:00 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-12 01:09:04 27934 --a------ C:\Users\Julien\AppData\Roaming\nvModes.dat
    2008-05-09 19:38:38 0 d-------- C:\Users\Julien\AppData\Roaming\Ubisoft
    2008-05-03 13:42:16 0 d-------- C:\Program Files\Common Files\Adobe
    2008-05-03 13:40:11 0 d-------- C:\Users\Julien\AppData\Roaming\InterTrust
    2008-04-27 18:07:20 0 d-------- C:\Program Files\HP
    2008-04-27 18:07:20 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-04-20 21:25:44 0 d-------- C:\Users\Julien\AppData\Roaming\Samsung
    2008-04-20 20:47:46 0 d-------- C:\Program Files\Samsung
    2008-04-14 22:19:36 0 d-------- C:\Users\Julien\AppData\Roaming\Macrovision
    2008-04-14 18:34:06 0 d-------- C:\Program Files\Vodafone
    2008-04-13 01:43:19 0 d-------- C:\Program Files\Messenger Plus! Live
    2008-03-15 13:30:47 0 --a------ C:\Windows\nsreg.dat
    2008-03-05 20:46:55 24439 --a------ C:\Users\Julien\AppData\Roaming\UserTile.png


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5}]
    16/05/2008 17:33 43008 --a------ C:\Windows\system32\hgGxWqqn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD9335A5-96E5-417D-B47C-76CFD72ADF63}]
    17/05/2008 17:42 275968 --------- C:\Windows\system32\cbXPhfDT.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F79251E0-568C-4720-8155-4817E8D5324A}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
    "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" []
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [26/01/2008 00:41]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/01/2007 16:12]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 03:29]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/01/2008 19:31]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [16/01/2007 23:34]
    "RtHDVCpl"="RtHDVCpl.exe" [09/03/2007 19:50 C:\Windows\RtHDVCpl.exe]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [16/04/2008 23:56]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13/02/2007 11:38]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/02/2007 16:37]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 13:18]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/03/2007 11:54]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "MSServer"="C:\Windows\system32\hgGxWqqn.dll" [16/05/2008 17:33]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [26/01/2008 00:34]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29/03/2007 15:41]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [21/03/2008 10:30]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingD9415"=cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"
    "SpybotDeletingD9003"=cmd /c del "C:\Windows\System32\cbXPhfDT.dll"
    "SpybotDeletingD5483"=cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"
    "SpybotDeletingB3060"=command /c del "C:\Windows\System32\cbXPhfDT.dll"
    "SpybotDeletingD5691"=cmd /c del "C:\Windows\System32\cbXPhfDT.dll"
    "SpybotDeletingB8509"=command /c del "C:\Windows\System32\ubitrgxy.dll_old"
    "SpybotDeletingD3931"=cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"
    "SpybotDeletingB3787"=command /c del "C:\Windows\System32\cbXPhfDT.dll"
    "SpybotDeletingD706"=cmd /c del "C:\Windows\System32\cbXPhfDT.dll"
    "SpybotDeletingB1686"=command /c del "C:\Windows\System32\ubitrgxy.dll_old"
    "SpybotDeletingD4188"=cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    "SpybotDeletingA1163"=command /c del "C:\Windows\System32\cbXPhfDT.dll"
    "SpybotDeletingC7863"=cmd /c del "C:\Windows\System32\cbXPhfDT.dll"
    "SpybotDeletingA9479"=command /c del "C:\Windows\System32\ubitrgxy.dll_old"
    "SpybotDeletingC9958"=cmd /c del "C:\Windows\System32\ubitrgxy.dll_old"

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/12/2006 13:27:40]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5}"= C:\Windows\system32\hgGxWqqn.dll [16/05/2008 17:33 43008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= scecli ASWLNPkg
    "Authentication Packages"= msv1_0 C:\Windows\system32\cbXPhfDT

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    Cognizance ASBroker ASChannel
    GPSvcGroup GPSvc
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    AutoRun\command- H:\StartVMCLite.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fc5c453-0990-11dd-b7c7-001e37037d92}]
    AutoRun\command- H:\StartVMCLite.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fc5c462-0990-11dd-b7c7-001e37037d92}]
    AutoRun\command- I:\StartVMCLite.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c15e836-1ce6-11dd-bf1d-001e37037d92}]
    AutoRun\command- H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fae6083-f9e8-11dc-b072-001e37037d92}]
    AutoRun\command- G:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 rad.msn.com
    127.0.0.1 rad.live.com
    127.0.0.1 ads1.msn.com
    127.0.0.1 adfarm.mediaplex.com
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com

    8386 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-05-26 19:26:04 ------------

    ================================================

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Édition Familiale Premium (build 6000)
    Architecture: X86; Language: French

    CPU 0: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
    Percentage of Memory in Use: 44%
    Physical Memory (total/avail): 2045.81 MiB / 1136.32 MiB
    Pagefile Memory (total/avail): 4310.16 MiB / 3087.16 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1929.93 MiB

    C: is Fixed (NTFS) - 225.43 GiB total, 163.21 GiB free.
    D: is Fixed (NTFS) - 232.88 GiB total, 138.84 GiB free.
    E: is Fixed (NTFS) - 7.45 GiB total, 2.3 GiB free.
    F: is CDROM (No Media)
    G: is CDROM (No Media)
    H: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - SAMSUNG HM250JI - 232.88 GiB - 2 partitions
    \PARTITION0 (bootable) - Système de fichiers installable - 225.43 GiB - C:
    \PARTITION1 - Système de fichiers installable - 7.45 GiB - E:

