Bonjour tout le monde,

Tout est dit dans le titre je suis infecter de spywares tenaces jai quelques problèmes assez pénibles !!
Exemple : Ma connexion internet est OK, mais je ne peux pas naviguer sur google ( je ne télécharge pas en même temps), mon ordinateur se redémarre inopinément et j'ai constater le changement de ma page de démarrage de Ie avait changé !!
Je peux faire des recherches sur live search mais pas sur google

Merci de m'aider Voici le log

Logfile of HijackThis v1.99.1
Scan saved at 14:13:23, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mengelle\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi- [...] key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O4 - HKLM\..\Run: [lphcrv2j0el4r] C:\WINDOWS\system32\lphcrv2j0el4r.exe
O4 - HKLM\..\Run: [SMrhcvv2j0el4r] C:\Program Files\rhcvv2j0el4r\rhcvv2j0el4r.exe
O4 - HKLM\..\Run: [743a8343] rundll32.exe "C:\WINDOWS\system32\hcrycxof.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM7709b0df] Rundll32.exe "C:\WINDOWS\system32\kguonvva.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: wnslvxtf - {69416C19-4CC9-46C7-BC33-5E4ADE2BCFE1} - C:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {F4F4FAFC-B798-4271-880A-2C1DCFD38C14} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Bonjour,

1) Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix (d’Andy Manchesta)

• Enregistre le sur ton le bureau.
• Lance le.
• Fais install afin qu’il puisse s’extraire.

Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
• Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
• Appuie sur Y pour le lancer.
• Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
• Il est probable que le redémarrage soit un peu plus long que d’habitude.
• Une fois l’apparition de ton Bureau, il affichera Finished
• Appuie sur une touche.
• Un rapport est généré , poste le dans ta réponse.

Il se trouve également. dans le dossier SDFix >Report.txt<

Note : Si SDFix ne se lance pas (ça arrive!)

* Démarrer->Exécuter
* Copie/colle ceci:

* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDFix.

Aide : Comment faire démarrer son ordinateur en mode sans échec.

2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

• ferme toutes les applications et fenêtres
• double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

• s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
• tu devras cliquer 2 fois sur le OK des boîtes de dialogue

Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

• quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :

main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

• tu n'auras pas de boîte de dialogue (pas de OK)
• quand le traitement est terminé, un fichier texte s'affiche :

main.txt <- ouvert en premier plan et en plein écran

• copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
• copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
• n'oublie pas de réactiver les protections si elles ont été stoppées.

Ce que fait DSS :

• crée un point de restauration dans Windows XP et Vista
• nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
• vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

Voila le rapport de Sdfix


SDFix: Version 1.209
Run by Mengelle on 28/07/2008 at 15:28

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
clbdriver

Path :
\??\globalroot\systemroot\system32\drivers\clbdriver.sys

clbdriver - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\PPHCRV~1.EXE - Deleted
C:\WINDOWS\system32\pmnmjJBQ.dll - Deleted
C:\WINDOWS\SYSTEM32\PHCRV2~1.BMP - Deleted
C:\WINDOWS\SYSTEM32\BLPHCR~1.SCR - Deleted
C:\WINDOWS\ESEA.EXE - Deleted
C:\Program Files\VAV\vav.ooo - Deleted
C:\Program Files\VAV\vav0.dat - Deleted
C:\Program Files\VAV\vav1.dat - Deleted
C:\Program Files\Webtools\webtools.dll - Deleted
C:\Program Files\Webtools\webtools_old.dll - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt1.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt12.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt14.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt16.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt18.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt19.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt2.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt225.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt24.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt25.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt27.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt28.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt29.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt2B.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt2D.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt2F.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt31.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt32.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt33.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt35.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt36.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt38.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt39.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt3A.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt3F.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt41.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt42.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt44.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt46.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt48.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt4A.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt4C.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt4E.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt5.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt50.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt52.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt53.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt55.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt57.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt59.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt6.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.ttD.tmp - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\WINDOWS\b155.exe - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\Documents and Settings\Mengelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\Mengelle\real.txt - Deleted
C:\DOCUME~1\Mengelle\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\WINDOWS\system32\real.txt - Deleted



Folder C:\Program Files\CPV - Removed
Folder C:\Program Files\Eroca - Removed
Folder C:\Program Files\Sakora - Removed
Folder C:\Program Files\Spcron - Removed
Folder C:\Program Files\VAV - Removed
Folder C:\Program Files\Webtools - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 15:37:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clbdriver]
"type"=dword:00000001
"start"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\clbdriver]
"type"=dword:00000001
"start"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\drivers\clbdriver.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData]
"affid"="42"
"subid"="1"
"control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50,11,e5,f5
"prov"="10010"
"googleadserver"="pagead2.googlesyndication.com"
"flagged"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000095
"TracesSuccessful"=dword:0000008a

scanning hidden files ...

