Se connecter / S'enregistrer
Votre question

Bearshare

Tags :
  • Bearshare
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Décembre 2008 20:59:24

Bonjour a tous !!
Recemment j'ai installé le logiciel Bearshare. :fou: 
Mais ce logiciel m'a laissé des traces c'est à dire que depuis que je l'ai desinstaller de mon ordinateur Bearshare me la ralentie et il mintenant mon internet m'ouvre des fenetre de publicité.



Pouvez vous m'aider a enlever ses fenetre intenpestive qui me soule !

Merci de bien vouloir m'aider.

Autres pages sur : bearshare

20 Décembre 2008 19:38:30

Bonjour, Merci d'avoir répondu.

Voilà mon Log Hijackhis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:58, on 20/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab509...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\d3dx9_2832.dll
O20 - Winlogon Notify: b4063646509 - C:\WINDOWS\System32\d3dx9_2832.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9534 bytes
Contenus similaires
a b 8 Sécurité
21 Décembre 2008 12:36:50

Analyse le fichier suivant chez VirusTotal :
C:\WINDOWS\System32\d3dx9_2832.dll
21 Décembre 2008 13:39:02

Virus total l'a analyser.
Je le supprime aprés analyse ?
21 Décembre 2008 13:40:17

Voici ce qu'il m'affiche aprés l'analyse du fichier :


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.19.3 2008.12.21 Win-Trojan/Agent.135168.DL
AntiVir 7.9.0.45 2008.12.19 TR/Spy.Gen
Authentium 5.1.0.4 2008.12.21 W32/Heuristic-KPP!Eldorado
Avast 4.8.1281.0 2008.12.20 Win32:Spyware-gen
AVG 8.0.0.199 2008.12.20 Agent.AMYP
BitDefender 7.2 2008.12.21 Trojan.Downloader.JLKD
CAT-QuickHeal 10.00 2008.12.20 TrojanDownloader.Agent.arsg
ClamAV 0.94.1 2008.12.20 Trojan.Downloader-62388
Comodo 783 2008.12.20 TrojWare.Win32.TrojanDownloader.Agent.arsg
DrWeb 4.44.0.09170 2008.12.21 DLOADER.Trojan
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6271 2008.12.20 Win32/SillyDl.GES
Ewido 4.0 2008.12.21 -
F-Prot 4.4.4.56 2008.12.21 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14332.0 2008.12.21 Trojan-Downloader.Win32.Agent.arsg
Fortinet 3.117.0.0 2008.12.21 PossibleThreat
GData 19 2008.12.21 Trojan.Downloader.JLKD
Ikarus T3.1.1.45.0 2008.12.21 Trojan-Downloader.Win32.Tracur
K7AntiVirus 7.10.560 2008.12.20 Trojan-Downloader.Win32.Agent.arsg
Kaspersky 7.0.0.125 2008.12.21 Trojan-Downloader.Win32.Agent.arsg
McAfee 5470 2008.12.20 Generic Downloader.x
McAfee+Artemis 5470 2008.12.20 Generic Downloader.x
Microsoft 1.4205 2008.12.21 TrojanDownloader:Win32/Tracur.A
NOD32 3709 2008.12.20 Win32/Agent.OAF
Norman 5.80.02 2008.12.19 W32/DLoader.LUXM
Panda 9.0.0.4 2008.12.21 Trj/Downloader.MDW
PCTools 4.4.2.0 2008.12.21 -
Prevx1 V2 2008.12.21 Cloaked Malware
Rising 21.08.62.00 2008.12.21 Trojan.DL.Win32.Mnless.buo
SecureWeb-Gateway 6.7.6 2008.12.19 Trojan.Spy.Gen
Sophos 4.37.0 2008.12.21 Troj/Agent-IKQ
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.21 Downloader.Trojan
TheHacker 6.3.1.4.195 2008.12.20 Trojan/Downloader.Agent.arsg
TrendMicro 8.700.0.1004 2008.12.19 -
VBA32 3.12.8.10 2008.12.20 Trojan-Downloader.Win32.Agent.arsg
ViRobot 2008.12.20.1528 2008.12.21 Trojan.Win32.Downloader.135168.AH
VirusBuster 4.5.11.0 2008.12.20 -
Information additionnelle
File size: 135168 bytes
MD5...: de7c6c753ba2b54c3080fa1d7189b294
SHA1..: c6afd88f5b68a9b1802af6bf5850387d5536cc77
SHA256: f1a49c8599149af15e1af728f048b2a55800b300f94e8b23a9dbfb1e2128fade
SHA512: 90100627d1131b6c5a9b8dd554fe3cf243f4a58c27b941f6970130a1f5c3af61
0c422e56b6428a97baeba25ae245867d6d1e8f4eaed396077083fbf84d74cbf8

ssdeep: 3072:ynHzaargsDli/VFyWMdKGIQ/VMnBGN0TBfCItnhZjQ:sHWWliNFyj+B00TB
qwnhBQ

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10001ff0
timedatestamp.....: 0x49283491 (Sat Nov 22 16:34:25 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x15224 0x16000 6.46 b2a51b0d0f77443ff0ad537de55e0b38
.rdata 0x17000 0x6319 0x7000 6.29 66b304a3b9c2fb6934a1a268ea54cf9a
.data 0x1e000 0x1498 0x1000 2.08 e41c1d65c451f95e029882aeeb464886
.reloc 0x20000 0x1abc 0x2000 5.87 1b7f473a37a669a94a8b022bb0e83730

