Se connecter avec
S'enregistrer | Connectez-vous

System Sécurity

Dernière réponse : dans Sécurité

Bonjour tout le monde =D,

J'ai un grand probleme depuis 3jours...J'arrive pas a supprimer ce maudit programme..
Il me spamm tout le temps et je peux rien faire dans 2minutes sans avoir a fermer ces fenetres ><.
Je vous donne le log comme j'ai deja vu le Sujet System Security (Sham Rock) alors j'ai lancé combo fix..
Mais System Sec. est toujours la aidez moi s'il vous plait.

Merci a l'avance.

Autres pages sur : system security

Lassé par la pub ? Créez un compte

Oh désolé j'ai oublier =(
J'espere qu' il y a tout.

ComboFix 09-03-12.01 - user 2009-03-13 21:22:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.350 [GMT 1:00]
Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
FW: Norton Internet Worm Protection *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\user\Application Data\WeatherDPA
c:\documents and settings\user\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\user\Application Data\Zango
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1032719.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1056027.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1063425.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1070523.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1070563.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1071706.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\112446.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1139319.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1383704.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1389912.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1392807.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1401230.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1403602.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1407307.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1410255.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1416762.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1724901.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1767042.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1778722.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\1915829.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2066842.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2160949.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2221934.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\236112.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2496623.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2681369.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2883915.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2884290.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2884321.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\2903988.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\290977.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\3270566.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\3292625.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\3340762.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\3781334.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\381556.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\3852296.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\3853061.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\3893245.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\3893953.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\479220.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\48657.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\504136.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\521222.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\526026.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\565049.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\600583.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\628656.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\645857.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\672436.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\803901.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\819382.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\87199.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\991767.sdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000031496
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000044868
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000067669
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000091047
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10070
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\104622
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1058
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11213
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116250
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11891
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12435
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12457
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12776
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1370
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14440
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\144676
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14633
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\146936
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15135
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1587
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\159514
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16087
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\166651
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16841
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\169369
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\173081
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\180320
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\187147
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19052
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19624
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20478
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20517
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20898
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\212398
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\223385
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\227490
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23849
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24619
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24996
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\250476
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\251440
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25272
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\252817
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25708
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25818
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25911
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26082
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26656
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27003
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27505
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28128
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\281430
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\283041
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29547
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30438
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30455
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31171
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31262
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31387
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31537
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32137
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32171
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32290
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33137
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3338
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33912
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34237
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35006
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35015
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35017
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35047
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35150
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35900
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\360144
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36598
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\388251
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\38916
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39232
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\399678
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\400701
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40999
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41215
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41347
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\423530
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42915
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43118
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44075
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44293
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44789
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4500
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45510
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\456216
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459089
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459395
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459921
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\476938
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4974
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49957
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\520179
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52177
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52968
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53481
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53541
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54473
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\545574
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\547568
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5508
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\551547
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\561083
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\569262
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\569435
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5749
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57904
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\579123
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58223
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\582558
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5828
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\590941
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59221
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\610298
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61167
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61367
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63770
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64364
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64451
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64454
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64605
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64763
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6558
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66836
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67572
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67733
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68040
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68041
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68064
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68098
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68942
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68949
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6915
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\702607
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705240
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70608
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\706565
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71340
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72123
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738345
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73840
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744857
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744933
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745433
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747687
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748400
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748444
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\750039
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\75013
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\750187
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\750893
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751209
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\752499
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\752677
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753054
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753197
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753259
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753331
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753333
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753426
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753437
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753438
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753443
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753446
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753532
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753581
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753596
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78600
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79257
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79432
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79972
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80663
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81010
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82403
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83216
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83706
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\84449
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\84753
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85182
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85381
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85547
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87216
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89116
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89462
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90009
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90271
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90358
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\91843
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93110
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93192
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93845
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93934
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94356
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94430
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95678
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\96458
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98229
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98250
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98677
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99586
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\avatar.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\components.cdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\cursors.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\default.cdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\icons2.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\progress.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\avatar.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\components.cdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\cursors.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\default.cdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\icons2.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\progress.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.idx
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
c:\documents and settings\user\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
c:\documents and settings\user\Bureau\System Security.lnk
c:\documents and settings\user\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
c:\documents and settings\user\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
c:\documents and settings\user\Menu Démarrer\Programmes\System Security
c:\documents and settings\user\Menu Démarrer\Programmes\System Security\System Security.lnk
c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
c:\program files\mm.BOT
c:\program files\mm.BOT\Config\KeySet-1\amblxbow.cof
c:\program files\mm.BOT\Config\KeySet-1\curindx.wav
c:\program files\mm.BOT\Config\KeySet-1\wavindx.wav
c:\program files\mm.BOT\Config\KeySet-2\amblxbow.cof
c:\program files\mm.BOT\Config\KeySet-2\curindx.wav
c:\program files\mm.BOT\Config\KeySet-2\wavindx.wav
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Documents\img\Thumbs.db
c:\program files\mm.BOT\Logs\Compiler.txt
c:\program files\Mozilla Firefox\components\kbvrlhxukbaigeelt.dll
c:\windows\system32\adnehiyb.ini
c:\windows\system32\afdhhsws.ini
c:\windows\system32\avbntrmq.ini
c:\windows\system32\bnxcwolx.ini
c:\windows\system32\cvsnqire.ini
c:\windows\system32\dpbpsgly.ini
c:\windows\system32\eojidmkj.ini
c:\windows\system32\eqefogxp.ini
c:\windows\system32\fiuomgxt.ini
c:\windows\system32\giutlkmf.ini
c:\windows\system32\gstijxso.ini
c:\windows\system32\gwwfaxko.ini
c:\windows\system32\hxapjotg.ini
c:\windows\system32\iecjrmey.ini
c:\windows\system32\iphldouw.ini
c:\windows\system32\iuxuwpdf.ini
c:\windows\system32\jtnirvkd.ini
c:\windows\system32\jympbkgc.ini
c:\windows\system32\ksxmxuwv.ini
c:\windows\system32\lvfcjgov.ini
c:\windows\system32\lwotxwus.ini
c:\windows\system32\omaxbxwt.ini
c:\windows\system32\phlnoloj.ini
c:\windows\system32\Plugins
c:\windows\system32\Plugins\data\armor.txt
c:\windows\system32\Plugins\data\misc.txt
c:\windows\system32\Plugins\data\sets.txt
c:\windows\system32\Plugins\data\uniques.txt
c:\windows\system32\Plugins\data\weapons.txt
c:\windows\system32\Plugins\pickit.dat
c:\windows\system32\pqtss.bak2
c:\windows\system32\pqtss.ini
c:\windows\system32\pqtss.ini2
c:\windows\system32\pqtss.tmp
c:\windows\system32\pqtss.tmp2
c:\windows\system32\pxbupwen.ini
c:\windows\system32\qjqnrcls.ini
c:\windows\system32\rollummg.ini
c:\windows\system32\tnxtptfu.ini
c:\windows\system32\tshnrdgb.ini
c:\windows\system32\tsotjmhf.ini
c:\windows\system32\vsvvvdvt.ini
c:\windows\system32\vyfwfhut.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-13 au 2009-03-13 ))))))))))))))))))))))))))))))))))))
.