C:\WINDOWS\system32\clb.dll 11264 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\clbdll.dll.ren 34816 bytes executable
C:\WINDOWS\system32\clbinit.dll 7364 bytes
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 9


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:EnabledANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 13 Jan 2005 215 A.SHR --- "C:\BOOT.BAK"
Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 12 Mar 2004 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Tue 8 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e09fe9fb23931659fee8175518ca0d14\download\BIT6C.tmp"

Finished!



Le main.txt

Deckard's System Scanner v20071014.68
Run by Mengelle on 2008-07-28 15:45:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2008-07-28 13:45:28 UTC - RP276 - Deckard's System Scanner Restore Point
82: 2008-07-28 11:12:14 UTC - RP275 - Point de vérification système
81: 2008-07-27 08:34:53 UTC - RP274 - Revo Uninstaller's restore point - AntivirXP08
80: 2008-07-24 16:20:55 UTC - RP273 - Point de vérification système
79: 2008-07-22 21:18:32 UTC - RP272 - Spyware Terminator - restore point


-- First Restore Point --
1: 2008-07-12 09:19:11 UTC - RP194 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mengelle.exe) --------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-28 15:47:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Mengelle\Bureau\dss.exe
C:\Documents and Settings\Mengelle\Bureau\hijackthis\Mengelle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi- [...] key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {45C11AF3-D5D4-4D59-A7B5-813B98102BA6} - C:\WINDOWS\system32\hgGawvur.dll
O2 - BHO: (no name) - {4F43126C-0B98-46A5-9845-B396D0600EFA} - C:\WINDOWS\system32\fccdcbab.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7f41466b-2909-716a-4224-d1ac17b7400e} - {e0047b71-ca1d-4224-a617-9092b66414f7} - C:\WINDOWS\system32\reqozp.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [lphcrv2j0el4r] C:\WINDOWS\system32\lphcrv2j0el4r.exe
O4 - HKLM\..\Run: [SMrhcvv2j0el4r] C:\Program Files\rhcvv2j0el4r\rhcvv2j0el4r.exe
O4 - HKLM\..\Run: [743a8343] rundll32.exe "C:\WINDOWS\system32\hcrycxof.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM7709b0df] Rundll32.exe "C:\WINDOWS\system32\kguonvva.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: awtqnkhe - C:\WINDOWS\system32\awtqnkhe.dll (file missing)
O20 - Winlogon Notify: fccdcbab - C:\WINDOWS\system32\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe


--
End of file - 7967 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 atjsgt - c:\windows\system32\drivers\atjsgt.sys
R2 linsgt - c:\windows\system32\drivers\linsgt.sys
R3 catchme - c:\docume~1\mengelle\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 VCSSecS (Virtual CD v4 Security service (SDK - Version)) - c:\program files\virtual cd v4 sdk\system\vcssecs.exe <Not Verified; H+H Software GmbH; Virtual CD>