    \\.\PHYSICALDRIVE1 - SAMSUNG HM250JI - 232.88 GiB - 1 partition
    \PARTITION0 - Système de fichiers installable - 232.88 GiB - D:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    AV: avast! antivirus 4.8.1201 [VPS 080526-0] v4.8.1201 (ALWIL Software) Disabled
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
    AS: avast! antivirus 4.8.1201 [VPS 080526-0] v4.8.1201 (ALWIL Software) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Julien\AppData\Roaming
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=PC-DE-JULIEN
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Julien
    LOCALAPPDATA=C:\Users\Julien\AppData\Local
    LOGONSERVER=\\PC-DE-JULIEN
    NUMBER_OF_PROCESSORS=2
    OnlineServices=Services en ligne
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Bioscrypt\VeriSoft\bin;C:\Program Files\Samsung\Samsung PC Studio 3\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PCBRAND=Pavilion
    PLATFORM=MCD
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f0b
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Julien\AppData\Local\Temp
    TMP=C:\Users\Julien\AppData\Local\Temp
    USERDOMAIN=PC-de-Julien
    USERNAME=Julien
    USERPART=F:
    USERPROFILE=C:\Users\Julien
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Julien (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
    Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
    AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
    avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BitComet 0.93 --> C:\Program Files\BitComet\uninst.exe
    CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
    CS16 Full v32.1 Non-Steam --> C:\Program Files\Counter-Strike\Uninstal.exe
    ESU for Microsoft Vista --> MsiExec.exe /X{DB3AE42A-AAED-49CC-9B87-55A181BCC868}
    Football Manager 2007 --> C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
    Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    Gestionnaire pour appareils Windows Mobile --> MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}
    Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
    HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
    HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
    HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
    HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
    HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
    HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
    HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
    HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
    HP QuickPlay 3.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    HP User Guides 0056 --> MsiExec.exe /I{5AB56552-6938-4686-9F87-DB0ED8D1E06B}
    HP Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}\setup.exe" -l0x9 -removeonly
    HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
    Installation de la Box SFR --> "C:\Program Files\InstallShield Installation Information\{3D60B500-25C9-413D-993F-0B7900C4D1EC}\setup.exe" -runfromtemp -l0x040c -snd -wifi -nodongle -removeonly
    Intel Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office OneNote MUI (French) 2007 --> MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
    Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile --> MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}
    Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\helper.exe
    MSCU for Microsoft Vista --> MsiExec.exe /X{336A609A-6ECC-4E05-B320-CCC085BF7EA7}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    QuickPlay SlingPlayer 0.4.6 --> "C:\Program Files\HP\QuickPlay\unins000.exe"
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
    SAMSUNG Mobile Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung Mobile phone USB driver Software --> C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung PC Studio 3 USB Driver Installer --> "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    VeriSoft Access Manager --> rundll32.exe "c:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {0ABA40AF-288D-41F1-B735-C5155692CD7D}
    VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Vodafone Mobile Connect Lite --> MsiExec.exe /X{B5761811-28F3-4257-B537-815C5EEF472C}
    Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
    Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
    Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type7388 / Warning
    Event Submitted/Written: 05/20/2008 07:54:23 PM
    Event ID/Source: 4006 / Winlogon
    Event Description:
    Le processus d’ouverture de session de Windows n’a pas pu créer une application utilisateur. Nom de l’application : . Paramètres de ligne de commande : explorer.exe.

    Event Record #/Type7387 / Error
    Event Submitted/Written: 05/20/2008 07:54:22 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Le programme Explorer.EXE version 6.0.6000.16549 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration.
    ID de processus : 8d4
    Heure de début : 01c8ba9e2c0a2638
    Heure de fin : 24

    Event Record #/Type7379 / Success
    Event Submitted/Written: 05/20/2008 07:46:07 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type7366 / Success
    Event Submitted/Written: 05/20/2008 07:23:51 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type7365 / Success
    Event Submitted/Written: 05/20/2008 07:23:50 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:




    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type31152 / Warning
    Event Submitted/Written: 05/26/2008 07:25:27 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    L’agent de protection en temps réel %PC-de-Julien27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Julien27 ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    %PC-de-Julien275

    ID d’analyse : {29083D51-0A93-40C1-8578-2F5B8DE9630E}

    Utilisateur : PC-de-Julien\Julien

    Nom : %PC-de-Julien271

    ID : %PC-de-Julien272

    ID de gravité : %PC-de-Julien273

    ID de catégorie : %PC-de-Julien274

    Chemin d’accès trouvé : %PC-de-Julien276

    Type d’alerte : %PC-de-Julien278

    Type de détection : 1.1.1505.02

    Event Record #/Type31151 / Warning
    Event Submitted/Written: 05/26/2008 07:24:27 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    L’agent de protection en temps réel %PC-de-Julien27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Julien27 ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    %PC-de-Julien275

    ID d’analyse : {CDD1709E-701C-46EE-83D3-3A089542883F}

    Utilisateur : PC-de-Julien\Julien

    Nom : %PC-de-Julien271

    ID : %PC-de-Julien272

    ID de gravité : %PC-de-Julien273

    ID de catégorie : %PC-de-Julien274

    Chemin d’accès trouvé : %PC-de-Julien276

    Type d’alerte : %PC-de-Julien278

    Type de détection : 1.1.1505.02

    Event Record #/Type31150 / Warning
    Event Submitted/Written: 05/26/2008 07:24:24 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    L’agent de protection en temps réel %PC-de-Julien27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Julien27 ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    %PC-de-Julien275

    ID d’analyse : {D38AB551-45FC-4395-8CDD-952E05AE08F9}

    Utilisateur : PC-de-Julien\Julien

    Nom : %PC-de-Julien271

    ID : %PC-de-Julien272

    ID de gravité : %PC-de-Julien273

    ID de catégorie : %PC-de-Julien274

    Chemin d’accès trouvé : %PC-de-Julien276

    Type d’alerte : %PC-de-Julien278

    Type de détection : 1.1.1505.02

    Event Record #/Type31149 / Warning
    Event Submitted/Written: 05/26/2008 07:24:24 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    L’agent de protection en temps réel %PC-de-Julien27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Julien27 ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    %PC-de-Julien275

    ID d’analyse : {AFEB4917-BB6F-435D-88E4-ADFD85411893}

    Utilisateur : PC-de-Julien\Julien

    Nom : %PC-de-Julien271

    ID : %PC-de-Julien272

    ID de gravité : %PC-de-Julien273

    ID de catégorie : %PC-de-Julien274

    Chemin d’accès trouvé : %PC-de-Julien276

    Type d’alerte : %PC-de-Julien278

    Type de détection : 1.1.1505.02

    Event Record #/Type31148 / Warning
    Event Submitted/Written: 05/26/2008 07:24:24 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    L’agent de protection en temps réel %PC-de-Julien27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Julien27 ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    %PC-de-Julien275

    ID d’analyse : {76C91786-01C3-40D5-9669-738F28A561C6}

    Utilisateur : PC-de-Julien\Julien

    Nom : %PC-de-Julien271

    ID : %PC-de-Julien272

    ID de gravité : %PC-de-Julien273

    ID de catégorie : %PC-de-Julien274

    Chemin d’accès trouvé : %PC-de-Julien276

    Type d’alerte : %PC-de-Julien278

    Type de détection : 1.1.1505.02



    -- End of Deckard's System Scanner: finished at 2008-05-26 19:26:04 ------------

    Salut à toi et tout d'abord merci pour ton assistance...
    J'admire le mec qui a créé cette vermine infame de virtumonde, c'est un vrai cauchemard.... J'ai très récemment reformaté mon pc et installé avant toute chose Kaspersky 2009, Spybot et Adaware, tous 3 parfaitement à jour....et devine quoi...Je me retape cette saloperie!