2009-03-13 20:16 . 2009-03-13 21:33 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-13 20:16 . 2009-03-13 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-12 14:16 . 2009-03-12 14:16 <REP> d-------- c:\documents and settings\All Users\Application Data\1248937748
2009-03-06 20:17 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-05 19:56 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-05 19:45 . 2009-03-05 19:55 <REP> d-------- c:\windows\system32\XPSViewer
2009-03-05 19:45 . 2009-03-05 19:45 <REP> d-------- c:\program files\Reference Assemblies
2009-03-05 19:45 . 2009-03-05 19:45 <REP> d-------- c:\program files\MSBuild
2009-03-05 19:43 . 2009-03-05 19:44 <REP> d-------- C:\8c53592072a98fdf03e5e87c7f
2009-03-05 19:43 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-05 19:43 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-05 19:43 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-05 19:43 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-05 19:43 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-05 19:43 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-05 19:43 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-05 18:56 . 2009-03-08 15:27 <REP> d-------- c:\program files\Diablo II
2009-03-05 18:41 . 2009-03-05 18:58 102,400 --a------ c:\windows\DIIUnin.exe
2009-03-05 18:41 . 2009-03-05 19:33 70,135 --a------ c:\windows\DIIUnin.dat
2009-03-05 18:41 . 2009-03-05 18:58 2,829 --a------ c:\windows\DIIUnin.pif
2009-03-05 18:39 . 2009-03-08 15:27 <REP> d-------- c:\program files\Diablo I
2009-03-02 22:31 . 2009-03-12 15:51 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-02 22:31 . 2009-03-02 22:31 1,409 --a------ c:\windows\QTFont.for
2009-03-01 11:32 . 2009-03-01 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-28 20:45 . 2009-02-28 20:51 <REP> d-------- c:\documents and settings\user\Plugins
2009-02-25 22:48 . 2009-02-25 22:48 <REP> d-------- c:\program files\Burn4Free Toolbar
2009-02-25 22:48 . 2009-02-25 22:48 233,117 --a------ c:\windows\Burn4Free_Toolbar_Uninstaller_1140.exe
2009-02-25 22:47 . 2009-02-25 22:58 <REP> d-------- c:\program files\Burn4Free
2009-02-25 22:27 . 2009-03-12 15:23 <REP> d-------- c:\program files\SlySoft
2009-02-25 22:27 . 2009-02-25 22:27 24 ---hs---- c:\windows\S7EE673CF.tmp
2009-02-25 21:32 . 2009-02-25 21:32 <REP> d-------- c:\documents and settings\user\Application Data\Sonic
2009-02-22 18:54 . 2009-02-22 18:54 <REP> d-------- c:\windows\IP Changer
2009-02-22 18:51 . 2009-03-12 15:26 <REP> d-------- c:\program files\IP Changer
2009-02-22 18:40 . 2009-02-22 18:40 <REP> d-------- c:\documents and settings\user\WINDOWS
2009-02-18 19:22 . 2009-02-18 20:21 24 --a------ c:\windows\codelaro.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 20:36 --------- d-----w c:\program files\ICQ6
2009-03-13 20:35 --------- d-----w c:\documents and settings\user\Application Data\skypePM
2009-03-13 20:28 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-12 23:24 --------- d-----w c:\documents and settings\user\Application Data\Skype
2009-03-12 21:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-12 15:23 --------- d-----w c:\program files\eMule
2009-03-05 19:47 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-03-05 18:30 21,840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-05 18:30 17,212 ----atw c:\windows\system32\SIntf32.dll
2009-03-05 18:30 12,067 ----atw c:\windows\system32\SIntf16.dll
2009-02-12 21:54 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2009-02-12 21:53 --------- d-----w c:\program files\DVDVideoSoft
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-07 17:11 --------- d-----w c:\documents and settings\user\Application Data\teamspeak2
2009-02-06 16:28 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-06 16:27 --------- d-----w c:\program files\Java
2009-02-06 15:58 --------- d-----w c:\documents and settings\user\Application Data\mIRC
2009-02-06 15:57 --------- d-----w c:\program files\mIRC
2009-02-05 19:39 --------- d-----w c:\documents and settings\LeonHearts\Application Data\teamspeak2
2009-01-28 20:58 --------- d-----w c:\program files\MegauploadToolbar
2009-01-28 20:28 --------- d-----w c:\documents and settings\user\Application Data\MegauploadToolbar
2009-01-24 13:59 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-01-23 14:28 193,731,572 ----a-w C:\Nivalis_finalV2.zip
2009-01-23 10:30 --------- d-----w c:\documents and settings\LeonHearts\Application Data\MEGAUPLOADTOOLBAR
2009-01-21 17:53 1,250,582,784 ----a-w C:\NosTale_FR_20090120.exe
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll
2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-01-08 20:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-01-24 13:59 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2007-02-21 22:13 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-02-21 22:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-02-21 22:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-02-21 22:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-02-21 22:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA42898A-B891-4C73-B4F2-4D0F5DC3640E}]
2003-03-18 21:05 96256 --a------ c:\windows\system32\atl7.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\apps\skype\Phone\Skype.exe" [2007-12-07 21763368]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-09 98304]
"BitDefender Security Center"="c:\program files\BitDefender\BitDefender 2009\seccenter.exe" [2008-12-12 413696]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-02-01 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-12-12 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"1290909921"="c:\documents and settings\All Users\Application Data\1248937748\1290909921.exe" [2009-03-12 2206745]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\user\\Bureau\\Redvex\\Redeye.exe"=
"c:\\Documents and Settings\\user\\Bureau\\Redvex 3.2 2-25-08\\Jerenay.exe"=

R0 fwwhditf;fwwhditf;c:\windows\system32\drivers\fwwhditf.sys [2004-09-23 23424]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-06-30 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-07-17 104328]
S1 71b86b86;71b86b86;c:\windows\system32\drivers\71b86b86.sys [2008-09-28 0]
S1 glaide32;glaide32;\??\c:\windows\system32\drivers\glaide32.sys --> c:\windows\system32\drivers\glaide32.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2009-03-12 c:\windows\Tasks\Configurer mon PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 10:03]

2009-03-08 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
Toolbar-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
Toolbar-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.rpg-maker.fr/
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {FE85DD93-E7BA-4FB7-841B-E9C5722AF008} = 192.168.1.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 21:34:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\apps\ABOARD\AOSD.EXE
c:\program files\Xfire\Xfire.exe
c:\apps\skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-03-13 21:39:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-13 20:39:06

Avant-CF: 116 909 768 704 octets libres
Après-CF: 120,639,234,048 octets libres

736 --- E O F --- 2009-03-12 06:20:35

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

    Bonjour =D,
    le voici

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1846
    Windows 5.1.2600 Service Pack 3

    14/03/2009 00:33:12
    mbam-log-2009-03-14 (00-33-06).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 183490
    Temps écoulé: 56 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da42898a-b891-4c73-b4f2-4d0f5dc3640e} (Trojan.BHO.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{da42898a-b891-4c73-b4f2-4d0f5dc3640e} (Trojan.BHO.H) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{da42898a-b891-4c73-b4f2-4d0f5dc3640e} (Trojan.Agent) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\atl7.dll (Trojan.BHO.H) -> No action taken.
    C:\Documents and Settings\user\Local Settings\Temp\lukmctam.dat (Rootkit.Agent) -> No action taken.

    Une bonne journée à tout le monde =)

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.

    Okay , je vais l'essayer tout de suite =).
    Voila, voici le résultat.

    En premier info.txt

    info.txt logfile of random's system information tool 1.05 2009-03-14 12:47:14

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Ahriman's Prophecy-->C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Awesom-O-->C:\Program Files\Awesom-O\uninstall.exe
    Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
    BitDefender Internet Security 2009-->MsiExec.exe /X{CEB21884-8A5F-48C7-B707-6919FD890650}
    Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
    Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
    Burn4Free Toolbar-->"C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_1140.exe" _?=C:\Program Files\Burn4Free Toolbar
    Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
    Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Everlong v2.16-->C:\Program Files\Everlong v2.16\Uninstal.exe
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
    Final Fantasy VII Origin Version 3.1-->C:\Program Files\Final Fantasy VII Origin\Uninstall.exe
    Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Guitar Pro 4 Demo-->MsiExec.exe /X{22C1B575-C746-46F2-80A3-EE9612AF5FAA}
    Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
    Hero Editor V0.80-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
    ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
    IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
    Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Lecteur Freeware-->"C:\WINDOWS\Lecteur Freeware\uninstall.exe" "/U:C:\Program Files\Lecteur Freeware\Uninstall\uninstall.xml"
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Macromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
    Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
    Megaupload Toolbar-->C:\Program Files\MegauploadToolbar\uninstall.exe
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    mIRC-->"C:\Documents and Settings\user\Bureau\mircfr\mirc.exe" -uninstall
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (2.0.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Multi Media Toolbar-->C:\PROGRA~1\MULTI_~1\UNWISE.EXE C:\PROGRA~1\MULTI_~1\INSTALL.LOG
    MultiMedia Toolbar-->C:\PROGRA~1\MULTIM~1\UNWISE.EXE C:\PROGRA~1\MULTIM~1\INSTALL.LOG
    Nostale Online FR (Remove)-->"C:\Nostale(FR)\unins000.exe"
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310}
    OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RMXP\RGSS\unins000.exe"
    RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
    RMXP version 1.0.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RMXP\unins000.exe"
    RPG Maker 2000 1.05-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\install.log"
    RPG Maker VX 1.02-->"C:\Program Files\RPG Maker VX\unins000.exe"
    RPG Maker VX RTP-->"C:\Program Files\RPG Maker VX\unins001.exe"
    RTP 1.32 Add-On for RM2k-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\RTP\install.log"
    RTP for RM2K (Png, Wav, Midi, Fonts)-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\RTP\install.log"
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}
    Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
    Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Sword Legend - Benakin Production-->C:\Program Files\Sword Legend - Benakin Production\Uninstal.exe
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins001.exe"
    TeamSpeak 2 Server RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    Ulead PhotoImpact 10 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x40c
    Ulead VideoStudio 9.0 SE DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x40c
    Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"
    VampiresDawnRTP.zip-->"C:\Program Files\VampiresDawnRTP.zip\unins000.exe"
    VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
    VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

    ======Security center information======

    AV: BitDefender Antivirus (disabled)
    FW: Norton Internet Worm Protection (disabled)
    FW: BitDefender Firewall

    System event log

    Computer Name: 120998370319
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

    Record Number: 26047
    Source Name: Service Control Manager
    Time Written: 20090109211400.000000+060
    Event Type: information
    User: AUTORITE NT\SYSTEM

    Computer Name: 120998370319
    Event Code: 7036
    Message: Le service Application système COM+ est entré dans l'état : en cours d'exécution.

    Record Number: 26046
    Source Name: Service Control Manager
    Time Written: 20090109211400.000000+060
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service BDSelfPr.

    Record Number: 26045
    Source Name: Service Control Manager
    Time Written: 20090109211400.000000+060
    Event Type: information
    User: AUTORITE NT\SYSTEM

    Computer Name: 120998370319
    Event Code: 7036
    Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

    Record Number: 26044
    Source Name: Service Control Manager
    Time Written: 20090109211400.000000+060
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

    Record Number: 26043
    Source Name: Service Control Manager
    Time Written: 20090109211400.000000+060
    Event Type: information
    User: AUTORITE NT\SYSTEM

    Application event log

    Computer Name: 120998370319
    Event Code: 1517
    Message: Windows a sauvegardé le Registre utilisateur 120998370319\user alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


    Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

    Record Number: 15658
    Source Name: Userenv
    Time Written: 20080912234227.000000+120
    Event Type: warning
    User: AUTORITE NT\SYSTEM

    Computer Name: 120998370319
    Event Code: 101
    Message: msnmsgr (20900) Le moteur de base de données est arrêté.

    Record Number: 15657
    Source Name: ESENT
    Time Written: 20080912210858.000000+120
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 103
    Message: msnmsgr (20900) \\.\C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\alexfighter96@hotmail.com\SharingMetadata\Working\database_AF4_173A_F417_2809\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 15656
    Source Name: ESENT
    Time Written: 20080912210858.000000+120
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 102
    Message: msnmsgr (20900) \\.\C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\alexfighter96@hotmail.com\SharingMetadata\Working\database_AF4_173A_F417_2809\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 15655
    Source Name: ESENT
    Time Written: 20080912210551.000000+120
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 100
    Message: msnmsgr (20900) Le moteur de base de données 5.01.2600.2780 est démarré.