S3 MysqlInventime - c:\mysql\bin\mysqld-nt mysqlinventime
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 15:22:22 0 d-------- C:\WINDOWS\ERUNT
2008-07-27 16:45:21 83456 --a------ C:\WINDOWS\system32\hcrycxof.dll
2008-07-27 16:40:04 105472 --a------ C:\WINDOWS\system32\reqozp.dll
2008-07-27 16:40:03 105472 --a------ C:\WINDOWS\system32\ecvxsskd.dll
2008-07-27 16:37:02 91648 --a------ C:\WINDOWS\system32\kguonvva.dll
2008-07-27 16:35:08 91648 --a------ C:\WINDOWS\system32\smdimykx.dll
2008-07-27 16:25:24 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2008-07-27 16:23:58 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Real
2008-07-27 16:23:58 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-07-27 16:23:58 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2008-07-27 16:23:57 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-27 16:23:57 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-27 16:23:57 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-07-27 16:23:57 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2008-07-27 16:23:57 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-07-27 16:23:57 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-27 16:23:57 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-27 16:23:57 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-07-27 16:23:57 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2008-07-27 16:23:57 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2008-07-27 16:23:57 0 dr------- C:\Documents and Settings\Administrateur\Bureau
2008-07-27 16:23:57 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-07-27 16:23:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-07-27 16:23:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-07-27 16:23:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sun
2008-07-27 16:23:56 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-07-27 12:10:36 0 dr-h----- C:\Documents and Settings\Mengelle\Recent
2008-07-27 10:32:46 0 d-------- C:\Program Files\VS Revo Group
2008-07-27 10:19:01 0 d-------- C:\Program Files\RogueRemover FREE
2008-07-27 10:04:07 0 d-------- C:\Program Files\rhcvv2j0el4r
2008-07-27 09:57:57 105472 --a------ C:\WINDOWS\system32\lxtmhz.dll
2008-07-27 09:57:55 105472 --a------ C:\WINDOWS\system32\afbkhodx.dll
2008-07-27 09:54:51 0 d-------- C:\Program Files\RegClean
2008-07-27 09:52:06 91648 --a------ C:\WINDOWS\system32\yybiwltm.dll
2008-07-26 21:58:41 0 d-------- C:\Documents and Settings\Sandra\Application Data\rhcvv2j0el4r
2008-07-25 09:30:32 32640 --a------ C:\WINDOWS\system32\yayvTlkH.dll
2008-07-25 09:30:32 32640 --a------ C:\WINDOWS\system32\khfDTJBs.dll
2008-07-25 09:26:48 32640 --a------ C:\WINDOWS\system32\mlJCRjHy.dll
2008-07-25 09:26:48 32640 --a------ C:\WINDOWS\system32\ljJASjIb.dll
2008-07-25 09:26:33 10752 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-07-25 09:26:26 32640 --a------ C:\WINDOWS\system32\nnnlkljg.dll
2008-07-25 09:22:46 0 d-------- C:\Documents and Settings\Mengelle\Application Data\rhcvv2j0el4r
2008-07-25 09:22:12 128512 --a------ C:\WINDOWS\system32\lphcrv2j0el4r.exe
2008-07-25 09:18:15 0 d-------- C:\Program Files\CrackBuster
2008-07-24 16:58:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-24 16:44:16 83296 --a------ C:\WINDOWS\system32\gotamksj.dll
2008-07-24 16:42:07 105312 --a------ C:\WINDOWS\system32\knkqah.dll
2008-07-24 16:42:05 105312 --a------ C:\WINDOWS\system32\usmjbnpn.dll
2008-07-24 16:41:58 91472 --a------ C:\WINDOWS\system32\qjlpixvq.dll
2008-07-23 10:30:39 105312 --a------ C:\WINDOWS\system32\mnckyz.dll
2008-07-23 10:30:38 105312 --a------ C:\WINDOWS\system32\ohujlgar.dll
2008-07-23 10:28:43 91456 --a------ C:\WINDOWS\system32\xkwndptr.dll
2008-07-22 22:54:57 0 d-------- C:\Program Files\Lavasoft
2008-07-22 22:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-22 22:53:27 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-22 22:15:23 0 d-------- C:\Documents and Settings\Mengelle\Application Data\Spyware Terminator
2008-07-22 18:59:05 0 d-------- C:\Documents and Settings\Mengelle\Application Data\ItsLabel
2008-07-22 09:49:45 1594543 --a------ C:\WINDOWS\WANEUninstaller.exe
2008-07-22 09:46:37 0 d-------- C:\Games
2008-07-22 09:42:17 0 d-------- C:\Documents and Settings\Mengelle\Application Data\EoRezo
2008-07-22 09:08:32 105280 --a------ C:\WINDOWS\system32\dinjid.dll
2008-07-22 09:08:31 105280 --a------ C:\WINDOWS\system32\ornhitcl.dll
2008-07-22 09:06:33 81184 --a------ C:\WINDOWS\system32\guvdivvv.dll
2008-07-21 22:40:29 0 d-------- C:\Documents and Settings\Mengelle\Application Data\Wormux
2008-07-21 22:15:23 122880 --a------ C:\WINDOWS\UnGins.exe
2008-07-21 21:26:32 0 d-------- C:\Documents and Settings\Mengelle\Application Data\BitTorrent
2008-07-21 21:26:07 0 d-------- C:\Program Files\DNA
2008-07-21 21:26:07 0 d-------- C:\Program Files\BitTorrent
2008-07-21 21:26:07 0 d-------- C:\Documents and Settings\Mengelle\Application Data\DNA
2008-07-21 21:05:58 0 d-------- C:\Team17
2008-07-21 21:02:56 0 d-------- C:\Documents and Settings\Mengelle\WINDOWS
2008-07-21 19:50:20 0 d-------- C:\Program Files\Enigma Software Group
2008-07-21 16:42:44 0 d-------- C:\Documents and Settings\Mengelle\Application Data\Grisoft
2008-07-21 16:42:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-21 14:54:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2008-07-21 14:49:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 11:14:13 105248 --a------ C:\WINDOWS\system32\jvgtzs.dll
2008-07-21 11:14:12 105248 --a------ C:\WINDOWS\system32\iitybcon.dll
2008-07-21 11:13:33 81184 --a------ C:\WINDOWS\system32\yrvgpqnm.dll
2008-07-21 10:16:43 347 --ahs---- C:\WINDOWS\system32\uBcLonmp.ini2
2008-07-21 10:16:36 314688 --a------ C:\WINDOWS\system32\pmnoLcBu.dll
2008-07-20 14:18:54 0 d-------- C:\Documents and Settings\Mengelle\Application Data\Nokia
2008-07-20 13:22:39 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-20 12:20:14 0 d-------- C:\Program Files\Alwil Software
2008-07-20 09:40:55 105296 --a------ C:\WINDOWS\system32\eegyml.dll
2008-07-20 09:40:53 105296 --a------ C:\WINDOWS\system32\qdlmwhrs.dll
2008-07-20 09:35:45 91520 --a------ C:\WINDOWS\system32\skgnfsdx.dll
2008-07-12 11:19:01 367382 --ahs---- C:\WINDOWS\system32\ruvwaGgh.ini2
2008-07-12 11:18:55 314688 --a------ C:\WINDOWS\system32\hgGawvur.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-27 14:57:47 0 d-------- C:\Program Files\Messenger Plus! Live
2008-07-27 13:41:41 0 d-------- C:\Documents and Settings\Mengelle\Application Data\Mozilla
2008-07-24 16:59:49 447772 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-07-24 16:59:49 64492 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-07-22 22:53:27 0 d-------- C:\Program Files\Fichiers communs
2008-07-21 22:29:25 0 d-------- C:\Documents and Settings\Mengelle\Application Data\Adobe
2008-07-21 22:27:56 1289 --a------ C:\WINDOWS\mozver.dat
2008-07-20 14:19:55 0 d-------- C:\Program Files\Back To Gaya
2008-07-20 14:19:18 0 d-------- C:\Program Files\Nokia
2008-07-20 14:04:59 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-07-20 12:52:28 0 d-------- C:\Program Files\Sacor
2008-06-14 16:32:37 74576 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45C11AF3-D5D4-4D59-A7B5-813B98102BA6}]
12/07/2008 11:19 314688 --a------ C:\WINDOWS\system32\hgGawvur.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F43126C-0B98-46A5-9845-B396D0600EFA}]
C:\WINDOWS\system32\fccdcbab.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0047b71-ca1d-4224-a617-9092b66414f7}]
27/07/2008 16:40 105472 --a------ C:\WINDOWS\system32\reqozp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphcrv2j0el4r"="C:\WINDOWS\system32\lphcrv2j0el4r.exe" [25/07/2008 09:22]
"SMrhcvv2j0el4r"="C:\Program Files\rhcvv2j0el4r\rhcvv2j0el4r.exe" []
"743a8343"="C:\WINDOWS\system32\hcrycxof.dll" [27/07/2008 16:45]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19/07/2008 16:38]
"BM7709b0df"="C:\WINDOWS\system32\kguonvva.dll" [27/07/2008 16:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 15:00]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [21/07/2008 21:26]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F43126C-0B98-46A5-9845-B396D0600EFA}"= C:\WINDOWS\system32\fccdcbab.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkhe]
awtqnkhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdcbab]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGawvur

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-28 15:49:41 ------------

Le extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 511.48 MiB / 233.96 MiB
Pagefile Memory (total/avail): 1244.83 MiB / 942.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.68 MiB

C: is Fixed (NTFS) - 186.3 GiB total, 171.84 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200822AS - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 186.3 GiB - C:

\\.\PHYSICALDRIVE2 - GENERIC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - GENERIC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - GENERIC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE1 - GENERIC USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.8.1229 [VPS 080728-0] v4.8.1229 (ALWIL Software) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:EnabledANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mengelle\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=LAURENT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mengelle
LOGONSERVER=\\LAURENT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\SONICS~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mengelle\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mengelle\LOCALS~1\Temp
USERDOMAIN=LAURENT
USERNAME=Mengelle
USERPROFILE=C:\Documents and Settings\Mengelle
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mengelle [I](admin)[/I]
Sandra [I](admin)[/I]
Administrateur [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
--> C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
--> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
--> C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Learn2.com\StRunner\stuninst.exe
--> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
--> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x40c /remove
--> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adiboud'Chou et le Jardin des Surprises --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19BA6533-893E-4F17-A95C-4A38043A8721}\setup.exe" -l0x40c -removeonly
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Correctif Lecteur Windows Media 10 - KB895316 --> "C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\CPV\CPV8.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\CPV\"" /f
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative ZEN Nano Plus --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x40c /remove
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Extension Système de Microsoft Money --> MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\DOCUME~1\Mengelle\LOCALS~1\Temp\Rar$EX00.437\HijackThis.exe /uninstall
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jeux et Parties pour Windows XP Edition 2006 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8932E59-43C8-477E-A9F4-A20439E98AE0}\SETUP.EXE" -l0x40c
Les Sims Deluxe --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l040c
Mad Tracks 1.0 --> C:\Program Files\Micro Application\Mad Tracks\uninst.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Money --> MsiExec.exe /I{019210C1-32C8-423C-BEFD-763C8E7A188F}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"