( 11 imports )
> ntdll.dll: _snprintf, _strnicmp, strlen, strstr, _stricmp, memcmp, atoi, _itoa, memcpy, _ultoa, tolower, memset, _chkstk, _allmul, _alldiv
> msvcrt.dll: strtok
> WS2_32.dll: WSASocketW, -, WSASend, -, WSAWaitForMultipleEvents, WSAIoctl, -, -, -, WSARecv, WSACreateEvent, WSAGetOverlappedResult, -, -, -, -, -, -
> WININET.dll: HttpOpenRequestA, HttpSendRequestA, InternetOpenA, HttpQueryInfoA, InternetReadFile, InternetCloseHandle, InternetOpenUrlA, InternetSetOptionA, InternetConnectA, HttpAddRequestHeadersA
> OLEAUT32.dll: -, -
> SHLWAPI.dll: PathFileExistsA
> KERNEL32.dll: WaitForMultipleObjects, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, RemoveDirectoryA, TransactNamedPipe, HeapSetInformation, HeapCreate, FindFirstFileA, HeapDestroy, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, GetSystemDirectoryA, GetVersionExA, FindClose, FreeLibrary, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, TlsSetValue, TlsGetValue, TlsAlloc, InterlockedExchange, CreateEventA, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, GetFileSize, lstrcpyA, ReadFile, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, InterlockedCompareExchange, lstrlenA, CreateMutexA, SetEvent, TerminateThread, Sleep, OutputDebugStringA, DuplicateHandle, GetExitCodeThread, FlushFileBuffers, ReleaseMutex, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetLastError, GetFileInformationByHandle, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, GetCurrentProcess, WriteFile, EnterCriticalSection, CreateFileA, CreateThread, VirtualFreeEx, DisconnectNamedPipe, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, lstrcmpA, SetFilePointer, SetEndOfFile, GetTempFileNameA, DeleteCriticalSection, GetTempPathA, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, VirtualProtect, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetTickCount, GetFileAttributesA, LoadLibraryA, CreateRemoteThread, OpenProcess
> USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA
> ADVAPI32.dll: RegCreateKeyExA, OpenServiceA, ControlService, ChangeServiceConfigA, RegDeleteKeyA, OpenSCManagerA, RegQueryValueExA, CloseServiceHandle, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA
> SHELL32.dll: ShellExecuteA, SHGetFolderPathA
> ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance

( 2 exports )
DllGetClassObject, EventStartup

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=150CDFBB...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=150CDFBB...;/a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD...' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD...;/a>
a b 8 Sécurité
21 Décembre 2008 16:51:40

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    21 Décembre 2008 19:38:43

    Voici le resultat du scan :


    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1528
    Windows 5.1.2600 Service Pack 3

    21/12/2008 19:28:45
    mbam-log-2008-12-21 (19-28-45).txt

    Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|)
    Eléments examinés: 190827
    Temps écoulé: 2 hour(s), 23 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\3Tj00v3Q.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\QgYoE1O7.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    22 Décembre 2008 12:49:20

    Reposte un rapport Hijackthis.
    22 Décembre 2008 13:26:08

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:24:14, on 22/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab509...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\d3dx9_2832.dll
    O20 - Winlogon Notify: b4063646509 - C:\WINDOWS\System32\d3dx9_2832.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 9594 bytes
    a b 8 Sécurité
    22 Décembre 2008 14:16:02

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    22 Décembre 2008 15:01:47

    comment je fai pour desactiver mes protections résidentes ?
    a b 8 Sécurité
    22 Décembre 2008 15:33:11

    Clic droit sur l'icône en bas à droite // désactiver :) 
    22 Décembre 2008 20:47:49

    ComboFix me dit :

    Windows ne parviet pas à accéder au périphérique, au chemin d'accès ou un fichier spécifié. Vous ne disposez peut-etre pas des autorisations appropriées our avoir accès à l'élément.

    Que dois-je faire ?
    a b 8 Sécurité
    22 Décembre 2008 21:29:24

    Tu es bien administrateur du pc ?
    22 Décembre 2008 23:40:37

    Oui
    22 Décembre 2008 23:41:23

    Je dois le faire en mode sans échec ?
    a b 8 Sécurité
    23 Décembre 2008 16:03:16

    Nan, pas pour Combofix.
    24 Décembre 2008 14:05:28

    Aprés ouverture de ComFix :

    Il me dit :

    Parasite Found:
    The Following files were trying to attach to ComboFix. They shall be disabled Kindly note down on papaer, the name of each file. We may need it later.
    C:\Windows\System32\d3dx9_2832.dll
    C:\Windows\System32\kubidima.dll
    C:\Windows\System32\sifajade.dll
    C:\Windows\System32\limereju.dll

    Puis apeès il s'est mis a chargé et a redémarrer mon ordinateur.
    Après ouverture de ma session il m'affiche :

    Erreur de chargement de C:\Windows\System32\limereju.dll
    Le module spécifié est introuvable.


    Est-ce normal ?
    Que dois-je faire ensuite?
    a b 8 Sécurité
    24 Décembre 2008 17:28:26

    Tu as le rapport C:\combofix.txt ?
    24 Décembre 2008 17:30:30

    Non
    a b 8 Sécurité
    24 Décembre 2008 17:55:05

    Tu peux relancer Combofix pour voir ?
    24 Décembre 2008 18:16:52

    ComboFix est bizarre...

    a b 8 Sécurité
    26 Décembre 2008 13:24:00

    Gné ?
    27 Décembre 2008 13:26:17

    Avez-vous une autre solution ?
    Aidez moi svp
    a b 8 Sécurité
    27 Décembre 2008 16:10:04

    Nan mais pourquoi tu dis qu'il est bizarre ?
    27 Décembre 2008 20:08:20

    parce qu'il marche mal sur mon ordinateur...
    Avez-vous une autre solution svp aidez moi :) 
    a b 8 Sécurité
    28 Décembre 2008 19:03:51