    Record Number: 15654
    Source Name: ESENT
    Time Written: 20080912210551.000000+120
    Event Type: information
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=0604
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

    -----------------EOF-----------------

    En deuxieme log.txt

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by user at 2009-03-14 13:04:02
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 115 GB (39%) free of 297 GB
    Total RAM: 1022 MB (45% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:04:23, on 14/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe
    C:\apps\ABoard\AOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\APPS\skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ICQ6\ICQ.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\APPS\skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\Bureau\RSIT.exe
    C:\Program Files\trend micro\user.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rpg-maker.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: (no name) - {DA42898A-B891-4C73-B4F2-4D0F5DC3640E} - C:\WINDOWS\system32\atl7.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [1290909921] "C:\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Personal Player.lnk = C:\Program Files\Yahoo!\Web Hottest Videos Personal Player\Diablo 2 Lord of Destruction Maphack Web hottest videos personal player.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE85DD93-E7BA-4FB7-841B-E9C5722AF008}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 10416 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Configurer mon PC.job
    C:\WINDOWS\tasks\OGADaily.job
    C:\WINDOWS\tasks\OGALogon.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-06 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-23 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-17 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5146c40-189a-4311-bda9-fbae3e023187}]
    Multi_Media toolbar - C:\Program Files\Multi_Media\tbMult.dll [2007-06-18 1383448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA42898A-B891-4C73-B4F2-4D0F5DC3640E}]
    C:\WINDOWS\system32\atl7.dll [2003-03-18 96256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-06 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-06 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
    {b5146c40-189a-4311-bda9-fbae3e023187} - Multi_Media toolbar - C:\Program Files\Multi_Media\tbMult.dll [2007-06-18 1383448]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-23 2436160]
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-12-12 90112]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7573504]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-27 86016]
    "DetectorApp"=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [2005-10-20 102400]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
    "ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-09 98304]
    "BitDefender Security Center"=C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe [2008-12-12 413696]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-02-01 741376]
    "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-12-12 69632]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-06 136600]
    "1290909921"=C:\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe [2009-03-12 2206745]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "SmpcSys"=C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "Skype"=C:\APPS\skype\Phone\Skype.exe [2007-12-07 21763368]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
    "ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

    C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage
    Personal Player.lnk - C:\Program Files\Yahoo!\Web Hottest Videos Personal Player\Diablo 2 Lord of Destruction Maphack Web hottest videos personal player.exe
    Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
    "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\APPS\skype\Phone\Skype.exe"="C:\APPS\skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Documents and Settings\user\Bureau\Redvex\Redeye.exe"="C:\Documents and Settings\user\Bureau\Redvex\Redeye.exe:*:Enabled:Redeye"
    "C:\Documents and Settings\user\Bureau\Redvex 3.2 2-25-08\Jerenay.exe"="C:\Documents and Settings\user\Bureau\Redvex 3.2 2-25-08\Jerenay.exe:*:Enabled:Jerenay"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-03-14 12:46:15 ----D---- C:\Program Files\trend micro
    2009-03-14 12:46:10 ----D---- C:\rsit
    2009-03-13 21:50:32 ----SHD---- C:\RECYCLER
    2009-03-13 21:39:15 ----A---- C:\ComboFix.txt
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\zip.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\VFIND.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWSC.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWREG.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\sed.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\grep.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\fdsv.exe
    2009-03-13 21:19:32 ----D---- C:\WINDOWS\ERDNT
    2009-03-13 21:13:49 ----D---- C:\Qoobox
    2009-03-13 20:16:14 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-13 20:16:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-12 15:26:29 ----A---- C:\WINDOWS\IP Changer Uninstall Log.txt
    2009-03-12 14:16:35 ----D---- C:\Documents and Settings\All Users\Application Data\1248937748
    2009-03-12 07:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-12 07:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-03-12 07:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-12 07:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-03-07 11:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-03-05 19:56:31 ----N---- C:\WINDOWS\system32\spmsg2.dll
    2009-03-05 19:56:29 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
    2009-03-05 19:45:27 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-03-05 19:45:20 ----D---- C:\Program Files\MSBuild
    2009-03-05 19:45:17 ----D---- C:\WINDOWS\system32\en-US
    2009-03-05 19:45:08 ----D---- C:\Program Files\Reference Assemblies
    2009-03-05 19:43:30 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
    2009-03-05 19:43:30 ----N---- C:\WINDOWS\system32\prntvpt.dll
    2009-03-05 19:43:29 ----N---- C:\WINDOWS\system32\xpssvcs.dll
    2009-03-05 19:43:29 ----D---- C:\8c53592072a98fdf03e5e87c7f
    2009-03-05 18:56:22 ----D---- C:\Program Files\Diablo II
    2009-03-05 18:41:23 ----A---- C:\WINDOWS\DIIUnin.exe
    2009-03-05 18:39:28 ----D---- C:\Program Files\Diablo I
    2009-03-01 11:32:00 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2009-02-26 12:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-25 22:48:19 ----A---- C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_1140.exe
    2009-02-25 22:48:12 ----D---- C:\Program Files\Burn4Free Toolbar
    2009-02-25 22:47:50 ----D---- C:\Program Files\Burn4Free
    2009-02-25 22:27:27 ----SH---- C:\WINDOWS\S7EE673CF.tmp
    2009-02-25 22:27:04 ----D---- C:\Program Files\SlySoft
    2009-02-25 21:32:58 ----D---- C:\Documents and Settings\user\Application Data\Sonic
    2009-02-22 20:39:17 ----A---- C:\WINDOWS\system32\magnet.txt
    2009-02-22 18:54:45 ----D---- C:\WINDOWS\IP Changer
    2009-02-22 18:54:23 ----A---- C:\WINDOWS\IP Changer Setup Log.txt
    2009-02-22 18:51:29 ----D---- C:\Program Files\IP Changer
    2009-02-22 18:51:28 ----A---- C:\WINDOWS\IP Changer Setup Log.txt
    2009-02-18 19:22:00 ----A---- C:\WINDOWS\codelaro.ini

    ======List of files/folders modified in the last 1 months======

    2009-03-14 13:03:59 ----D---- C:\WINDOWS\Prefetch
    2009-03-14 12:46:28 ----D---- C:\Documents and Settings\user\Application Data\skypePM
    2009-03-14 12:46:15 ----RD---- C:\Program Files
    2009-03-14 12:46:14 ----D---- C:\WINDOWS\Temp
    2009-03-14 12:46:14 ----D---- C:\WINDOWS\system32
    2009-03-14 12:45:35 ----D---- C:\WINDOWS\Registration
    2009-03-14 12:45:06 ----D---- C:\WINDOWS
    2009-03-14 12:44:31 ----D---- C:\WINDOWS\system32\drivers
    2009-03-14 12:43:45 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-14 11:45:57 ----D---- C:\Nostale(FR)
    2009-03-14 00:41:27 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-13 21:36:10 ----D---- C:\Program Files\ICQ6
    2009-03-13 21:34:29 ----A---- C:\WINDOWS\system.ini
    2009-03-13 21:31:56 ----D---- C:\WINDOWS\system32\config
    2009-03-13 21:29:12 ----D---- C:\WINDOWS\AppPatch
    2009-03-13 21:29:08 ----D---- C:\Program Files\Fichiers communs
    2009-03-13 00:24:55 ----D---- C:\Documents and Settings\user\Application Data\Skype
    2009-03-12 22:09:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-12 16:23:21 ----D---- C:\Program Files\eMule
    2009-03-12 07:20:35 ----SHD---- C:\WINDOWS\Installer
    2009-03-12 07:20:34 ----SHD---- C:\Config.Msi
    2009-03-12 07:18:43 ----D---- C:\WINDOWS\inf
    2009-03-12 07:18:39 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-03-12 07:18:30 ----A---- C:\WINDOWS\imsins.BAK
    2009-03-12 07:18:26 ----D---- C:\WINDOWS\WinSxS
    2009-03-11 07:17:00 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-07 11:02:18 ----D---- C:\WINDOWS\system32\CatRoot
    2009-03-05 20:17:08 ----D---- C:\WINDOWS\SxsCaPendDel
    2009-03-05 20:12:12 ----D---- C:\WINDOWS\Microsoft.NET
    2009-03-05 20:12:02 ----RSD---- C:\WINDOWS\assembly
    2009-03-05 19:55:54 ----D---- C:\WINDOWS\system32\fr-fr
    2009-03-05 19:55:13 ----D---- C:\WINDOWS\system32\mui
    2009-03-05 19:52:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-05 19:45:15 ----D---- C:\WINDOWS\Fonts
    2009-03-05 19:44:22 ----D---- C:\WINDOWS\system32\spool
    2009-03-05 19:30:22 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
    2009-03-05 19:30:21 ----AT---- C:\WINDOWS\system32\SIntf32.dll
    2009-03-05 19:30:21 ----AT---- C:\WINDOWS\system32\SIntf16.dll
    2009-03-05 18:41:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-03-05 18:41:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-03-04 19:50:06 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-03-04 19:40:44 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
    2009-03-01 11:29:20 ----D---- C:\WINDOWS\Tasks
    2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-18 19:29:17 ----A---- C:\WINDOWS\win.ini
    2009-02-18 19:29:16 ----D---- C:\WINDOWS\system

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-25 271360]
    R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-25 18048]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-12-12 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-03-05 104328]
    R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-01-24 242184]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
    R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-12 43008]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-27 3663040]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 71b86b86;71b86b86; C:\WINDOWS\System32\drivers\71b86b86.sys []
    S1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
    S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-06 152984]
    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2009-02-01 431424]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-27 143426]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
    R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-01-24 1581056]
    S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-23 138168]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

    1/

  • Démarre Spybot, clique sur Mode, coche Mode avancé.
  • A gauche, clique sur Outils, puis sur Résident.
  • Décoche la case devant Résident "TeaTimer" :

  • Quitte Spybot.


    2/

  • Désinstalle MultiMedia Toolbar.