    Voici donc les infos que tu demandes contre ton aide:

    *Rapports DSS après tentative de désinfection avec VundoFix:


    -moved.txt:

    Directories/Files moved to C:\Deckard\System Scanner\backup

    2008-07-01 17:45:33 46 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\atmadm2.exe.bat
    2008-07-01 17:45:32 47 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe.bat
    2008-07-01 17:47:08 911046 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\caevents.log
    2008-06-27 17:49:18 36864 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CmdLineExt02.dll
    2008-06-30 18:22:02 8240544 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DivXInstaller.exe <Verified; DivX, Inc.; >
    2008-07-01 17:44:41 44 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dssec.exe.bat
    2008-06-26 19:54:02 610 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GEARInstall.log
    2008-06-30 22:25:59 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hsperfdata_Administrator
    2008-06-30 18:22:20 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp
    2008-07-01 17:45:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP
    2008-07-01 17:45:33 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP
    2008-06-25 22:00:56 23569 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install.log
    2008-07-01 16:57:14 3075 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_reg.log
    2008-06-26 10:55:59 1163 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_sp.log
    2008-06-26 10:47:18 8265 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jinstall.cfg
    2008-07-02 14:22:53 9046 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jusched.log
    2008-06-30 16:43:29 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jv16PT_2007
    2008-06-28 07:57:24 3426690 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-06-28-07-55-24.log
    2008-06-29 17:15:19 3415000 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-06-29-17-14-19.log
    2008-07-01 17:47:09 4162078 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-07-01-17-44-58.log
    2008-06-28 07:57:24 6757 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-06-28-07-55-24.log
    2008-06-29 17:15:19 6654 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-06-29-17-14-19.log
    2008-07-01 17:47:09 7175 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-07-01-17-44-58.log
    2008-06-29 17:14:39 3940 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 1700) 2008-06-29 17-14-38.log
    2008-06-29 17:14:32 7531 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 324) 2008-06-29 17-14-32.log
    2008-06-29 17:14:34 10481 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 324) 2008-06-29 17-14-34.log
    2008-07-01 17:45:17 8181 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3272) 2008-07-01 17-45-17.log
    2008-07-01 17:45:18 16668 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3272) 2008-07-01 17-45-18.log
    2008-06-28 07:56:26 7711 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3448) 2008-06-28 07-56-26.log
    2008-06-28 07:56:28 10726 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3448) 2008-06-28 07-56-28.log
    2008-07-01 17:45:23 4100 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3768) 2008-07-01 17-45-23.log
    2008-06-28 07:56:38 3940 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 4028) 2008-06-28 07-56-38.log
    2008-07-01 17:44:42 44 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\media.php.bat
    2008-07-01 16:33:51 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache
    2008-06-30 18:20:54 34 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod4.tmp
    2008-06-30 18:22:02 34 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod5.tmp
    2008-06-29 21:26:47 1224 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Silverlight0.log
    2008-06-29 21:26:47 176206 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SilverlightMSI.log
    2008-06-27 17:49:18 12067 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntf16.dll
    2008-06-27 17:49:18 19924 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntf32.dll
    2008-06-27 17:49:22 4592 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntfIcn.ani
    2008-06-27 17:49:18 24516 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntfNT.dll
    2008-06-28 07:55:26 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp33.tmp
    2008-06-29 17:14:20 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA.tmp
    2008-07-01 17:44:59 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp
    2003-05-20 04:22:26 307200 -----n--- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\war3_Install.exe <Not Verified; Blizzard Entertainment; Frozen Throne Installer>
    2008-07-02 14:01:30 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER3e83.dir00
    2008-06-26 21:20:37 1408 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmplog00.sqm
    2008-07-02 14:17:45 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPDNSE
    2008-06-26 11:15:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{87849F8C-770E-45CA-8CA9-5E40D5B1773F}
    2008-06-30 16:01:14 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{8B3FAD83-CF61-487C-A824-7F565C5A6B69}
    2008-07-01 17:47:02 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
    2008-06-28 07:51:22 597 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{AC76BA86-7AD7-1036-7B44-A81200000003}.ini
    2008-06-30 16:01:14 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8E90355-CB9F-42DB-9AEB-4D4B1D4519B1}
    2008-06-26 20:32:09 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{E14936DC-6C1E-41EC-9477-295012DB0F25}
    2008-07-02 14:06:56 32768 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9F20.tmp
    2008-06-25 17:20:39 20865 --a------ C:\WINDOWS\temp\IntelGFX.log
    2008-06-24 18:18:27 6019 --a------ C:\WINDOWS\temp\NetFxUpdate_v1.1.4322.log
    2008-07-01 17:51:01 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_950.dat
    2008-07-02 14:17:24 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
    2008-06-26 20:04:52 0 d-------- C:\WINDOWS\temp\_avast4_
    2007-10-18 10:04:16 341296 --a------ C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll <Verified; Hewlett-Packard Co.; HPDEXAXO>

    -*- End of Logfile -*-


    -extra.txt:

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 3.0
    Architecture: X86; Language: English

    CPU 0: Genuine Intel(R) CPU T1300 @ 1.66GHz
    Percentage of Memory in Use: 23%
    Physical Memory (total/avail): 1526.05 MiB / 1170.28 MiB
    Pagefile Memory (total/avail): 3422.51 MiB / 3212.81 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1872.11 MiB

    C: is Fixed (NTFS) - 19.53 GiB total, 11.62 GiB free.
    D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
    E: is CDROM (UDF)

    \\.\PHYSICALDRIVE0 - FUJITSU MHW2080BH - 74.53 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Administrator\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=BILLGAFF-89EFD5
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Administrator
    LOGONSERVER=\\BILLGAFF-89EFD5
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0e08
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=BILLGAFF-89EFD5
    USERNAME=Administrator
    USERPROFILE=C:\Documents and Settings\Administrator
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    billgaffe (admin)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpl30a5a.inf
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
    HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
    HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
    J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    K-Lite Codec Pack 3.9.5 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
    Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
    Microsoft Compression Client Pack 1.0 for Windows XP -->
    Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 -->
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
    RegSupreme Pro --> "C:\Program Files\RegSupreme Pro\unins000.exe"
    Satsuki Decoder Pack 4000 --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
    Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Format 11 runtime -->