    Reposte un rapport Hijackthis pour voir.
    29 Décembre 2008 19:49:21

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:49, on 2008-12-29
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\QgYoE1O7.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\uu7px3do.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {f77351f1-2f42-4092-a979-c1d6a9023b24} - C:\WINDOWS\system32\wiyatuto.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\vinomisu.dll",s
    O4 - HKLM\..\Run: [b40636e9] rundll32.exe "C:\WINDOWS\system32\winusime.dll",b
    O4 - HKLM\..\Run: [CPMb7350575] Rundll32.exe "c:\windows\system32\japadesu.dll",a
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\vinomisu.dll",s (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab509...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kubidima.dll c:\windows\system32\japadesu.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\japadesu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\japadesu.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10466 bytes
    a b 8 Sécurité
    29 Décembre 2008 20:23:02

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\uu7px3do.dll
    O2 - BHO: (no name) - {f77351f1-2f42-4092-a979-c1d6a9023b24} - C:\WINDOWS\system32\wiyatuto.dll
    O4 - HKLM\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\vinomisu.dll",s
    O4 - HKLM\..\Run: [b40636e9] rundll32.exe "C:\WINDOWS\system32\winusime.dll",b
    O4 - HKLM\..\Run: [CPMb7350575] Rundll32.exe "c:\windows\system32\japadesu.dll",a
    O4 - HKUS\S-1-5-20\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\vinomisu.dll",s (User 'SERVICE RÉSEAU')
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kubidima.dll c:\windows\system32\japadesu.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\japadesu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\japadesu.dll


    &

    Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :files
    C:\WINDOWS\system32\uu7px3do.dll
    C:\WINDOWS\system32\wiyatuto.dll
    C:\WINDOWS\system32\vinomisu.dll
    C:\WINDOWS\system32\winusime.dll
    c:\windows\system32\japadesu.dll
    C:\WINDOWS\system32\vinomisu.dll
    C:\WINDOWS\system32\kubidima.dll
    c:\windows\system32\japadesu.dll


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    30 Décembre 2008 18:02:20

    Merci.

    Voici le rapport :


    ========== FILES ==========
    C:\WINDOWS\system32\uu7px3do.dll unregistered successfully.
    C:\WINDOWS\system32\uu7px3do.dll moved successfully.
    File/Folder C:\WINDOWS\system32\wiyatuto.dll not found.
    File/Folder C:\WINDOWS\system32\vinomisu.dll not found.
    File/Folder C:\WINDOWS\system32\winusime.dll not found.
    DllUnregisterServer procedure not found in c:\windows\system32\japadesu.dll
    c:\windows\system32\japadesu.dll NOT unregistered.
    c:\windows\system32\japadesu.dll moved successfully.
    File/Folder C:\WINDOWS\system32\vinomisu.dll not found.
    File/Folder C:\WINDOWS\system32\kubidima.dll not found.
    File/Folder c:\windows\system32\japadesu.dll not found.

    OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12302008_180051
    a b 8 Sécurité
    30 Décembre 2008 19:16:27

    Reposte un rapport Hijackthis.
    30 Décembre 2008 19:40:23

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:40, on 2008-12-30
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {f77351f1-2f42-4092-a979-c1d6a9023b24} - C:\WINDOWS\system32\lesetate.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s
    O4 - HKLM\..\Run: [CPMb7350575] Rundll32.exe "c:\windows\system32\tewetopi.dll",a
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab509...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\ferazolu.dll c:\windows\system32\tewetopi.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tewetopi.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tewetopi.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9941 bytes
    a b 8 Sécurité
    31 Décembre 2008 16:32:00

    Bizarre que ça revienne.

    Télécharge Random's System Information Tool (RSIT) par (random/random[/#f]) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt [#ff0000](affiché)

  • ainsi que de info.txt (réduit dans la Barre des Tâches).
  • Veille bien à poster l'intégralité des rapports. Vérifie qu'ils soient complets une fois que tu les as postés.