  • Cherche ce fichier : C:\Program Files\trend micro\user.exe
  • Double-clique sur ce fichier.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll

    O2 - BHO: (no name) - {DA42898A-B891-4C73-B4F2-4D0F5DC3640E} - C:\WINDOWS\system32\atl7.dll

    O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll

    O4 - HKLM\..\Run: [1290909921] "C:\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe"

    O4 - Startup: Personal Player.lnk = C:\Program Files\Yahoo!\Web Hottest Videos Personal Player\Diablo 2 Lord of Destruction Maphack Web hottest videos personal player.exe

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    3/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe pour le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    71b86b86

    :files
    C:\WINDOWS\system32\atl7.dll
    C:\Documents and Settings\All Users\Application Data\1248937748
    C:\WINDOWS\System32\drivers\71b86b86.sys

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log

    Voila =D , un grand merci pour ton aide destrio. Je vois que tu t'y connais trés bien ^^

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Service 71b86b86 stopped successfully.
    Service 71b86b86 deleted successfully.
    ========== FILES ==========
    LoadLibrary failed for C:\WINDOWS\system32\atl7.dll
    C:\WINDOWS\system32\atl7.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\atl7.dll scheduled to be moved on reboot.
    C:\Documents and Settings\All Users\Application Data\1248937748 moved successfully.
    C:\WINDOWS\System32\drivers\71b86b86.sys moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\JET82A8.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\lukmctam.dat scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~ROMFN_00000A40 scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_590.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_111636

    Files moved on Reboot...
    LoadLibrary failed for C:\WINDOWS\system32\atl7.dll
    C:\WINDOWS\system32\atl7.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\atl7.dll scheduled to be moved on reboot.
    File C:\DOCUME~1\user\LOCALS~1\Temp\JET82A8.tmp not found!
    File C:\DOCUME~1\user\LOCALS~1\Temp\lukmctam.dat not found!
    File C:\DOCUME~1\user\LOCALS~1\Temp\~ROMFN_00000A40 not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_590.dat not found!

    Voila

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by user at 2009-03-15 11:31:17
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 115 GB (39%) free of 297 GB
    Total RAM: 1022 MB (44% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:31:43, on 15/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\_OTMoveIt\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\APPS\skype\Phone\Skype.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\ICQ6\ICQ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\APPS\skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\user\Bureau\RSIT.exe
    C:\Program Files\trend micro\user.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rpg-maker.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: (no name) - {DA42898A-B891-4C73-B4F2-4D0F5DC3640E} - C:\WINDOWS\system32\atl7.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [1290909921] "C:\_OTMoveIt\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE85DD93-E7BA-4FB7-841B-E9C5722AF008}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 9769 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Configurer mon PC.job
    C:\WINDOWS\tasks\OGADaily.job
    C:\WINDOWS\tasks\OGALogon.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-06 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-23 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-17 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA42898A-B891-4C73-B4F2-4D0F5DC3640E}]
    C:\WINDOWS\system32\atl7.dll [2003-03-18 96256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-06 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-06 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-23 2436160]
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-12-12 90112]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7573504]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-27 86016]
    "DetectorApp"=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [2005-10-20 102400]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
    "ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-09 98304]
    "BitDefender Security Center"=C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe [2008-12-12 413696]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-02-01 741376]
    "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-12-12 69632]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-06 136600]
    "1290909921"=C:\_OTMoveIt\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe [2009-03-12 2206745]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "SmpcSys"=C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "Skype"=C:\APPS\skype\Phone\Skype.exe [2007-12-07 21763368]
    "ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

    C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage
    Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
    "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\APPS\skype\Phone\Skype.exe"="C:\APPS\skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Documents and Settings\user\Bureau\Redvex\Redeye.exe"="C:\Documents and Settings\user\Bureau\Redvex\Redeye.exe:*:Enabled:Redeye"
    "C:\Documents and Settings\user\Bureau\Redvex 3.2 2-25-08\Jerenay.exe"="C:\Documents and Settings\user\Bureau\Redvex 3.2 2-25-08\Jerenay.exe:*:Enabled:Jerenay"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-03-15 11:16:36 ----D---- C:\_OTMoveIt
    2009-03-14 12:46:15 ----D---- C:\Program Files\trend micro
    2009-03-14 12:46:10 ----D---- C:\rsit
    2009-03-13 21:50:32 ----SHD---- C:\RECYCLER
    2009-03-13 21:39:15 ----A---- C:\ComboFix.txt
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\zip.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\VFIND.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWSC.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWREG.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\sed.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\grep.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\fdsv.exe
    2009-03-13 21:19:32 ----D---- C:\WINDOWS\ERDNT
    2009-03-13 21:13:49 ----D---- C:\Qoobox
    2009-03-13 20:16:14 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-13 20:16:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-12 15:26:29 ----A---- C:\WINDOWS\IP Changer Uninstall Log.txt
    2009-03-12 07:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-12 07:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-03-12 07:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-12 07:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-03-07 11:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-03-05 19:56:31 ----N---- C:\WINDOWS\system32\spmsg2.dll
    2009-03-05 19:56:29 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
    2009-03-05 19:45:27 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-03-05 19:45:20 ----D---- C:\Program Files\MSBuild
    2009-03-05 19:45:17 ----D---- C:\WINDOWS\system32\en-US
    2009-03-05 19:45:08 ----D---- C:\Program Files\Reference Assemblies
    2009-03-05 19:43:30 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
    2009-03-05 19:43:30 ----N---- C:\WINDOWS\system32\prntvpt.dll
    2009-03-05 19:43:29 ----N---- C:\WINDOWS\system32\xpssvcs.dll
    2009-03-05 19:43:29 ----D---- C:\8c53592072a98fdf03e5e87c7f
    2009-03-05 18:56:22 ----D---- C:\Program Files\Diablo II
    2009-03-05 18:41:23 ----A---- C:\WINDOWS\DIIUnin.exe
    2009-03-05 18:39:28 ----D---- C:\Program Files\Diablo I
    2009-03-01 11:32:00 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2009-02-26 12:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-25 22:48:19 ----A---- C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_1140.exe
    2009-02-25 22:48:12 ----D---- C:\Program Files\Burn4Free Toolbar
    2009-02-25 22:47:50 ----D---- C:\Program Files\Burn4Free
    2009-02-25 22:27:27 ----SH---- C:\WINDOWS\S7EE673CF.tmp
    2009-02-25 22:27:04 ----D---- C:\Program Files\SlySoft
    2009-02-25 21:32:58 ----D---- C:\Documents and Settings\user\Application Data\Sonic
    2009-02-22 20:39:17 ----A---- C:\WINDOWS\system32\magnet.txt
    2009-02-22 18:54:45 ----D---- C:\WINDOWS\IP Changer
    2009-02-22 18:54:23 ----A---- C:\WINDOWS\IP Changer Setup Log.txt
    2009-02-22 18:51:29 ----D---- C:\Program Files\IP Changer
    2009-02-22 18:51:28 ----A---- C:\WINDOWS\IP Changer Setup Log.txt
    2009-02-18 19:22:00 ----A---- C:\WINDOWS\codelaro.ini

    ======List of files/folders modified in the last 1 months======

    2009-03-15 11:29:44 ----D---- C:\WINDOWS\Temp
    2009-03-15 11:29:44 ----D---- C:\WINDOWS\system32
    2009-03-15 11:29:29 ----D---- C:\WINDOWS
    2009-03-15 11:28:39 ----D---- C:\WINDOWS\Registration
    2009-03-15 11:27:34 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-15 11:20:56 ----D---- C:\Documents and Settings\user\Application Data\skypePM
    2009-03-15 11:16:45 ----D---- C:\WINDOWS\system32\drivers
    2009-03-15 10:57:26 ----D---- C:\Nostale(FR)
    2009-03-14 13:03:59 ----D---- C:\WINDOWS\Prefetch
    2009-03-14 12:46:15 ----RD---- C:\Program Files
    2009-03-14 00:41:27 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-13 21:36:10 ----D---- C:\Program Files\ICQ6
    2009-03-13 21:34:29 ----A---- C:\WINDOWS\system.ini
    2009-03-13 21:31:56 ----D---- C:\WINDOWS\system32\config
    2009-03-13 21:29:12 ----D---- C:\WINDOWS\AppPatch
    2009-03-13 21:29:08 ----D---- C:\Program Files\Fichiers communs
    2009-03-13 00:24:55 ----D---- C:\Documents and Settings\user\Application Data\Skype
    2009-03-12 22:09:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-12 16:23:21 ----D---- C:\Program Files\eMule
    2009-03-12 07:20:35 ----SHD---- C:\WINDOWS\Installer
    2009-03-12 07:20:34 ----SHD---- C:\Config.Msi
    2009-03-12 07:18:43 ----D---- C:\WINDOWS\inf
    2009-03-12 07:18:39 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-03-12 07:18:30 ----A---- C:\WINDOWS\imsins.BAK
    2009-03-12 07:18:26 ----D---- C:\WINDOWS\WinSxS
    2009-03-11 07:17:00 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-07 11:02:18 ----D---- C:\WINDOWS\system32\CatRoot
    2009-03-05 20:17:08 ----D---- C:\WINDOWS\SxsCaPendDel
    2009-03-05 20:12:12 ----D---- C:\WINDOWS\Microsoft.NET
    2009-03-05 20:12:02 ----RSD---- C:\WINDOWS\assembly
    2009-03-05 19:55:54 ----D---- C:\WINDOWS\system32\fr-fr
    2009-03-05 19:55:13 ----D---- C:\WINDOWS\system32\mui
    2009-03-05 19:52:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-05 19:45:15 ----D---- C:\WINDOWS\Fonts
    2009-03-05 19:44:22 ----D---- C:\WINDOWS\system32\spool
    2009-03-05 19:30:22 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
    2009-03-05 19:30:21 ----AT---- C:\WINDOWS\system32\SIntf32.dll
    2009-03-05 19:30:21 ----AT---- C:\WINDOWS\system32\SIntf16.dll
    2009-03-05 18:41:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-03-05 18:41:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-03-04 19:50:06 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-03-04 19:40:44 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
    2009-03-01 11:29:20 ----D---- C:\WINDOWS\Tasks
    2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-18 19:29:17 ----A---- C:\WINDOWS\win.ini
    2009-02-18 19:29:16 ----D---- C:\WINDOWS\system

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-25 271360]
    R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-25 18048]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-12-12 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-03-05 104328]
    R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-01-24 242184]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
    R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-12 43008]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-27 3663040]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
    S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-06 152984]
    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2009-02-01 431424]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-27 143426]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
    R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-01-24 1581056]
    S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-23 138168]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

    1/

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.