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type293 / Error
    Event Submitted/Written: 07/02/2008 02:01:29 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type289 / Error
    Event Submitted/Written: 07/02/2008 00:29:54 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type285 / Error
    Event Submitted/Written: 07/02/2008 02:45:58 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type249 / Success
    Event Submitted/Written: 07/01/2008 04:26:31 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type197 / Error
    Event Submitted/Written: 06/28/2008 08:12:34 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type2055 / Warning
    Event Submitted/Written: 07/02/2008 02:22:52 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
    error occurred:
    %%121.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Event Record #/Type2010 / Warning
    Event Submitted/Written: 07/02/2008 02:02:36 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Event Record #/Type2009 / Warning
    Event Submitted/Written: 07/02/2008 02:02:35 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Event Record #/Type1937 / Warning
    Event Submitted/Written: 07/02/2008 00:31:09 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Event Record #/Type1928 / Warning
    Event Submitted/Written: 07/02/2008 00:17:39 PM
    Event ID/Source: 1007 / Dhcp
    Event Description:
    Your computer has automatically configured the IP address for the Network
    Card with network address 0018DE7EE42C. The IP address being used is 169.254.187.245.



    -- End of Deckard's System Scanner: finished at 2008-07-02 14:39:31 ------------


    -main.txt:

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-07-02 14:35:59
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    30: 2008-07-02 12:36:03 UTC - RP30 - Deckard's System Scanner Restore Point
    29: 2008-07-01 15:51:00 UTC - RP29 - Last known good configuration
    28: 2008-07-01 15:50:54 UTC - RP28 - Installed Kaspersky Internet Security 2009.
    27: 2008-07-01 15:50:54 UTC - RP27 - Removed Kaspersky Anti-Virus 7.0.
    26: 2008-07-01 15:50:53 UTC - RP26 - clean


    -- First Restore Point --
    1: 2008-07-01 15:50:47 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:37:17, on 02/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecogle.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} - (no file)
    O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\ljJCsppQ.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O2 - BHO: (no name) - {74200AD9-50E4-4965-8CB7-7E70AE26E8F3} - C:\WINDOWS\system32\hgGyyaaA.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {BA835039-A72D-4005-A135-2A1AC6EB9F6D} - C:\WINDOWS\system32\fccDuttq.dll (file missing)
    O2 - BHO: (no name) - {BDD85FFD-C3B7-444C-A5CD-BC7307E0D887} - C:\WINDOWS\system32\hgGvuSkI.dll (file missing)
    O2 - BHO: (no name) - {C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F} - (no file)
    O2 - BHO: (no name) - {EBD82173-92C5-42F9-8A62-B573912E1F7B} - (no file)
    O2 - BHO: (no name) - {F8906697-EC80-4E8A-9056-7BB1396F8C86} - C:\WINDOWS\system32\tuvwUNdb.dll (file missing)
    O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\WINDOWS\nqgpedlr.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKLM\..\Run: [e8b8a1d3] rundll32.exe "C:\WINDOWS\system32\yekiwhur.dll",b
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O20 - Winlogon Notify: ljJCsppQ - C:\WINDOWS\SYSTEM32\ljJCsppQ.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    --
    End of file - 6909 bytes

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    All services whitelisted.


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\HPQ0006\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\HPQ0006\2&DABA3FF&0
    Service:

    Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
    Description: HDAUDIO Soft Data Fax Modem with SmartCP
    Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_5047&SUBSYS_103C30A5&REV_1000\4&2BB472F0&0&0002
    Manufacturer: CXT
    Name: HDAUDIO Soft Data Fax Modem with SmartCP
    PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_5047&SUBSYS_103C30A5&REV_1000\4&2BB472F0&0&0002
    Service: Modem

    Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
    Description: Microsoft ACPI-Compliant Control Method Battery
    Device ID: ACPI\PNP0C0A\1
    Manufacturer: Microsoft
    Name: Microsoft ACPI-Compliant Control Method Battery
    PNP Device ID: ACPI\PNP0C0A\1
    Service: CmBatt

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30A5103C&REV_01\3&B1BFB68&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30A5103C&REV_01\3&B1BFB68&0&FB
    Service:


    -- Files created between 2008-06-02 and 2008-07-02 -----------------------------

    2008-07-02 14:37:08 0 d-------- C:\Program Files\Trend Micro
    2008-07-02 14:08:28 91520 --a------ C:\WINDOWS\system32\yekiwhur.dll
    2008-07-02 14:07:17 0 d-------- C:\VundoFix Backups
    2008-07-02 03:46:08 142717 --ahs---- C:\WINDOWS\system32\bdNUwvut.ini2
    2008-07-01 23:11:03 130101 --ahs---- C:\WINDOWS\system32\IkSuvGgh.ini2
    2008-07-01 17:53:19 92032 --a------ C:\WINDOWS\system32\wxhbdnkd.dll
    2008-07-01 17:50:37 1267 --ahs---- C:\WINDOWS\system32\qttuDccf.ini2
    2008-07-01 17:46:42 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-07-01 17:46:41 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-07-01 17:45:47 147488 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-07-01 17:45:47 738336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-01 17:45:47 0 d-------- C:\Program Files\Kaspersky Lab
    2008-07-01 17:45:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-07-01 17:45:33 28288 --a------ C:\WINDOWS\system32\nnnkJywX.dll
    2008-07-01 17:45:28 28288 --a------ C:\WINDOWS\system32\ljJCsppQ.dll
    2008-07-01 17:44:53 81920 --a------ C:\WINDOWS\mrvtdpqe.exe
    2008-07-01 17:44:53 94208 --a------ C:\WINDOWS\eolk.exe
    2008-06-30 22:37:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
    2008-06-30 18:22:14 0 d-------- C:\Program Files\DivX
    2008-06-30 15:20:35 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-30 15:20:34 0 d-------- C:\Program Files\DVD Shrink
    2008-06-29 21:26:47 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-06-29 17:10:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
    2008-06-29 17:10:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2008-06-28 07:55:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-06-28 07:51:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-06-28 07:51:30 0 d-------- C:\Program Files\Common Files\Adobe
    2008-06-28 07:41:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
    2008-06-28 07:39:48 0 d-------- C:\WINDOWS\system32\appmgmt
    2008-06-28 05:36:40 0 d-------- C:\Documents and Settings\Administrator\Contacts
    2008-06-28 05:32:29 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-06-28 05:32:21 0 d-------- C:\Program Files\Windows Live
    2008-06-28 05:32:12 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-27 17:34:39 106732 --a------ C:\WINDOWS\War3Unin.dat
    2008-06-27 17:34:38 2829 --a------ C:\WINDOWS\War3Unin.pif
    2008-06-27 17:34:38 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
    2008-06-27 17:30:02 0 d-------- C:\Program Files\Warcraft III
    2008-06-26 19:53:57 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-06-26 10:56:48 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-25 22:01:21 0 d-------- C:\WINDOWS\Sun
    2008-06-25 22:01:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2008-06-25 22:00:44 0 d-------- C:\Program Files\Java
    2008-06-25 22:00:06 0 d-------- C:\Program Files\Common Files\Java
    2008-06-25 18:24:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
    2008-06-25 18:22:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
    2008-06-25 18:20:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
    2008-06-25 18:18:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\vlc
    2008-06-25 18:11:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
    2008-06-25 18:10:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2008-06-25 18:10:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
    2008-06-25 18:10:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2008-06-25 18:10:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-06-25 18:10:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2008-06-25 18:10:39 2883584 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-06-25 18:10:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2008-06-25 18:10:39 0 dr------- C:\Documents and Settings\Administrator\My Documents
    2008-06-25 18:10:39 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2008-06-25 18:10:39 0 dr------- C:\Documents and Settings\Administrator\Favorites
    2008-06-25 18:10:39 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2008-06-25 18:10:39 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2008-06-25 18:10:39 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2008-06-25 18:03:09 0 d-------- C:\Program Files\RegSupreme Pro
    2008-06-25 17:57:52 0 d-------- C:\Program Files\Satsuki Decoder Pack
    2008-06-25 17:57:17 164352 --a------ C:\WINDOWS\system32\unrar.dll
    2008-06-25 17:57:15 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2008-06-25 17:57:15 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
    2008-06-25 17:57:14 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-06-25 17:57:14 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-06-25 17:57:14 2121235 --a------ C:\WINDOWS\system32\x264vfw.dll
    2008-06-25 17:57:14 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
    2008-06-25 17:57:14 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
    2008-06-25 17:57:14 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
    2008-06-25 17:57:13 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-06-25 17:57:13 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-06-25 17:57:13 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
    2008-06-25 17:57:11 0 d-------- C:\Program Files\K-Lite Codec Pack
    2008-06-25 17:55:33 0 d-------- C:\Program Files\VideoLAN
    2008-06-25 17:54:13 0 d-------- C:\Program Files\uTorrent
    2008-06-25 17:54:09 0 d-------- C:\Documents and Settings\billgaffe\Application Data\uTorrent
    2008-06-25 17:51:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-25 17:45:52 0 d-------- C:\Program Files\Lavasoft
    2008-06-25 17:45:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-25 17:45:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-25 17:43:58 0 d-------- C:\Program Files\SP35954
    2008-06-25 17:24:29 0 d-------- C:\Documents and Settings\billgaffe\Application Data\Macromedia
    2008-06-25 17:24:28 0 d-------- C:\Documents and Settings\billgaffe\Application Data\Adobe
    2008-06-25 17:20:12 0 d-------- C:\WINDOWS\system32\Lang
    2008-06-25 17:20:12 397312 --a------ C:\WINDOWS\system32\igxpun.exe <Not Verified; Intel(R) Corporation; Intel(R) Graphics Media Accelerator Driver>
    2008-06-25 17:20:12 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2008-06-25 17:20:03 0 d-------- C:\swsetup
    2008-06-25 17:10:26 0 d-------- C:\Program Files\HP
    2008-06-25 17:10:25 0 d-------- C:\WINDOWS\Downloaded Installations
    2008-06-25 16:59:35 0 dr-h----- C:\Documents and Settings\billgaffe\Recent
    2008-06-24 19:29:06 0 d--hs---- C:\WINDOWS\Installer
    2008-06-24 19:29:05 0 d-------- C:\Program Files\Common Files\ODBC
    2008-06-24 19:29:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
    2008-06-24 19:29:00 0 dr------- C:\Program Files
    2008-06-24 19:29:00 0 d-------- C:\Program Files\Common Files
    2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\Default User\Templates
    2008-06-24 19:28:24 0 dr------- C:\Documents and Settings\Default User\Start Menu
    2008-06-24 19:28:24 0 dr-h----- C:\Documents and Settings\Default User\SendTo
    2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\Default User\Recent
    2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\Default User\PrintHood
    2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\Default User\NetHood
    2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\Default User\My Documents
    2008-06-24 19:28:24 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
    2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\Default User\Favorites
    2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\Default User\Desktop
    2008-06-24 19:28:24 0 d--hs---- C:\Documents and Settings\Default User\Cookies
    2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\All Users\Templates
    2008-06-24 19:28:24 0 dr------- C:\Documents and Settings\All Users\Start Menu
    2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\All Users\Favorites
    2008-06-24 19:28:24 0 dr------- C:\Documents and Settings\All Users\Documents
    2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\All Users\Desktop
    2008-06-24 19:28:09 0 d-------- C:\WINDOWS\system32\CatRoot2
    2008-06-24 19:28:09 0 d-------- C:\WINDOWS\system32\CatRoot
    2008-06-24 19:28:03 0 dr-h----- C:\Documents and Settings\Default User\Application Data
    2008-06-24 19:28:03 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
    2008-06-24 19:28:03 0 dr-h----- C:\Documents and Settings\All Users\Application Data
    2008-06-24 19:28:03 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-06-24 19:27:14 0 d-------- C:\Documents and Settings
    2008-06-24 19:27:13 0 d--hs---- C:\System Volume Information
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\WinSxS
    2008-06-24 19:21:26 0 dr------- C:\WINDOWS\Web
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\twain_32
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\wins
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\wbem
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\usmt
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\spool
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\ShellExt
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\Setup