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    1 Janvier 2009 13:34:22

    Contenu de log.txt :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Ruben at 2009-01-01 13:33:24
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 20 GB (27%) free of 72 GB
    Total RAM: 703 MB (38% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:33, on 2009-01-01
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\QgYoE1O7.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ruben\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Ruben.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\uu7px3do.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {f77351f1-2f42-4092-a979-c1d6a9023b24} - C:\WINDOWS\system32\lesetate.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s
    O4 - HKLM\..\Run: [b40636e9] rundll32.exe "C:\WINDOWS\system32\rijipiku.dll",b
    O4 - HKLM\..\Run: [CPMb7350575] Rundll32.exe "c:\windows\system32\rotawapo.dll",a
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab509...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\ferazolu.dll c:\windows\system32\rotawapo.dll c:\windows\system32\dusayamo.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rotawapo.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rotawapo.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10286 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\A34CE68D90939AD9.job
    C:\WINDOWS\tasks\AEA1DC0E91EA522E.job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At25.job
    C:\WINDOWS\tasks\At26.job
    C:\WINDOWS\tasks\At27.job
    C:\WINDOWS\tasks\At28.job
    C:\WINDOWS\tasks\At29.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At30.job
    C:\WINDOWS\tasks\At31.job
    C:\WINDOWS\tasks\At32.job
    C:\WINDOWS\tasks\At33.job
    C:\WINDOWS\tasks\At34.job
    C:\WINDOWS\tasks\At35.job
    C:\WINDOWS\tasks\At36.job
    C:\WINDOWS\tasks\At37.job
    C:\WINDOWS\tasks\At38.job
    C:\WINDOWS\tasks\At39.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At40.job
    C:\WINDOWS\tasks\At41.job
    C:\WINDOWS\tasks\At42.job
    C:\WINDOWS\tasks\At43.job
    C:\WINDOWS\tasks\At44.job
    C:\WINDOWS\tasks\At45.job
    C:\WINDOWS\tasks\At46.job
    C:\WINDOWS\tasks\At47.job
    C:\WINDOWS\tasks\At48.job
    C:\WINDOWS\tasks\At49.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At50.job
    C:\WINDOWS\tasks\At51.job
    C:\WINDOWS\tasks\At52.job
    C:\WINDOWS\tasks\At53.job
    C:\WINDOWS\tasks\At54.job
    C:\WINDOWS\tasks\At55.job
    C:\WINDOWS\tasks\At56.job
    C:\WINDOWS\tasks\At57.job
    C:\WINDOWS\tasks\At58.job
    C:\WINDOWS\tasks\At59.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At60.job
    C:\WINDOWS\tasks\At61.job
    C:\WINDOWS\tasks\At62.job
    C:\WINDOWS\tasks\At63.job
    C:\WINDOWS\tasks\At64.job
    C:\WINDOWS\tasks\At65.job
    C:\WINDOWS\tasks\At66.job
    C:\WINDOWS\tasks\At67.job
    C:\WINDOWS\tasks\At68.job
    C:\WINDOWS\tasks\At69.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At70.job
    C:\WINDOWS\tasks\At71.job
    C:\WINDOWS\tasks\At72.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 50376]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
    solution Class - C:\WINDOWS\system32\uu7px3do.dll [2008-12-31 31232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f77351f1-2f42-4092-a979-c1d6a9023b24}]
    C:\WINDOWS\system32\lesetate.dll [2008-09-30 61559]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-07-04 579584]
    "AVG7_EMC"=C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-03-21 406528]
    "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-02-11 45056]
    "BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
    "P17Helper"=Rundll32 P17.dll []
    "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
    "PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "nufikelalo"=C:\WINDOWS\system32\binosino.dll [2008-09-30 61559]
    "b40636e9"=C:\WINDOWS\system32\rijipiku.dll [2009-01-01 84746]
    "CPMb7350575"=c:\windows\system32\rotawapo.dll [2008-12-31 97364]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Acme.PCHButton"=C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe [2004-01-02 155648]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-21 342848]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
    C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe [2004-01-02 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
    C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe /wait []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
    c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
    c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloudPlugin]
    C:\Program Files\IMT Labs Messenger Plugin\Cloud.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hof]
    C:\WINDOWS\hof.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
    C:\WINDOWS\System32\hphmon05.exe [2003-08-21 483328]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
    c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    C:\HP\KBD\KBD.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LcpaLite]
    C:\Program Files\LCPA Lite\Lcpa Lite.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcappins.exe]
    F:\Virus\VSC\enu\mcappins.exe vsocfg.ini []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe /WinStart []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
    C:\PROGRA~1\ACEMEG~1\UTILIT~1\DRIVES~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
    C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    C:\WINDOWS\SMINST\RECGUARD.EXE [2003-11-03 221184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trash it Scheduler]
    C:\Program Files\Trash it!\Trash it Scheduler.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
    TWEAKUI.CPL []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\typejoy]
    C:\DOCUME~1\Ruben\APPLIC~1\OPTION~1\BeepFast.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe /r []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    C:\WINDOWS\system32\VTTimer.exe [2006-02-11 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
    C:\Program Files\Web_Rebates\WebRebates0.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ControlAd]
    C:\Program Files\Windows ControlAd\WinCtlAd.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9c10e03d-198c-5a8a-f916-a9ba2318a3b6}]
    C:\WINDOWS\system32\{0936fcf1-60ca-f7bf-5899-d2dbff2fa288}.dll DllStart []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE [2005-09-24 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
    C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE /Q []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    G:\WinZip\WZQKPICK.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.4.lnk]
    C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\WINDOWS\system32\ferazolu.dll c:\windows\system32\rotawapo.dll c:\windows\system32\dusayamo.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    C:\WINDOWS\system32\wzcdlg.dll [2008-04-14 384000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
    SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rotawapo.dll [2008-12-31 97364]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rotawapo.dll [2008-12-31 97364]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=scecli
    C:\WINDOWS\system32\ferazolu.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
    "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
    "C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:D isabled:BearShare"
    "C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:D isabled:javaw"
    "C:\Program Files\Fichiers communs\Kaspersky Lab\avpupd.exe"="C:\Program Files\Fichiers communs\Kaspersky Lab\avpupd.exe:*:Enabled:AVP Updater"
    "C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
    "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
    "C:\Documents and Settings\All Users\Documents\Mes vidéos\Freeplayer\vlc\vlc.exe"="C:\Documents and Settings\All Users\Documents\Mes vidéos\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX01.235\Big Emoticons - Baddies Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX01.235\Big Emoticons - Baddies Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX19.500\Big Emoticons - Emoticons Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX19.500\Big Emoticons - Emoticons Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX29.610\Big Emoticons - International Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX29.610\Big Emoticons - International Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX30.297\Big Emoticons - International Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX30.297\Big Emoticons - International Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX49.781\Big Emoticons - Humor Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX49.781\Big Emoticons - Humor Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX51.422\Big Emoticons - Hero Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX51.422\Big Emoticons - Hero Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX59.313\Big Emoticons - Emoticons Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX59.313\Big Emoticons - Emoticons Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX60.047\Big Emoticons - Everyday Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX60.047\Big Emoticons - Everyday Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX61.938\Big Emoticons - Hobbies Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX61.938\Big Emoticons - Hobbies Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX64.250\Big Emoticons - Work Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX64.250\Big Emoticons - Work Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.734\Big Emoticons - Baddies Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.734\Big Emoticons - Baddies Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX01.547\Big