    Le logiciel Systeme Sécurity persiste j'en peux plus de voir les spamm...

    [ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\user\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\user\Bureau\OTMoveIt3.exe: trouvé !
    C:\Documents and Settings\user\Bureau\Rsit.exe: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\user\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Program Files\trend micro\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\Documents and Settings\user\Bureau\OTMoveIt3.exe: supprimé !
    C:\Documents and Settings\user\Bureau\Rsit.exe: supprimé !
    C:\Program Files\trend micro\hijackthis.log: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: ERREUR DE SUPPRESSION !!
    C:\Rsit: supprimé !


    Logfile of random's system information tool 1.05 (written by random/random)
    Run by user at 2009-03-15 15:53:13
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 115 GB (39%) free of 297 GB
    Total RAM: 1022 MB (22% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:53:46, on 15/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\apps\ABoard\AOSD.exe
    C:\_OTMoveIt\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\APPS\skype\Phone\Skype.exe
    C:\Program Files\ICQ6\ICQ.exe
    C:\APPS\skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\Bureau\RSIT.exe
    C:\Program Files\trend micro\user.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rpg-maker.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: (no name) - {DA42898A-B891-4C73-B4F2-4D0F5DC3640E} - C:\WINDOWS\system32\atl7.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [1290909921] "C:\_OTMoveIt\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-21-2086903990-3633346620-78330818-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LeonHearts')
    O4 - HKUS\S-1-5-21-2086903990-3633346620-78330818-1007\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'LeonHearts')
    O4 - HKUS\S-1-5-21-2086903990-3633346620-78330818-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'LeonHearts')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE85DD93-E7BA-4FB7-841B-E9C5722AF008}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 10160 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Configurer mon PC.job
    C:\WINDOWS\tasks\OGADaily.job
    C:\WINDOWS\tasks\OGALogon.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-06 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-23 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-17 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA42898A-B891-4C73-B4F2-4D0F5DC3640E}]
    C:\WINDOWS\system32\atl7.dll [2003-03-18 96256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-06 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-06 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-23 2436160]
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-12-12 90112]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7573504]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-27 86016]
    "DetectorApp"=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [2005-10-20 102400]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
    "ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-09 98304]
    "BitDefender Security Center"=C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe [2008-12-12 413696]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-02-01 741376]
    "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-12-12 69632]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-06 136600]
    "1290909921"=C:\_OTMoveIt\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe [2009-03-12 2206745]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "SmpcSys"=C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "Skype"=C:\APPS\skype\Phone\Skype.exe [2007-12-07 21763368]
    "ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
    "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\APPS\skype\Phone\Skype.exe"="C:\APPS\skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Documents and Settings\user\Bureau\Redvex\Redeye.exe"="C:\Documents and Settings\user\Bureau\Redvex\Redeye.exe:*:Enabled:Redeye"
    "C:\Documents and Settings\user\Bureau\Redvex 3.2 2-25-08\Jerenay.exe"="C:\Documents and Settings\user\Bureau\Redvex 3.2 2-25-08\Jerenay.exe:*:Enabled:Jerenay"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 3 months======

    2009-03-15 15:53:13 ----D---- C:\rsit
    2009-03-15 15:52:39 ----A---- C:\TCleaner.txt
    2009-03-15 11:16:36 ----D---- C:\_OTMoveIt
    2009-03-14 12:46:15 ----D---- C:\Program Files\trend micro
    2009-03-13 21:50:32 ----SHD---- C:\RECYCLER
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\zip.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\VFIND.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWSC.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\SWREG.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\sed.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\grep.exe
    2009-03-13 21:19:50 ----A---- C:\WINDOWS\fdsv.exe
    2009-03-13 21:19:32 ----D---- C:\WINDOWS\ERDNT
    2009-03-13 20:16:14 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-13 20:16:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-12 15:26:29 ----A---- C:\WINDOWS\IP Changer Uninstall Log.txt
    2009-03-12 07:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-12 07:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-03-12 07:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-12 07:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-03-07 11:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-03-05 19:56:31 ----N---- C:\WINDOWS\system32\spmsg2.dll
    2009-03-05 19:56:29 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
    2009-03-05 19:45:27 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-03-05 19:45:20 ----D---- C:\Program Files\MSBuild
    2009-03-05 19:45:17 ----D---- C:\WINDOWS\system32\en-US
    2009-03-05 19:45:08 ----D---- C:\Program Files\Reference Assemblies
    2009-03-05 19:43:30 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
    2009-03-05 19:43:30 ----N---- C:\WINDOWS\system32\prntvpt.dll
    2009-03-05 19:43:29 ----N---- C:\WINDOWS\system32\xpssvcs.dll
    2009-03-05 19:43:29 ----D---- C:\8c53592072a98fdf03e5e87c7f
    2009-03-05 18:56:22 ----D---- C:\Program Files\Diablo II
    2009-03-05 18:41:23 ----A---- C:\WINDOWS\DIIUnin.exe
    2009-03-05 18:39:28 ----D---- C:\Program Files\Diablo I
    2009-03-01 11:32:00 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2009-02-26 12:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-25 22:48:19 ----A---- C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_1140.exe
    2009-02-25 22:48:12 ----D---- C:\Program Files\Burn4Free Toolbar
    2009-02-25 22:47:50 ----D---- C:\Program Files\Burn4Free
    2009-02-25 22:27:27 ----SH---- C:\WINDOWS\S7EE673CF.tmp
    2009-02-25 22:27:04 ----D---- C:\Program Files\SlySoft
    2009-02-25 21:32:58 ----D---- C:\Documents and Settings\user\Application Data\Sonic
    2009-02-22 20:39:17 ----A---- C:\WINDOWS\system32\magnet.txt
    2009-02-22 18:54:45 ----D---- C:\WINDOWS\IP Changer
    2009-02-22 18:54:23 ----A---- C:\WINDOWS\IP Changer Setup Log.txt
    2009-02-22 18:51:29 ----D---- C:\Program Files\IP Changer
    2009-02-22 18:51:28 ----A---- C:\WINDOWS\IP Changer Setup Log.txt
    2009-02-18 19:22:00 ----A---- C:\WINDOWS\codelaro.ini
    2009-02-12 22:53:53 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft
    2009-02-12 22:53:53 ----D---- C:\Program Files\DVDVideoSoft
    2009-02-12 06:45:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-02-06 17:28:34 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-02-06 17:28:34 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-02-06 17:28:34 ----A---- C:\WINDOWS\system32\java.exe
    2009-02-06 17:28:34 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-01-31 16:11:51 ----A---- C:\WINDOWS\system32\atl7.dll
    2009-01-23 19:52:51 ----D---- C:\Nivalis
    2009-01-21 18:53:51 ----D---- C:\Nostale(FR)
    2009-01-21 18:32:13 ----A---- C:\NosTale_FR_20090120.exe
    2009-01-18 12:39:21 ----A---- C:\WINDOWS\DcmLtbox-WS.ini
    2009-01-15 12:32:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-08 07:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2009-01-08 07:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2009-01-08 00:24:41 ----D---- C:\Documents and Settings\user\Application Data\dvdcss
    2009-01-06 13:38:33 ----HD---- C:\WINDOWS\system32\GroupPolicy
    2009-01-06 13:20:59 ----D---- C:\WINDOWS\Prefetch
    2009-01-06 13:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2009-01-06 13:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2009-01-06 13:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2009-01-06 13:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2009-01-06 13:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2009-01-06 13:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2009-01-06 13:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2009-01-06 12:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2009-01-06 12:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2009-01-06 12:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2009-01-06 12:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2009-01-06 12:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-01-06 12:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2009-01-06 12:57:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2009-01-06 12:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2009-01-06 12:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2009-01-06 12:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2009-01-06 12:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2009-01-06 12:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2009-01-06 12:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2009-01-06 12:51:01 ----D---- C:\WINDOWS\system32\fr
    2009-01-06 12:51:01 ----D---- C:\WINDOWS\l2schemas
    2009-01-06 12:51:00 ----D---- C:\WINDOWS\system32\bits
    2009-01-06 12:47:16 ----D---- C:\WINDOWS\ServicePackFiles
    2009-01-06 12:42:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-01-06 12:38:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-12-31 17:05:00 ----A---- C:\WINDOWS\system32\WGATray.exe
    2008-12-31 17:04:42 ----A---- C:\WINDOWS\system32\OGAVerify.exe
    2008-12-31 17:04:42 ----A---- C:\WINDOWS\system32\OGACheckControl.dll
    2008-12-31 17:04:36 ----A---- C:\WINDOWS\system32\OGAAddin.dll
    2008-12-20 23:42:18 ----D---- C:\Program Files\Five 3.1