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\scripting
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\ras
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\oobe
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\npp
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\mui
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\inetsrv
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\IME
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\icsxml
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\ias
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\export
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\en
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\drivers
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\drivers\etc
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\drivers\disdn
    2008-06-24 19:21:26 0 dr-hs--c- C:\WINDOWS\system32\dllcache
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\dhcp
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\config
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\3com_dmi
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\3076
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\2052
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1054
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1042
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1041
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1037
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1033
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1031
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1028
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1025
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\security
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Resources
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\repair
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Provisioning
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\PeerNet
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\pchealth
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Offline Web Pages
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\NLDRV
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Network Diagnostic
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\mui
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\msapps
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\msagent
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Media
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\L2Schemas
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\java
    2008-06-24 19:21:26 0 d--h----- C:\WINDOWS\inf
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\ime
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Help
    2008-06-24 19:21:26 0 dr--s---- C:\WINDOWS\Fonts
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\ehome
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Driver Cache
    2008-06-24 19:21:26 0 d---s---- C:\WINDOWS\Downloaded Program Files
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Debug
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Cursors
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Connection Wizard
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Config
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\AppPatch
    2008-06-24 19:21:26 0 d-------- C:\WINDOWS\addins
    2008-06-24 18:09:10 0 d-------- C:\Program Files\Synaptics
    2008-06-24 18:09:09 0 d-------- C:\WINDOWS\system32\ReinstallBackups
    2008-06-24 18:08:30 0 d-------- C:\Program Files\CONEXANT
    2008-06-24 18:00:17 0 d-------- C:\WINDOWS\system32\URTTemp
    2008-06-24 17:53:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-06-24 17:53:42 0 d-------- C:\WINDOWS\system32\PreInstall
    2008-06-24 17:52:39 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
    2008-06-24 17:48:52 0 d-------- C:\Documents and Settings\billgaffe\Application Data\Identities
    2008-06-24 17:48:46 0 d--h----- C:\Documents and Settings\billgaffe\Templates
    2008-06-24 17:48:46 0 dr------- C:\Documents and Settings\billgaffe\Start Menu
    2008-06-24 17:48:46 0 dr-h----- C:\Documents and Settings\billgaffe\SendTo
    2008-06-24 17:48:46 0 d--h----- C:\Documents and Settings\billgaffe\PrintHood
    2008-06-24 17:48:46 2359296 --ah----- C:\Documents and Settings\billgaffe\NTUSER.DAT
    2008-06-24 17:48:46 0 d--h----- C:\Documents and Settings\billgaffe\NetHood
    2008-06-24 17:48:46 0 dr------- C:\Documents and Settings\billgaffe\My Documents
    2008-06-24 17:48:46 0 d--h----- C:\Documents and Settings\billgaffe\Local Settings
    2008-06-24 17:48:46 0 dr------- C:\Documents and Settings\billgaffe\Favorites
    2008-06-24 17:48:46 0 d-------- C:\Documents and Settings\billgaffe\Desktop
    2008-06-24 17:48:46 0 d--hs---- C:\Documents and Settings\billgaffe\Cookies
    2008-06-24 17:48:46 0 dr-h----- C:\Documents and Settings\billgaffe\Application Data
    2008-06-24 17:48:46 0 d---s---- C:\Documents and Settings\billgaffe\Application Data\Microsoft
    2008-06-24 17:47:31 0 d-------- C:\WINDOWS\SoftwareDistribution
    2008-06-24 17:47:17 0 d---s---- C:\WINDOWS\system32\Microsoft
    2008-06-24 17:47:17 0 d-------- C:\WINDOWS\Prefetch
    2008-06-24 17:47:15 245760 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
    2008-06-24 17:47:15 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
    2008-06-24 17:47:15 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
    2008-06-24 17:47:15 0 d-------- C:\Documents and Settings\LocalService\Application Data
    2008-06-24 17:47:15 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
    2008-06-24 17:46:59 245760 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
    2008-06-24 17:46:59 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
    2008-06-24 17:46:59 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
    2008-06-24 17:46:59 0 d-------- C:\Documents and Settings\NetworkService\Application Data
    2008-06-24 17:46:59 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    2008-06-24 17:44:01 0 d-------- C:\WINDOWS\system32\xircom
    2008-06-24 17:44:01 0 d-------- C:\Program Files\microsoft frontpage
    2008-06-24 17:43:48 245760 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
    2008-06-24 17:43:46 0 d--h----- C:\WINDOWS\$hf_mig$
    2008-06-24 17:43:43 0 d-------- C:\WINDOWS\system32\LogFiles
    2008-06-24 17:43:29 0 d-------- C:\WINDOWS\system32\drivers\umdf
    2008-06-24 17:43:09 0 d-------- C:\Program Files\Windows Media Connect 2
    2008-06-24 17:42:44 0 -rahs---- C:\MSDOS.SYS
    2008-06-24 17:42:44 0 -rahs---- C:\IO.SYS
    2008-06-24 17:42:44 0 --a------ C:\CONFIG.SYS
    2008-06-24 17:42:44 0 --a------ C:\AUTOEXEC.BAT
    2008-06-24 17:41:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
    2008-06-24 17:41:27 0 d--h----- C:\Program Files\WindowsUpdate
    2008-06-24 17:41:02 0 d-------- C:\WINDOWS\system32\DirectX
    2008-06-24 17:40:37 0 d---s---- C:\WINDOWS\Tasks
    2008-06-24 17:40:36 0 d-------- C:\Program Files\Common Files\MSSoap
    2008-06-24 17:40:30 0 d-------- C:\WINDOWS\srchasst
    2008-06-24 17:40:29 0 d-------- C:\WINDOWS\system32\Macromed
    2008-06-24 17:40:19 0 d-------- C:\Program Files\Movie Maker
    2008-06-24 17:39:52 0 d-------- C:\WINDOWS\system32\Restore
    2008-06-24 17:38:55 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-06-24 17:38:36 0 d-------- C:\WINDOWS\Registration
    2008-06-24 17:38:14 0 d-------- C:\Program Files\System
    2008-06-24 17:38:13 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2008-06-24 17:38:13 398416 --a------ C:\WINDOWS\system\vbrun300.dll <Not Verified; Microsoft Corporation; Visual Basic 3.0>
    2008-06-24 17:38:13 356992 --a------ C:\WINDOWS\system\vbrun200.dll <Not Verified; Microsoft Corporation; Visual Basic 2.0>
    2008-06-24 17:38:13 271264 --a------ C:\WINDOWS\system\vbrun100.dll
    2008-06-24 17:38:12 722192 --a------ C:\WINDOWS\system32\vb40032.dll <Not Verified; Microsoft Corporation; Visual Basic 4.0>
    2008-06-24 17:38:12 935632 --a------ C:\WINDOWS\system\vb40016.dll <Not Verified; Microsoft Corporation; Visual Basic 4.0>
    2008-06-24 17:38:11 32768 --a------ C:\WINDOWS\system\PLUGIN.DLL <Not Verified; Adobe Systems, Inc.; Adobe Photoshop>
    2008-06-24 17:38:11 210944 --a------ C:\WINDOWS\system\MSVCRT10.DLL
    2008-06-24 17:38:10 94208 --a------ C:\WINDOWS\system32\msstkprp.dll <Not Verified; Microsoft Corporation; msprop32>
    2008-06-24 17:38:10 119808 --a------ C:\WINDOWS\system32\msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
    2008-06-24 17:38:05 2789468 --a------ C:\WINDOWS\system32\libmmd.dll <Not Verified; Intel Corporation; Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler>
    2008-06-24 17:38:05 101888 --a------ C:\WINDOWS\system32\libintl3.dll <Not Verified; GNU <www.gnu.org&gt;; GetText>
    2008-06-24 17:38:05 898048 --a------ C:\WINDOWS\system32\libiconv2.dll <Not Verified; GNU <www.gnu.org&gt;; LibIconv>
    2008-06-24 17:38:04 394752 --a------ C:\WINDOWS\system32\cygwinb19.dll
    2008-06-24 17:38:03 1872666 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
    2008-06-24 17:37:54 0 d-------- C:\Program Files\MSN Gaming Zone
    2008-06-24 17:37:07 0 d-------- C:\Program Files\Windows NT
    2008-06-24 17:37:02 0 d-------- C:\WINDOWS\system32\MsDtc
    2008-06-24 17:36:59 0 d-------- C:\WINDOWS\system32\Com