Emoticons - Emoticons Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX01.547\Big Emoticons - Emoticons Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX02.625\Big Emoticons - Everyday Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX02.625\Big Emoticons - Everyday Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX03.078\Big Emoticons - Hero Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX03.078\Big Emoticons - Hero Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX05.141\Big Emoticons - Hip Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX05.141\Big Emoticons - Hip Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX06.813\Big Emoticons - Hobbies Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX06.813\Big Emoticons - Hobbies Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX07.531\Big Emoticons - Holiday Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX07.531\Big Emoticons - Holiday Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX08.703\Big Emoticons - Hero Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX08.703\Big Emoticons - Hero Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX09.875\Big Emoticons - Hip Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX09.875\Big Emoticons - Hip Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX17.313\Big Emoticons - Humor Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX17.313\Big Emoticons - Humor Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX18.281\Big Emoticons - International Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX18.281\Big Emoticons - International Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX19.125\Big Emoticons - Love Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX19.125\Big Emoticons - Love Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX20.578\Big Emoticons - Love Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX20.578\Big Emoticons - Love Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX21.422\Big Emoticons - Sports Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX21.422\Big Emoticons - Sports Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX22.016\Big Emoticons - Work Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX22.016\Big Emoticons - Work Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.922\msnmsgr.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.922\msnmsgr.exe:*:Enabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.078\msnmsgr.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.078\msnmsgr.exe:*:Enabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Bureau\msnmsgr.exe"="C:\Documents and Settings\Ruben\Bureau\msnmsgr.exe:*:Enabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Bureau\FASHION7.0813\msnmsgr.exe"="C:\Documents and Settings\Ruben\Bureau\FASHION7.0813\msnmsgr.exe:*:D isabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.297\msnmsgr.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.297\msnmsgr.exe:*:Enabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX01.235\msnmsgr.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX01.235\msnmsgr.exe:*:Enabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.625\Big Emoticons - Baddies Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.625\Big Emoticons - Baddies Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX04.625\Big Emoticons - Emoticons Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX04.625\Big Emoticons - Emoticons Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX07.297\Big Emoticons - Everyday Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX07.297\Big Emoticons - Everyday Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX09.172\Big Emoticons - Hero Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX09.172\Big Emoticons - Hero Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX11.313\Big Emoticons - Hero Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX11.313\Big Emoticons - Hero Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX12.063\Big Emoticons - Hip Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX12.063\Big Emoticons - Hip Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX13.360\Big Emoticons - Hobbies Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX13.360\Big Emoticons - Hobbies Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX15.297\Big Emoticons - Holiday Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX15.297\Big Emoticons - Holiday Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX17.672\Big Emoticons - Humor Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX17.672\Big Emoticons - Humor Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX18.531\Big Emoticons - International Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX18.531\Big Emoticons - International Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX19.016\Big Emoticons - Love Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX19.016\Big Emoticons - Love Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX20.235\Big Emoticons - Sports Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX20.235\Big Emoticons - Sports Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX21.016\Big Emoticons - Work Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX21.016\Big Emoticons - Work Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX02.765\Big Emoticons - Love Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX02.765\Big Emoticons - Love Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.046\Big Emoticons - Love Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.046\Big Emoticons - Love Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX03.766\FASHION7.0813\fashionmsnmsgr.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX03.766\FASHION7.0813\fashionmsnmsgr.exe:*:Enabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX01.437\Bebe7.0813\bebemsnmsgr.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX01.437\Bebe7.0813\bebemsnmsgr.exe:*:Enabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Mes documents\Mes fichiers reçus\Skin IPod MSN 7.0.0777\msnmsgr.exe"="C:\Documents and Settings\Ruben\Mes documents\Mes fichiers reçus\Skin IPod MSN 7.0.0777\msnmsgr.exe:*:Enabled:MSN Messenger"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.281\UltimPack_Emoticons_(PlusMinusTeam).exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.281\UltimPack_Emoticons_(PlusMinusTeam).exe:*:Enabled:UltimPack Emoticons PlusMinusTeam (By Pho3nX)"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.156\WLM8patch\WLM8patch.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.156\WLM8patch\WLM8patch.exe:*:Enabled:Great"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX02.922\WLM8patch\WLM8patch.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX02.922\WLM8patch\WLM8patch.exe:*:Enabled:Great"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX06.984\WLM8patch\WLM8patch.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX06.984\WLM8patch\WLM8patch.exe:*:Enabled:Great"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX11.156\WLM8patch\WLM8patch.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX11.156\WLM8patch\WLM8patch.exe:*:Enabled:Great"
    "C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe"="C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
    "C:\Program Files\MSN Messenger\MSNP13Downgrader.exe"="C:\Program Files\MSN Messenger\MSNP13Downgrader.exe:*:Enabled:MSNP13Downgrader"
    "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
    "C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\Program Files\Messenger\bin\wish.exe"="C:\Program Files\Messenger\bin\wish.exe:*:D isabled:Wish Application"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "%windir%\system32\ccapp.exe"="%windir%\system32\ccapp.exe:*:Enabled:System Process"
    "C:\Program Files\WinPcap\rpcapd.exe"="C:\Program Files\WinPcap\rpcapd.exe:*:D isabled:rpcapd"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.703\Big Emoticons - Baddies Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX00.703\Big Emoticons - Baddies Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX03.531\Big Emoticons - Emoticons Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX03.531\Big Emoticons - Emoticons Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX07.468\Big Emoticons - Hero Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX07.468\Big Emoticons - Hero Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX10.375\Big Emoticons - Hobbies Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX10.375\Big Emoticons - Hobbies Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX13.515\Big Emoticons - Love Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX13.515\Big Emoticons - Love Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX15.093\Big Emoticons - Emoticons Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX15.093\Big Emoticons - Emoticons Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX20.484\Big Emoticons - Humor Pack.exe"="C:\Documents and Settings\Ruben\Local Settings\Temp\Rar$EX20.484\Big Emoticons - Humor Pack.exe:*:Enabled:Messenger Content Installer"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\eXeem\client.dll"="C:\Program Files\eXeem\client.dll:*:Enabled:client"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\game4.exe"="C:\WINDOWS\system32\game4.exe:*:Enabled:enable"
    "C:\WINDOWS\system32\game1.exe"="C:\WINDOWS\system32\game1.exe:*:Enabled:enable"
    "C:\WINDOWS\system32\clcbt.exe"="C:\WINDOWS\system32\clcbt.exe:*:Enabled:enable"
    "C:\WINDOWS\system32\adirss.exe"="C:\WINDOWS\system32\adirss.exe:*:Enabled:enable"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Documents and Settings\Ruben\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Ruben\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    shell\AutoRun\command - D:\Info.exe folder.htt 480 480