    ======List of files/folders modified in the last 3 months======

    2009-03-15 15:51:09 ----D---- C:\WINDOWS\Temp
    2009-03-15 15:51:09 ----D---- C:\WINDOWS\system32
    2009-03-15 15:33:48 ----D---- C:\WINDOWS
    2009-03-15 14:16:12 ----D---- C:\WINDOWS\Registration
    2009-03-15 14:14:39 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-15 13:39:22 ----RD---- C:\Program Files
    2009-03-15 13:31:52 ----A---- C:\WINDOWS\WININIT.INI
    2009-03-15 11:20:56 ----D---- C:\Documents and Settings\user\Application Data\skypePM
    2009-03-15 11:16:45 ----D---- C:\WINDOWS\system32\drivers
    2009-03-14 00:41:27 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-13 21:36:10 ----D---- C:\Program Files\ICQ6
    2009-03-13 21:34:29 ----A---- C:\WINDOWS\system.ini
    2009-03-13 21:31:56 ----D---- C:\WINDOWS\system32\config
    2009-03-13 21:29:12 ----D---- C:\WINDOWS\AppPatch
    2009-03-13 21:29:08 ----D---- C:\Program Files\Fichiers communs
    2009-03-13 00:24:55 ----D---- C:\Documents and Settings\user\Application Data\Skype
    2009-03-12 22:09:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-12 16:23:21 ----D---- C:\Program Files\eMule
    2009-03-12 07:20:35 ----SHD---- C:\WINDOWS\Installer
    2009-03-12 07:20:34 ----SHD---- C:\Config.Msi
    2009-03-12 07:18:43 ----D---- C:\WINDOWS\inf
    2009-03-12 07:18:39 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-03-12 07:18:30 ----A---- C:\WINDOWS\imsins.BAK
    2009-03-12 07:18:26 ----D---- C:\WINDOWS\WinSxS
    2009-03-11 07:17:00 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-07 11:02:18 ----D---- C:\WINDOWS\system32\CatRoot
    2009-03-05 20:17:08 ----D---- C:\WINDOWS\SxsCaPendDel
    2009-03-05 20:12:12 ----D---- C:\WINDOWS\Microsoft.NET
    2009-03-05 20:12:02 ----RSD---- C:\WINDOWS\assembly
    2009-03-05 19:55:54 ----D---- C:\WINDOWS\system32\fr-fr
    2009-03-05 19:55:13 ----D---- C:\WINDOWS\system32\mui
    2009-03-05 19:52:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-05 19:45:15 ----D---- C:\WINDOWS\Fonts
    2009-03-05 19:44:22 ----D---- C:\WINDOWS\system32\spool
    2009-03-05 19:30:22 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
    2009-03-05 19:30:21 ----AT---- C:\WINDOWS\system32\SIntf32.dll
    2009-03-05 19:30:21 ----AT---- C:\WINDOWS\system32\SIntf16.dll
    2009-03-05 18:41:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-03-05 18:41:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-03-04 19:50:06 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-03-04 19:40:44 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
    2009-03-01 11:29:20 ----D---- C:\WINDOWS\Tasks
    2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-18 19:29:17 ----A---- C:\WINDOWS\win.ini
    2009-02-18 19:29:16 ----D---- C:\WINDOWS\system
    2009-02-12 15:53:33 ----D---- C:\Program Files\Internet Explorer
    2009-02-12 06:44:45 ----D---- C:\WINDOWS\ie7updates
    2009-02-07 18:11:06 ----D---- C:\Documents and Settings\user\Application Data\teamspeak2
    2009-02-06 17:27:58 ----D---- C:\Program Files\Java
    2009-02-06 16:58:50 ----D---- C:\Documents and Settings\user\Application Data\mIRC
    2009-02-06 16:57:13 ----D---- C:\Program Files\mIRC
    2009-02-02 19:15:58 ----SHD---- C:\System Volume Information
    2009-02-02 19:15:58 ----D---- C:\WINDOWS\system32\Restore
    2009-01-21 17:33:40 ----D---- C:\Nos
    2009-01-16 21:15:42 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-01-15 12:31:40 ----A---- C:\WINDOWS\system32\MRT.INI
    2009-01-06 14:55:55 ----D---- C:\Program Files\DivX
    2009-01-06 14:50:56 ----D---- C:\WINDOWS\I386
    2009-01-06 13:54:04 ----A---- C:\WINDOWS\OEWABLog.txt
    2009-01-06 13:42:21 ----D---- C:\WINDOWS\Help
    2009-01-06 13:21:02 ----A---- C:\WINDOWS\setuplog.txt
    2009-01-06 13:20:27 ----D---- C:\WINDOWS\system32\Setup
    2009-01-06 13:20:26 ----D---- C:\WINDOWS\system32\wbem
    2009-01-06 13:01:41 ----D---- C:\WINDOWS\security
    2009-01-06 12:56:21 ----D---- C:\Program Files\Messenger
    2009-01-06 12:51:21 ----D---- C:\WINDOWS\system32\inetsrv
    2009-01-06 12:51:20 ----D---- C:\WINDOWS\network diagnostic
    2009-01-06 12:51:20 ----D---- C:\WINDOWS\ime
    2009-01-06 12:51:03 ----D---- C:\WINDOWS\system32\usmt
    2009-01-06 12:51:00 ----D---- C:\WINDOWS\PeerNet
    2009-01-06 12:51:00 ----D---- C:\Program Files\Movie Maker
    2009-01-06 12:47:00 ----D---- C:\WINDOWS\system32\npp
    2009-01-06 12:46:57 ----D---- C:\WINDOWS\msagent
    2009-01-06 12:46:55 ----D---- C:\WINDOWS\srchasst
    2009-01-06 12:46:51 ----D---- C:\Program Files\NetMeeting
    2009-01-06 12:46:49 ----D---- C:\WINDOWS\system32\Com
    2009-01-06 12:46:46 ----D---- C:\Program Files\Windows NT
    2009-01-06 12:46:46 ----D---- C:\Program Files\Outlook Express
    2009-01-06 12:46:41 ----D---- C:\Program Files\Fichiers communs\System
    2009-01-06 12:46:23 ----D---- C:\WINDOWS\system32\oobe
    2009-01-06 12:33:13 ----D---- C:\WINDOWS\ehome
    2009-01-05 15:36:19 ----D---- C:\Documents and Settings
    2009-01-01 19:41:06 ----D---- C:\Program Files\MultiMedia Toolbar
    2008-12-22 16:47:04 ----D---- C:\Program Files\Teamspeak2_RC2
    2008-12-20 23:47:04 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-12-20 23:47:03 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-12-20 23:47:03 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-12-20 23:47:02 ----A---- C:\WINDOWS\system32\url.dll
    2008-12-20 23:47:02 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-12-20 23:47:02 ----A---- C:\WINDOWS\system32\occache.dll
    2008-12-20 23:47:02 ----A---- C:\WINDOWS\system32\mstime.dll
    2008-12-20 23:47:01 ----A---- C:\WINDOWS\system32\msrating.dll
    2008-12-20 23:47:01 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-12-20 23:46:57 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-12-20 23:46:56 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-12-20 23:46:56 ----A---- C:\WINDOWS\system32\jsproxy.dll
    2008-12-20 23:46:54 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-12-20 23:46:54 ----A---- C:\WINDOWS\system32\iernonce.dll
    2008-12-20 23:46:54 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-12-20 23:46:50 ----A---- C:\WINDOWS\system32\iedkcs32.dll
    2008-12-20 23:46:50 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-12-20 23:46:49 ----A---- C:\WINDOWS\system32\ieaksie.dll
    2008-12-20 23:46:49 ----A---- C:\WINDOWS\system32\ieakeng.dll
    2008-12-20 23:46:49 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-12-20 23:46:49 ----A---- C:\WINDOWS\system32\extmgr.dll
    2008-12-20 23:46:48 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-12-20 23:46:48 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-12-20 23:46:48 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-12-19 10:11:12 ----A---- C:\WINDOWS\system32\ie4uinit.exe
    2008-12-19 10:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-12-19 06:23:56 ----A---- C:\WINDOWS\system32\ieakui.dll
    2008-12-18 22:11:49 ----D---- C:\Program Files\RPG MAKER XP
    2008-12-18 22:01:25 ----D---- C:\Program Files\RPG Maker VX
    2008-12-18 00:18:59 ----D---- C:\Program Files\Sword Legend - Benakin Production

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-25 271360]
    R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-25 18048]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-12-12 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-03-05 104328]
    R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-01-24 242184]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
    R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-12 43008]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-27 3663040]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
    S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-06 152984]
    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2009-02-01 431424]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-27 143426]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
    R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-01-24 1581056]
    S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-23 138168]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------


    info.txt logfile of random's system information tool 1.05 2009-03-15 15:53:53

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Ahriman's Prophecy-->C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Awesom-O-->C:\Program Files\Awesom-O\uninstall.exe
    Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
    BitDefender Internet Security 2009-->MsiExec.exe /X{CEB21884-8A5F-48C7-B707-6919FD890650}
    Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
    Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
    Burn4Free Toolbar-->"C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_1140.exe" _?=C:\Program Files\Burn4Free Toolbar
    Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
    Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Everlong v2.16-->C:\Program Files\Everlong v2.16\Uninstal.exe
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
    Final Fantasy VII Origin Version 3.1-->C:\Program Files\Final Fantasy VII Origin\Uninstall.exe
    Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Guitar Pro 4 Demo-->MsiExec.exe /X{22C1B575-C746-46F2-80A3-EE9612AF5FAA}
    Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
    Hero Editor V0.80-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
    ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
    IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
    Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Macromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
    Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    mIRC-->"C:\Documents and Settings\user\Bureau\mircfr\mirc.exe" -uninstall
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (2.0.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MultiMedia Toolbar-->C:\PROGRA~1\MULTIM~1\UNWISE.EXE C:\PROGRA~1\MULTIM~1\INSTALL.LOG
    Nostale Online FR (Remove)-->"C:\Nostale(FR)\unins000.exe"
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310}
    OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RMXP\RGSS\unins000.exe"
    RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
    RMXP version 1.0.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RMXP\unins000.exe"
    RPG Maker 2000 1.05-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\install.log"
    RPG Maker VX 1.02-->"C:\Program Files\RPG Maker VX\unins000.exe"
    RPG Maker VX RTP-->"C:\Program Files\RPG Maker VX\unins001.exe"
    RTP 1.32 Add-On for RM2k-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\RTP\install.log"
    RTP for RM2K (Png, Wav, Midi, Fonts)-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\RTP\install.log"
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}
    Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
    Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Sword Legend - Benakin Production-->C:\Program Files\Sword Legend - Benakin Production\Uninstal.exe
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins001.exe"
    TeamSpeak 2 Server RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    Ulead PhotoImpact 10 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x40c
    Ulead VideoStudio 9.0 SE DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x40c
    Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"
    VampiresDawnRTP.zip-->"C:\Program Files\VampiresDawnRTP.zip\unins000.exe"
    VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
    VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

    =====HijackThis Backups=====

    O4 - HKLM\..\Run: [1290909921] "C:\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe"
    O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
    O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
    O4 - Startup: Personal Player.lnk = C:\Program Files\Yahoo!\Web Hottest Videos Personal Player\Diablo 2 Lord of Destruction Maphack Web hottest videos personal player.exe
    O2 - BHO: (no name) - {DA42898A-B891-4C73-B4F2-4D0F5DC3640E} - C:\WINDOWS\system32\atl7.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll

    ======Security center information======

    AV: BitDefender Antivirus (disabled)
    FW: Norton Internet Worm Protection (disabled)
    FW: BitDefender Firewall

    System event log

    Computer Name: 120998370319
    Event Code: 1002
    Message: Le bail de l'adresse IP 192.168.1.33 pour la carte réseau dont l'adresse réseau est 001617E90209
    a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK).