    -- Find3M Report ---------------------------------------------------------------

    2008-06-24 19:28:24 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
    2008-04-24 04:26:23 1614848 --a------ C:\WINDOWS\system32\sfcfiles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-04-24 04:25:38 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-04-24 04:21:45 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
    2008-04-24 04:21:32 501760 --a------ C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Uniscribe Unicode script processor>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}]
    01/07/2008 17:45 28288 --a------ C:\WINDOWS\system32\ljJCsppQ.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    25/04/2008 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74200AD9-50E4-4965-8CB7-7E70AE26E8F3}]
    C:\WINDOWS\system32\hgGyyaaA.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA835039-A72D-4005-A135-2A1AC6EB9F6D}]
    C:\WINDOWS\system32\fccDuttq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD85FFD-C3B7-444C-A5CD-BC7307E0D887}]
    C:\WINDOWS\system32\hgGvuSkI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBD82173-92C5-42F9-8A62-B573912E1F7B}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8906697-EC80-4E8A-9056-7BB1396F8C86}]
    C:\WINDOWS\system32\tuvwUNdb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [14/08/2006 14:39]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [14/08/2006 14:41]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [14/08/2006 14:38]
    "HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25/04/2008 18:21]
    "e8b8a1d3"="C:\WINDOWS\system32\yekiwhur.dll" [02/07/2008 14:08]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "nltide_2"=regsvr32 /s /n /i:U shell32

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{28220052-D9A9-44B1-AB98-EDC594D238B6}"= C:\WINDOWS\system32\ljJCsppQ.dll [01/07/2008 17:45 28288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCsppQ]
    ljJCsppQ.dll 01/07/2008 17:45 28288 C:\WINDOWS\system32\ljJCsppQ.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGyyaaA

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa640f68-42c6-11dd-85e9-0016d49b1b1b}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa640f69-42c6-11dd-85e9-0016d49b1b1b}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa640f6a-42c6-11dd-85e9-0016d49b1b1b}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    8772 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-07-02 14:39:31 ------------


    *Rapport VirtumundoBeGone après 2nde tentative en mode sans échec:


    [07/02/2008, 15:16:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
    [07/02/2008, 15:16:18] - Detected System Information:
    [07/02/2008, 15:16:18] - Windows Version: 5.1.2600, Service Pack 3
    [07/02/2008, 15:16:18] - Current Username: Administrator (Admin)
    [07/02/2008, 15:16:18] - Windows is in SAFE mode with Networking.
    [07/02/2008, 15:16:18] - Searching for Browser Helper Objects:
    [07/02/2008, 15:16:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [07/02/2008, 15:16:18] - BHO 2: {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} ()
    [07/02/2008, 15:16:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:18] - No filename found. Continuing.
    [07/02/2008, 15:16:18] - BHO 3: {28220052-D9A9-44B1-AB98-EDC594D238B6} ()
    [07/02/2008, 15:16:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:18] - Checking for HKLM\...\Winlogon\Notify\ljJCsppQ
    [07/02/2008, 15:16:18] - Found: HKLM\...\Winlogon\Notify\ljJCsppQ - This is probably Virtumundo.
    [07/02/2008, 15:16:18] - Assigning {28220052-D9A9-44B1-AB98-EDC594D238B6} MSEvents Object
    [07/02/2008, 15:16:18] - BHO list has been changed! Starting over...
    [07/02/2008, 15:16:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [07/02/2008, 15:16:18] - BHO 2: {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} ()
    [07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:19] - No filename found. Continuing.
    [07/02/2008, 15:16:19] - BHO 3: {28220052-D9A9-44B1-AB98-EDC594D238B6} (MSEvents Object)
    [07/02/2008, 15:16:19] - ALERT: Found MSEvents Object!
    [07/02/2008, 15:16:19] - BHO 4: {438719BC-356F-4109-A966-111CE178211B} ()
    [07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:19] - Checking for HKLM\...\Winlogon\Notify\cbXpQkLE
    [07/02/2008, 15:16:19] - Key not found: HKLM\...\Winlogon\Notify\cbXpQkLE, continuing.
    [07/02/2008, 15:16:19] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [07/02/2008, 15:16:19] - BHO 6: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO Class)
    [07/02/2008, 15:16:19] - BHO 7: {74200AD9-50E4-4965-8CB7-7E70AE26E8F3} ()
    [07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:19] - Checking for HKLM\...\Winlogon\Notify\hgGyyaaA
    [07/02/2008, 15:16:19] - Key not found: HKLM\...\Winlogon\Notify\hgGyyaaA, continuing.
    [07/02/2008, 15:16:19] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/02/2008, 15:16:19] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:19] - No filename found. Continuing.
    [07/02/2008, 15:16:19] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [07/02/2008, 15:16:19] - BHO 11: {BA835039-A72D-4005-A135-2A1AC6EB9F6D} ()
    [07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:19] - Checking for HKLM\...\Winlogon\Notify\fccDuttq
    [07/02/2008, 15:16:19] - Key not found: HKLM\...\Winlogon\Notify\fccDuttq, continuing.
    [07/02/2008, 15:16:19] - BHO 12: {BDD85FFD-C3B7-444C-A5CD-BC7307E0D887} ()
    [07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:19] - Checking for HKLM\...\Winlogon\Notify\hgGvuSkI
    [07/02/2008, 15:16:19] - Key not found: HKLM\...\Winlogon\Notify\hgGvuSkI, continuing.
    [07/02/2008, 15:16:19] - BHO 13: {C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F} ()
    [07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:19] - No filename found. Continuing.
    [07/02/2008, 15:16:19] - BHO 14: {EBD82173-92C5-42F9-8A62-B573912E1F7B} ()
    [07/02/2008, 15:16:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:20] - No filename found. Continuing.
    [07/02/2008, 15:16:20] - BHO 15: {F8906697-EC80-4E8A-9056-7BB1396F8C86} ()
    [07/02/2008, 15:16:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:20] - Checking for HKLM\...\Winlogon\Notify\tuvwUNdb
    [07/02/2008, 15:16:20] - Key not found: HKLM\...\Winlogon\Notify\tuvwUNdb, continuing.
    [07/02/2008, 15:16:20] - Finished Searching Browser Helper Objects
    [07/02/2008, 15:16:20] - *** Detected MSEvents Object
    [07/02/2008, 15:16:20] - Trying to remove MSEvents Object...
    [07/02/2008, 15:16:21] - Terminating Process: IEXPLORE.EXE
    [07/02/2008, 15:16:21] - Terminating Process: RUNDLL32.EXE
    [07/02/2008, 15:16:21] - Disabling Automatic Shell Restart
    [07/02/2008, 15:16:21] - Terminating Process: EXPLORER.EXE
    [07/02/2008, 15:16:21] - Suspending the NT Session Manager System Service
    [07/02/2008, 15:16:21] - Terminating Windows NT Logon/Logoff Manager
    [07/02/2008, 15:16:22] - Re-enabling Automatic Shell Restart
    [07/02/2008, 15:16:22] - File to disable: C:\WINDOWS\system32\ljJCsppQ.dll
    [07/02/2008, 15:16:22] - Renaming C:\WINDOWS\system32\ljJCsppQ.dll -> C:\WINDOWS\system32\ljJCsppQ.dll.vir
    [07/02/2008, 15:16:22] - File successfully renamed!
    [07/02/2008, 15:16:22] - Removing HKLM\...\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}
    [07/02/2008, 15:16:22] - Removing HKCR\CLSID\{28220052-D9A9-44B1-AB98-EDC594D238B6}
    [07/02/2008, 15:16:22] - Adding Kill Bit for ActiveX for GUID: {28220052-D9A9-44B1-AB98-EDC594D238B6}
    [07/02/2008, 15:16:22] - Deleting ATLEvents/MSEvents Registry entries
    [07/02/2008, 15:16:22] - Removing HKLM\...\Winlogon\Notify\ljJCsppQ
    [07/02/2008, 15:16:22] - Searching for Browser Helper Objects:
    [07/02/2008, 15:16:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [07/02/2008, 15:16:22] - BHO 2: {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} ()
    [07/02/2008, 15:16:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:22] - No filename found. Continuing.
    [07/02/2008, 15:16:22] - BHO 3: {438719BC-356F-4109-A966-111CE178211B} ()
    [07/02/2008, 15:16:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:23] - Checking for HKLM\...\Winlogon\Notify\cbXpQkLE
    [07/02/2008, 15:16:23] - Key not found: HKLM\...\Winlogon\Notify\cbXpQkLE, continuing.
    [07/02/2008, 15:16:23] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [07/02/2008, 15:16:23] - BHO 5: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO Class)
    [07/02/2008, 15:16:23] - BHO 6: {74200AD9-50E4-4965-8CB7-7E70AE26E8F3} ()
    [07/02/2008, 15:16:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:23] - Checking for HKLM\...\Winlogon\Notify\hgGyyaaA
    [07/02/2008, 15:16:23] - Key not found: HKLM\...\Winlogon\Notify\hgGyyaaA, continuing.
    [07/02/2008, 15:16:23] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/02/2008, 15:16:23] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [07/02/2008, 15:16:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:23] - No filename found. Continuing.
    [07/02/2008, 15:16:23] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [07/02/2008, 15:16:23] - BHO 10: {BA835039-A72D-4005-A135-2A1AC6EB9F6D} ()
    [07/02/2008, 15:16:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:23] - Checking for HKLM\...\Winlogon\Notify\fccDuttq
    [07/02/2008, 15:16:23] - Key not found: HKLM\...\Winlogon\Notify\fccDuttq, continuing.
    [07/02/2008, 15:16:23] - BHO 11: {BDD85FFD-C3B7-444C-A5CD-BC7307E0D887} ()
    [07/02/2008, 15:16:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:23] - Checking for HKLM\...\Winlogon\Notify\hgGvuSkI
    [07/02/2008, 15:16:23] - Key not found: HKLM\...\Winlogon\Notify\hgGvuSkI, continuing.
    [07/02/2008, 15:16:23] - BHO 12: {C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F} ()
    [07/02/2008, 15:16:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:23] - No filename found. Continuing.
    [07/02/2008, 15:16:23] - BHO 13: {EBD82173-92C5-42F9-8A62-B573912E1F7B} ()
    [07/02/2008, 15:16:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:23] - No filename found. Continuing.
    [07/02/2008, 15:16:23] - BHO 14: {F8906697-EC80-4E8A-9056-7BB1396F8C86} ()
    [07/02/2008, 15:16:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/02/2008, 15:16:23] - Checking for HKLM\...\Winlogon\Notify\tuvwUNdb
    [07/02/2008, 15:16:23] - Key not found: HKLM\...\Winlogon\Notify\tuvwUNdb, continuing.
    [07/02/2008, 15:16:23] - Finished Searching Browser Helper Objects
    [07/02/2008, 15:16:23] - Finishing up...
    [07/02/2008, 15:16:23] - A restart is needed.
    [07/02/2008, 15:16:28] - Attempting to Restart via STOP error (Blue Screen!)



    *Rapport HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:21:31, on 02/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecogle.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\WINDOWS\nqgpedlr.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Too

    P.S: mondernier message étant trop long, voici l'intégralité de mon rapport HijackThis:

    *Rapport HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:21:31, on 02/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecogle.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\WINDOWS\nqgpedlr.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    --
    End of file - 5482 bytes



    Voilà....
    S'il te plaît, me dis pas de reformater..... Sinon tu auras ma mort sur la conscience... XD
    Merci d'avance!
    Lassé par la pub ? Créez un compte
    Tom's guide dans le monde