    ======List of files/folders created in the last 1 months======

    2009-01-01 13:33:24 ----D---- C:\rsit
    2009-01-01 12:33:37 ----SH---- C:\WINDOWS\system32\ukipijir.ini
    2008-12-31 10:22:07 ----SH---- C:\WINDOWS\system32\uhifuruk.ini
    2008-12-30 22:15:03 ----A---- C:\WINDOWS\system32\uu7px3do.dll
    2008-12-30 19:27:30 ----SH---- C:\WINDOWS\system32\iteseyob.ini
    2008-12-30 18:00:51 ----D---- C:\_OTMoveIt
    2008-12-29 16:48:52 ----SH---- C:\WINDOWS\system32\emisuniw.ini
    2008-12-28 19:14:13 ----SH---- C:\WINDOWS\system32\alufugef.ini
    2008-12-28 00:27:16 ----SH---- C:\WINDOWS\system32\aresayum.ini
    2008-12-27 18:25:07 ----D---- C:\Transporteur.III.FRENCH.R5.MD.XviD-TGK
    2008-12-27 13:29:31 ----A---- C:\WINDOWS\system32\QgYoE1O7.exe.a_a
    2008-12-27 13:29:31 ----A---- C:\WINDOWS\system32\QgYoE1O7.exe
    2008-12-27 12:50:24 ----A---- C:\WINDOWS\system32\h323log.txt
    2008-12-27 12:50:20 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-27 12:04:33 ----SH---- C:\WINDOWS\system32\oloriset.ini
    2008-12-27 00:01:53 ----SH---- C:\WINDOWS\system32\opebirul.ini
    2008-12-26 12:01:24 ----SH---- C:\WINDOWS\system32\ayesehib.ini
    2008-12-25 22:29:16 ----SH---- C:\WINDOWS\system32\etopator.ini
    2008-12-25 15:43:24 ----D---- C:\Program Files\Ares
    2008-12-25 10:29:08 ----SH---- C:\WINDOWS\system32\ipozazil.ini
    2008-12-24 22:18:03 ----D---- C:\Documents and Settings\Ruben\Application Data\LimeWire
    2008-12-24 18:40:27 ----D---- C:\WINDOWS\system32\Kaspersky Lab
    2008-12-24 18:18:25 ----A---- C:\WINDOWS\system32\cmd.execf
    2008-12-24 18:17:08 ----A---- C:\WINDOWS\system32\CF21625.exe
    2008-12-24 18:12:18 ----A---- C:\WINDOWS\system32\CF20828.exe
    2008-12-24 18:04:50 ----A---- C:\WINDOWS\system32\CF19382.exe
    2008-12-24 18:02:28 ----A---- C:\WINDOWS\system32\CF18947.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\zip.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\VFIND.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\SWXCACLS.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\SWSC.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\SWREG.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\sed.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\NIRCMD.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\grep.exe
    2008-12-24 18:02:23 ----A---- C:\WINDOWS\fdsv.exe
    2008-12-24 18:01:12 ----A---- C:\WINDOWS\system32\CF18510.exe
    2008-12-24 13:56:31 ----A---- C:\WINDOWS\system32\CF3248.exe
    2008-12-24 13:46:16 ----D---- C:\WINDOWS\ERDNT
    2008-12-24 13:46:16 ----D---- C:\Qoobox
    2008-12-24 13:46:12 ----A---- C:\WINDOWS\system32\CF1210.exe
    2008-12-24 13:40:43 ----ASH---- C:\WINDOWS\system32\usefirud.ini
    2008-12-24 01:03:53 ----A---- C:\WINDOWS\system32\CF15895.exe
    2008-12-24 01:03:50 ----A---- C:\WINDOWS\system32\CF15891.exe
    2008-12-23 15:05:55 ----ASH---- C:\WINDOWS\system32\oyasuzof.ini
    2008-12-22 22:20:38 ----ASH---- C:\WINDOWS\system32\upimolon.ini
    2008-12-22 21:25:09 ----A---- C:\WINDOWS\system32\CF18401.exe
    2008-12-22 21:20:33 ----ASH---- C:\WINDOWS\system32\etokiwer.ini
    2008-12-22 20:58:11 ----A---- C:\WINDOWS\system32\CF13382.exe
    2008-12-22 20:48:02 ----A---- C:\WINDOWS\system32\CF11390.exe
    2008-12-22 15:03:28 ----A---- C:\WINDOWS\system32\CF9417.exe
    2008-12-22 15:02:07 ----A---- C:\WINDOWS\system32\CF9149.exe
    2008-12-22 15:01:47 ----A---- C:\WINDOWS\system32\CF9084.exe
    2008-12-21 16:58:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-21 16:31:46 ----A---- C:\WINDOWS\system32\3Tj00v3Q.exe
    2008-12-20 22:37:06 ----D---- C:\Program Files\DNA
    2008-12-20 22:37:06 ----D---- C:\Documents and Settings\Ruben\Application Data\DNA
    2008-12-20 19:35:30 ----D---- C:\Program Files\Trend Micro
    2008-12-20 13:22:24 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
    2008-12-17 16:07:14 ----D---- C:\Program Files\Lavasoft
    2008-12-17 16:07:13 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-12-16 21:23:15 ----A---- C:\WINDOWS\system32\MSVBVM60.DLL
    2008-12-14 21:41:45 ----A---- C:\WINDOWS\GnuHashes.ini
    2008-12-13 21:32:09 ----ASH---- C:\WINDOWS\system32\21.tmp
    2008-12-10 23:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-10 23:06:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-10 23:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-10 23:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