    Record Number: 26143
    Source Name: Dhcp
    Time Written: 20090112172446.000000+060
    Event Type: error
    User:

    Computer Name: 120998370319
    Event Code: 4201
    Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{FE85DD93-E7BA-4FB7-841B-E9C5722AF008} était connectée au réseau,
    et a lancé une opération normale sur la carte réseau.

    Record Number: 26142
    Source Name: Tcpip
    Time Written: 20090112172441.000000+060
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service bdfm.

    Record Number: 26141
    Source Name: Service Control Manager
    Time Written: 20090112172300.000000+060
    Event Type: information
    User: AUTORITE NT\SYSTEM

    Computer Name: 120998370319
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service bdfsfltr.

    Record Number: 26140
    Source Name: Service Control Manager
    Time Written: 20090112172300.000000+060
    Event Type: information
    User: AUTORITE NT\SYSTEM

    Computer Name: 120998370319
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

    Record Number: 26139
    Source Name: Service Control Manager
    Time Written: 20090112172246.000000+060
    Event Type: information
    User:

    Application event log

    Computer Name: 120998370319
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 15661
    Source Name: SecurityCenter
    Time Written: 20080913132219.000000+120
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 0
    Message:
    Record Number: 15660
    Source Name: scan
    Time Written: 20080913132217.000000+120
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 0
    Message:
    Record Number: 15659
    Source Name: USBDeviceService
    Time Written: 20080913132139.000000+120
    Event Type: information
    User:

    Computer Name: 120998370319
    Event Code: 1517
    Message: Windows a sauvegardé le Registre utilisateur 120998370319\user alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


    Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

    Record Number: 15658
    Source Name: Userenv
    Time Written: 20080912234227.000000+120
    Event Type: warning
    User: AUTORITE NT\SYSTEM

    Computer Name: 120998370319
    Event Code: 101
    Message: msnmsgr (20900) Le moteur de base de données est arrêté.

    Record Number: 15657
    Source Name: ESENT
    Time Written: 20080912210858.000000+120
    Event Type: information
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=0604
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

    -----------------EOF-----------------

    ComboFix 09-03-14.01 - user 2009-03-15 18:26:16.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.485 [GMT 1:00]
    Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
    AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
    FW: BitDefender Firewall *disabled*
    FW: Norton Internet Worm Protection *disabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LeonHearts\Bureau\System Security.lnk
    c:\documents and settings\LeonHearts\Menu Démarrer\Programmes\System Security
    c:\documents and settings\LeonHearts\Menu Démarrer\Programmes\System Security\System Security.lnk
    c:\documents and settings\user\Bureau\System Security.lnk
    c:\documents and settings\user\Menu Démarrer\Programmes\System Security
    c:\documents and settings\user\Menu Démarrer\Programmes\System Security\System Security.lnk

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-15 au 2009-03-15 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-15 15:53 . 2009-03-15 15:53 <REP> d-------- C:\rsit
    2009-03-15 11:16 . 2009-03-15 11:16 <REP> d-------- C:\_OTMoveIt
    2009-03-14 12:46 . 2009-03-15 15:53 <REP> d-------- c:\program files\trend micro
    2009-03-13 20:16 . 2009-03-13 21:33 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-03-13 20:16 . 2009-03-13 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-06 20:17 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\dllcache\ntprint.cat
    2009-03-05 19:56 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2009-03-05 19:45 . 2009-03-05 19:55 <REP> d-------- c:\windows\system32\XPSViewer
    2009-03-05 19:45 . 2009-03-05 19:45 <REP> d-------- c:\program files\Reference Assemblies
    2009-03-05 19:45 . 2009-03-05 19:45 <REP> d-------- c:\program files\MSBuild
    2009-03-05 19:43 . 2009-03-05 19:44 <REP> d-------- C:\8c53592072a98fdf03e5e87c7f
    2009-03-05 19:43 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-03-05 19:43 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
    2009-03-05 19:43 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-03-05 19:43 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-03-05 19:43 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-03-05 19:43 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-03-05 19:43 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-03-05 18:56 . 2009-03-08 15:27 <REP> d-------- c:\program files\Diablo II
    2009-03-05 18:41 . 2009-03-05 18:58 102,400 --a------ c:\windows\DIIUnin.exe
    2009-03-05 18:41 . 2009-03-05 19:33 70,135 --a------ c:\windows\DIIUnin.dat
    2009-03-05 18:41 . 2009-03-05 18:58 2,829 --a------ c:\windows\DIIUnin.pif
    2009-03-05 18:39 . 2009-03-08 15:27 <REP> d-------- c:\program files\Diablo I
    2009-03-02 22:31 . 2009-03-12 15:51 54,156 --ah----- c:\windows\QTFont.qfn
    2009-03-02 22:31 . 2009-03-02 22:31 1,409 --a------ c:\windows\QTFont.for
    2009-03-01 11:32 . 2009-03-01 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-02-28 20:45 . 2009-02-28 20:51 <REP> d-------- c:\documents and settings\user\Plugins
    2009-02-25 22:48 . 2009-02-25 22:48 <REP> d-------- c:\program files\Burn4Free Toolbar
    2009-02-25 22:48 . 2009-02-25 22:48 233,117 --a------ c:\windows\Burn4Free_Toolbar_Uninstaller_1140.exe
    2009-02-25 22:47 . 2009-02-25 22:58 <REP> d-------- c:\program files\Burn4Free
    2009-02-25 22:27 . 2009-03-12 15:23 <REP> d-------- c:\program files\SlySoft
    2009-02-25 22:27 . 2009-02-25 22:27 24 ---hs---- c:\windows\S7EE673CF.tmp
    2009-02-25 21:32 . 2009-02-25 21:32 <REP> d-------- c:\documents and settings\user\Application Data\Sonic
    2009-02-22 18:54 . 2009-02-22 18:54 <REP> d-------- c:\windows\IP Changer
    2009-02-22 18:51 . 2009-03-12 15:26 <REP> d-------- c:\program files\IP Changer
    2009-02-22 18:40 . 2009-02-22 18:40 <REP> d-------- c:\documents and settings\user\WINDOWS
    2009-02-18 19:22 . 2009-02-18 20:21 24 --a------ c:\windows\codelaro.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-15 17:26 81,984 ----a-w c:\windows\system32\bdod.bin
    2009-03-15 16:55 --------- d-----w c:\documents and settings\user\Application Data\Skype
    2009-03-15 15:04 --------- d-----w c:\documents and settings\user\Application Data\skypePM
    2009-03-13 20:36 --------- d-----w c:\program files\ICQ6
    2009-03-12 21:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-03-12 15:23 --------- d-----w c:\program files\eMule
    2009-03-05 19:47 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
    2009-03-05 18:30 21,840 ----atw c:\windows\system32\SIntfNT.dll
    2009-03-05 18:30 17,212 ----atw c:\windows\system32\SIntf32.dll
    2009-03-05 18:30 12,067 ----atw c:\windows\system32\SIntf16.dll
    2009-02-12 21:54 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
    2009-02-12 21:53 --------- d-----w c:\program files\DVDVideoSoft
    2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
    2009-02-07 17:11 --------- d-----w c:\documents and settings\user\Application Data\teamspeak2
    2009-02-06 16:28 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-02-06 16:27 --------- d-----w c:\program files\Java
    2009-02-06 15:58 --------- d-----w c:\documents and settings\user\Application Data\mIRC
    2009-02-06 15:57 --------- d-----w c:\program files\mIRC
    2009-02-05 19:39 --------- d-----w c:\documents and settings\LeonHearts\Application Data\teamspeak2
    2009-01-24 13:59 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
    2009-01-23 14:28 193,731,572 ----a-w C:\Nivalis_finalV2.zip
    2009-01-21 17:53 1,250,582,784 ----a-w C:\NosTale_FR_20090120.exe
    2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
    2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
    2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
    2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
    2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
    2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
    2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
    2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
    2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll
    2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll
    2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
    2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-01-08 20:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2009-01-24 13:59 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
    2007-02-21 22:13 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2007-02-21 22:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2007-02-21 22:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2007-02-21 22:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2007-02-21 22:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA42898A-B891-4C73-B4F2-4D0F5DC3640E}]
    2003-03-18 21:05 96256 --a------ c:\windows\system32\atl7.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Skype"="c:\apps\skype\Phone\Skype.exe" [2007-12-07 21763368]
    "ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
    "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-09 98304]
    "BitDefender Security Center"="c:\program files\BitDefender\BitDefender 2009\seccenter.exe" [2008-12-12 413696]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-02-01 741376]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-12-12 69632]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
    "1290909921"="c:\_otmoveit\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe" [2009-03-12 14:16 2206745]
    "nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\APPS\\skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Documents and Settings\\user\\Bureau\\Redvex\\Redeye.exe"=
    "c:\\Documents and Settings\\user\\Bureau\\Redvex 3.2 2-25-08\\Jerenay.exe"=

    R0 fwwhditf;fwwhditf;c:\windows\system32\drivers\fwwhditf.sys [2004-09-23 23424]
    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82696]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-06-30 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-07-17 104328]
    S1 glaide32;glaide32;\??\c:\windows\system32\drivers\glaide32.sys --> c:\windows\system32\drivers\glaide32.sys [?]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-15 c:\windows\Tasks\Configurer mon PC.job
    - c:\apps\SMP\PCSETUP.EXE [2005-11-17 10:03]

    2009-03-15 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

    2009-03-15 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.rpg-maker.fr/
    mStart Page = hxxp://www.yahoo.com
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {FE85DD93-E7BA-4FB7-841B-E9C5722AF008} = 192.168.1.1
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-15 18:30:30
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Heure de fin: 2009-03-15 18:34:00
    ComboFix-quarantined-files.txt 2009-03-15 17:33:55

    Avant-CF: 120 250 429 440 octets libres
    Après-CF: 120,327,786,496 octets libres

    210 --- E O F --- 2009-03-12 06:20:35

    /!\ Seul SueShine peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    --> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    c:\windows\system32\atl7.dll

    Folder::
    c:\_otmoveit

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA42898A-B891-4C73-B4F2-4D0F5DC3640E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "1290909921"=-

    FileLook::
    c:\windows\system32\drivers\fwwhditf.sys


    --> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes .

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    --> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 

    Bonsoir^^ ,

    Tout d'abord je veux te remercier pour ton aide :)  sans toi j'aurai pu rien faire mille fois merci.


    ComboFix 09-03-15.01 - user 2009-03-16 20:17:23.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.627 [GMT 1:00]
    Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\user\Bureau\CFScript.txt
    AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
    FW: BitDefender Firewall *disabled*
    FW: Norton Internet Worm Protection *disabled*
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\atl7.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\_otmoveit
    c:\_otmoveit\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\1290909921.exe
    c:\_otmoveit\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\config.udb
    c:\_otmoveit\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\init.udb
    c:\_otmoveit\MovedFiles\03152009_111636\Documents and Settings\All Users\Application Data\1248937748\Langs.udb
    c:\windows\system32\atl7.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-16 au 2009-03-16 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-15 22:35 . 2009-03-15 22:43 <REP> d-------- c:\program files\Blades of Avernum
    2009-03-15 15:53 . 2009-03-15 15:53 <REP> d-------- C:\rsit
    2009-03-14 12:46 . 2009-03-15 15:53 <REP> d-------- c:\program files\trend micro
    2009-03-13 20:16 . 2009-03-13 21:33 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-03-13 20:16 . 2009-03-13 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-06 20:17 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\dllcache\ntprint.cat
    2009-03-05 19:56 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2009-03-05 19:45 . 2009-03-05 19:55 <REP> d-------- c:\windows\system32\XPSViewer
    2009-03-05 19:45 . 2009-03-05 19:45 <REP> d-------- c:\program files\Reference Assemblies
    2009-03-05 19:45 . 2009-03-05 19:45 <REP> d-------- c:\program files\MSBuild
    2009-03-05 19:43 . 2009-03-05 19:44 <REP> d-------- C:\8c53592072a98fdf03e5e87c7f
    2009-03-05 19:43 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-03-05 19:43 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
    2009-03-05 19:43 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-03-05 19:43 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-03-05 19:43 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-03-05 19:43 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-03-05 19:43 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-03-05 18:56 . 2009-03-08 15:27 <REP> d-------- c:\program files\Diablo II
    2009-03-05 18:41 . 2009-03-05 18:58 102,400 --a------ c:\windows\DIIUnin.exe
    2009-03-05 18:41 . 2009-03-05 19:33 70,135 --a------ c:\windows\DIIUnin.dat
    2009-03-05 18:41 . 2009-03-05 18:58 2,829 --a------ c:\windows\DIIUnin.pif
    2009-03-05 18:39 . 2009-03-08 15:27 <REP> d-------- c:\program files\Diablo I
    2009-03-02 22:31 . 2009-03-12 15:51 54,156 --ah----- c:\windows\QTFont.qfn
    2009-03-02 22:31 . 2009-03-02 22:31 1,409 --a------ c:\windows\QTFont.for
    2009-03-01 11:32 . 2009-03-01 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-02-28 20:45 . 2009-02-28 20:51 <REP> d-------- c:\documents and settings\user\Plugins
    2009-02-25 22:48 . 2009-02-25 22:48 <REP> d-------- c:\program files\Burn4Free Toolbar
    2009-02-25 22:48 . 2009-02-25 22:48 233,117 --a------ c:\windows\Burn4Free_Toolbar_Uninstaller_1140.exe
    2009-02-25 22:47 . 2009-02-25 22:58 <REP> d-------- c:\program files\Burn4Free
    2009-02-25 22:27 . 2009-03-12 15:23 <REP> d-------- c:\program files\SlySoft
    2009-02-25 22:27 . 2009-02-25 22:27 24 ---hs---- c:\windows\S7EE673CF.tmp
    2009-02-25 21:32 . 2009-02-25 21:32 <REP> d-------- c:\documents and settings\user\Application Data\Sonic
    2009-02-22 18:54 . 2009-02-22 18:54 <REP> d-------- c:\windows\IP Changer
    2009-02-22 18:51 . 2009-03-12 15:26 <REP> d-------- c:\program files\IP Changer
    2009-02-22 18:40 . 2009-02-22 18:40 <REP> d-------- c:\documents and settings\user\WINDOWS
    2009-02-18 19:22 . 2009-02-18 20:21 24 --a------ c:\windows\codelaro.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-16 19:23 --------- d-----w c:\documents and settings\user\Application Data\skypePM
    2009-03-15 16:55 --------- d-----w c:\documents and settings\user\Application Data\Skype
    2009-03-13 20:36 --------- d-----w c:\program files\ICQ6
    2009-03-12 21:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-03-12 15:23 --------- d-----w c:\program files\eMule
    2009-03-05 19:47 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
    2009-02-12 21:54 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
    2009-02-12 21:53 --------- d-----w c:\program files\DVDVideoSoft
    2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-07 17:11 --------- d-----w c:\documents and settings\user\Application Data\teamspeak2
    2009-02-06 16:27 --------- d-----w c:\program files\Java
    2009-02-06 15:58 --------- d-----w c:\documents and settings\user\Application Data\mIRC
    2009-02-06 15:57 --------- d-----w c:\program files\mIRC
    2009-02-05 19:39 --------- d-----w c:\documents and settings\LeonHearts\Application Data\teamspeak2
    2009-01-24 13:59 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
    2009-01-23 14:28 193,731,572 ----a-w C:\Nivalis_finalV2.zip
    2009-01-21 17:53 1,250,582,784 ----a-w C:\NosTale_FR_20090120.exe
    2008-01-08 20:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2009-01-24 13:59 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
    2007-02-21 22:13 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2007-02-21 22:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2007-02-21 22:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2007-02-21 22:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2007-02-21 22:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\fwwhditf.sys -- Unable to find file version info.
    MD5: 37f42a2bb22006206e3108fdcae9e68c


    ((((((((((((((((((((((((((((( SnapShot@2009-03-15_18.31.52,35 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-03-15 17:26:13 81,984 ----a-w c:\windows\system32\bdod.bin
    + 2009-03-15 17:32:41 81,984 ----a-w c:\windows\system32\bdod.bin
    + 2009-03-16 19:21:30 16,384 ----atw c:\windows\temp\Perflib_Perfdata_618.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA42898A-B891-4C73-B4F2-4D0F5DC3640E}]
    2003-03-18 21:05 96256 --a------ c:\windows\system32\atl7.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Skype"="c:\apps\skype\Phone\Skype.exe" [2007-12-07 21763368]
    "ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
    "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-09 98304]
    "BitDefender Security Center"="c:\program files\BitDefender\BitDefender 2009\seccenter.exe" [2008-12-12 413696]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-02-01 741376]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-12-12 69632]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
    "nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\APPS\\skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Documents and Settings\\user\\Bureau\\Redvex\\Redeye.exe"=
    "c:\\Documents and Settings\\user\\Bureau\\Redvex 3.2 2-25-08\\Jerenay.exe"=

    R0 fwwhditf;fwwhditf;c:\windows\system32\drivers\fwwhditf.sys [2004-09-23 23424]
    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82696]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-06-30 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-07-17 104328]
    S1 glaide32;glaide32;\??\c:\windows\system32\drivers\glaide32.sys --> c:\windows\system32\drivers\glaide32.sys [?]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-15 c:\windows\Tasks\Configurer mon PC.job
    - c:\apps\SMP\PCSETUP.EXE [2005-11-17 10:03]

    2009-03-15 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

    2009-03-16 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.rpg-maker.fr/
    mStart Page = hxxp://www.yahoo.com
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {FE85DD93-E7BA-4FB7-841B-E9C5722AF008} = 192.168.1.1
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-16 20:22:02
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    c:\program files\BitDefender\BitDefender 2009\vsserv.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\dllhost.exe
    c:\windows\ehome\ehmsas.exe
    c:\apps\ABOARD\AOSD.EXE
    c:\apps\skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-16 20:27:06 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-16 19:27:00
    ComboFix2.txt 2009-03-15 17:34:02

    Avant-CF: 120 649 818 112 octets libres
    Après-CF: 120,565,911,552 octets libres

    217 --- E O F --- 2009-03-12 06:20:35

    /!\ Seul SueShine peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    --> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    glaide32
    fwwhditf

    File::
    c:\windows\system32\atl7.dll
    c:\windows\system32\drivers\glaide32.sys
    c:\windows\system32\drivers\fwwhditf.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA42898A-B891-4C73-B4F2-4D0F5DC3640E}]


    --> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    --> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    Lassé par la pub ? Créez un compte

    Créer un nouveau sujet

    Tom's guide dans le monde