    ======List of files/folders modified in the last 1 months======

    2009-01-01 13:33:26 ----D---- C:\WINDOWS\Prefetch
    2009-01-01 13:29:35 ----D---- C:\WINDOWS\Temp
    2009-01-01 13:00:00 ----D---- C:\WINDOWS\system32
    2009-01-01 12:34:06 ----D---- C:\WINDOWS
    2009-01-01 12:33:47 ----D---- C:\Documents and Settings\Ruben\Application Data\AVG7
    2009-01-01 12:32:11 ----ASH---- C:\WINDOWS\system32\rijipiku.dll
    2009-01-01 12:32:11 ----ASH---- C:\WINDOWS\system32\dusayamo.dll
    2009-01-01 12:31:44 ----A---- C:\WINDOWS\ModemLog_Conexant HSF V90 56K PCI Modem #2.txt
    2008-12-31 13:12:53 ----D---- C:\Program Files\WinamaxPoker
    2008-12-31 10:22:47 ----D---- C:\Documents and Settings\Ruben\Application Data\Microgaming
    2008-12-31 10:22:04 ----ASH---- C:\WINDOWS\system32\rotawapo.dll
    2008-12-31 10:22:03 ----ASH---- C:\WINDOWS\system32\kurufihu.dll
    2008-12-30 23:03:35 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-30 19:32:44 ----A---- C:\WINDOWS\system32\tewetopi.dll
    2008-12-30 19:27:27 ----ASH---- C:\WINDOWS\system32\boyeseti.dll
    2008-12-30 17:46:43 ----ASH---- C:\WINDOWS\system32\niwogepi.dll
    2008-12-30 17:46:42 ----ASH---- C:\WINDOWS\system32\yibabofi.dll
    2008-12-28 19:14:10 ----ASH---- C:\WINDOWS\system32\pojabese.dll
    2008-12-28 19:14:10 ----ASH---- C:\WINDOWS\system32\fegufula.dll
    2008-12-28 00:27:13 ----ASH---- C:\WINDOWS\system32\luzilufe.dll
    2008-12-28 00:27:12 ----ASH---- C:\WINDOWS\system32\muyasera.dll
    2008-12-27 16:51:12 ----D---- C:\Documents and Settings\Ruben\Application Data\Azureus
    2008-12-27 13:48:15 ----D---- C:\WINDOWS\system32\CatRoot
    2008-12-27 13:43:53 ----SHD---- C:\System Volume Information
    2008-12-27 13:43:53 ----D---- C:\WINDOWS\system32\Restore
    2008-12-27 12:50:17 ----D---- C:\Documents and Settings
    2008-12-27 12:04:29 ----ASH---- C:\WINDOWS\system32\niyihese.dll
    2008-12-27 00:01:51 ----ASH---- C:\WINDOWS\system32\yuzepijo.dll
    2008-12-27 00:01:50 ----ASH---- C:\WINDOWS\system32\luribepo.dll
    2008-12-26 23:49:18 ----AD---- C:\Program Files
    2008-12-26 22:47:10 ----D---- C:\Program Files\Azureus
    2008-12-26 21:05:40 ----D---- C:\Program Files\Full Tilt Poker
    2008-12-26 21:04:40 ----D---- C:\Program Files\PokerStars
    2008-12-26 19:20:34 ----D---- C:\Documents and Settings\Ruben\Application Data\OpenOffice.org2
    2008-12-26 12:02:03 ----RHD---- C:\$VAULT$.AVG
    2008-12-26 12:01:21 ----ASH---- C:\WINDOWS\system32\jetebusu.dll
    2008-12-25 22:29:17 ----ASH---- C:\WINDOWS\system32\fevihife.dll
    2008-12-25 15:39:47 ----D---- C:\Documents and Settings\Ruben\Application Data\BitTorrent
    2008-12-25 15:39:21 ----D---- C:\WINDOWS\system32\drivers
    2008-12-25 10:29:05 ----N---- C:\WINDOWS\system32\lizazopi.dll
    2008-12-25 10:29:04 ----ASH---- C:\WINDOWS\system32\sebajuyo.dll
    2008-12-24 18:40:29 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-24 18:40:26 ----HD---- C:\WINDOWS\inf
    2008-12-24 18:28:21 ----D---- C:\WINDOWS\Minidump
    2008-12-24 13:40:19 ----A---- C:\WINDOWS\system32\limereju.dll.vir
    2008-12-23 16:08:37 ----D---- C:\Documents and Settings\Ruben\Application Data\AdobeUM
    2008-12-23 15:05:51 ----ASH---- C:\WINDOWS\system32\wepakezu.dll
    2008-12-23 15:05:51 ----A---- C:\WINDOWS\system32\sifajade.dll.vir
    2008-12-22 22:20:39 ----ASH---- C:\WINDOWS\system32\jukabama.dll
    2008-12-22 21:20:29 ----N---- C:\WINDOWS\system32\rewikote.dll
    2008-12-22 21:20:28 ----ASH---- C:\WINDOWS\system32\gaduvoma.dll
    2008-12-21 16:31:51 ----SD---- C:\WINDOWS\Tasks
    2008-12-21 00:10:11 ----SHD---- C:\WINDOWS\Installer
    2008-12-21 00:10:11 ----SHD---- C:\Config.Msi
    2008-12-19 17:22:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-19 17:21:21 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-17 19:34:05 ----D---- C:\Program Files\Grisoft
    2008-12-17 17:33:04 ----D---- C:\Program Files\Fichiers communs
    2008-12-15 22:24:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-12-15 20:31:06 ----D---- C:\WINDOWS\Debug
    2008-12-13 21:37:30 ----D---- C:\Program Files\Internet Explorer
    2008-12-13 20:59:39 ----D---- C:\WINDOWS\ie7updates
    2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-06 00:12:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-01-02 43488]
    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
    R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-03-21 821856]
    R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2005-12-01 4224]
    R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-27 27776]
    R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\system32\drivers\avgclean.sys [2008-03-21 10760]
    R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-12-05 11392]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
    R2 AvgTdi;AVG Network Redirector; \??\C:\WINDOWS\System32\Drivers\avgtdi.sys []
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-14 1042816]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-14 210304]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
    R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
    R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-16 117760]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-14 679808]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-11-18 379456]
    S2 wincom32;wincom32; \??\C:\WINDOWS\system32\wincom32.sys []
    S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]
    S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
    S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BTHMODEM;Pilote de communication série Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM); C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2000-09-14 159867]
    S3 ddxgb;ddxgb; \??\C:\DOCUME~1\Ruben\LOCALS~1\Temp\ddxgb.sys []
    S3 Defender;Defender; \??\C:\Program Files\SinEspias\Defender.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys []
    S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-18 66591]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
    S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-15 41984]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
    S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
    S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
    S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    S3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
    S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-10 47360]
    S3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
    S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640]
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 sermouse;Pilote pour souris sur port série; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-23 18432]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 215552]
    S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]
    S3 SISNPF;SIS Netgroup Packet Filter; C:\WINDOWS\system32\drivers\SISNPF.sys [2005-04-14 31872]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
    S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
    S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
    S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
    S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
    S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
    S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-03-21 418816]
    R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2006-10-15 49664]
    R2 AVGFwSrv;AVG Firewall; C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe [2008-03-21 838656]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-14 26112]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 ccEvtMgr;Symantec Event Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe []
    S4 ccPwdSvc;Symantec Password Validation; c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe []
    S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
    S4 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe []

    -----------------EOF-----------------
    1 Janvier 2009 13:35:46

    Contenu de info.txt :

    info.txt logfile of random's system information tool 1.05 2009-01-01 13:33:39

    ======Uninstall list======

    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->C:\WINDOWS\WEBDELC.EXE -[WebCam Control
    -->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 6.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-000000000001}
    Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe"
    Audacity 1.2.6-->"G:\Program Files\Audacity\unins000.exe"
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Azureus-->C:\Program Files\Azureus\Uninstall.exe
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1036
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Creative Video Blaster WebCam 3 USB/WebCam Plus Driver-->C:\WINDOWS\ctdrvins.exe -uninstall usb\vid_05a9&pid_a511 -plugin webc3pin.dll -pluginres webc3pin.dll
    Creative Video Blaster WebCam Control-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Video Blaster WebCam Control\DeIsL1.isu"
    Creative WebCam Monitor-->C:\WINDOWS\WEBDELC.EXE -[Creative WebCam Monitor
    Enhancement Browser Tools Adsonmedia-->C:\WINDOWS\system32\{0936fcf1-60ca-f7bf-5899-d2dbff2fa288}.dll-uninst.exe
    fCoder HTML Publisher Pro (demo)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\fCoder\HTML Publisher Pro\Uninst.isu"
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
    HP Driver Diagnostics-->MsiExec.exe /X{624D19C3-D55D-4368-BC10-9B53036D8358}
    HP Flat Panel Monitor INF Software 3.00-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA0C587-D976-4D71-8976-0743EDE14F10}\Setup.exe" -l0x40c
    HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Image Zone Plus 3.5-->C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
    HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\setup\hpzscr01.exe" -datfile hposcr05.dat
    HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
    HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
    InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
    InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    MediaMonkey 3.0-->"G:\Program Files\MediaMonkey\unins000.exe"
    Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
    Microsoft Works-->MsiExec.exe /I{E6BAE954-487E-488B-BC4E-2E69E54E8117}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
    Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
    Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
    OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
    Package de pilotes Windows - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
    PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
    PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
    Photo et imagerie HP 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
    Photocite Collection 4-->"C:\Program Files\Photocite Collection 4\Photocite Collection 4\uninstall.exe"
    Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
    Physique-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\CNED\Physique\DeIsL1.isu" -c"C:\Program Files\CNED\Physique\_ISREG32.DLL"
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:p okerStars
    PS2-->C:\WINDOWS\system32\ps2.exe uninstall
    Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
    Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Remove DivX Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
    S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
    S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
    S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
    S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
    Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Sélecteur d'installation de Microsoft Works 2004-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP E:\
    Serif DrawPlus 3.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
    Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Système anti-virus AVG 7.0-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker[1].exe" /uninstall
    Unibet Poker-->C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\UNWISE.EXE C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\INSTALL.LOG
    VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Videora iPod Converter 4.04-->G:\Program Files\Video Converter App\uninstaller.exe
    Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"
    Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    =====HijackThis Backups=====

    O20 - Winlogon Notify: b4063646509 - C:\WINDOWS\System32\d3dx9_2832.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\system32\kubidima.dll C:\WINDOWS\System32\d3dx9_2832.dll C:\WINDOWS\System32\d3dx9_2832.dll c:\windows\system32\sifajade.dll C:\WINDOWS\System32\d3dx9_2832.dll c:\windows\system32\limereju.dll,C:\WINDOWS\System32\d3dx9_2832.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kubidima.dll
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kubidima.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kubidima.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kubidima.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\limereju.dll (file missing)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kubidima.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwogepi.dll
    O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\uu7px3do.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [CPMb7350575] Rundll32.exe "c:\windows\system32\niwogepi.dll",a
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwogepi.dll
    O2 - BHO: (no name) - {f77351f1-2f42-4092-a979-c1d6a9023b24} - C:\WINDOWS\system32\lesetate.dll
    O4 - HKLM\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s
    O4 - HKUS\S-1-5-20\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\vinomisu.dll",s (User 'SERVICE RÉSEAU')
    O4 - HKLM\..\Run: [b40636e9] rundll32.exe "C:\WINDOWS\system32\winusime.dll",b
    O20 - AppInit_DLLs: C:\WINDOWS\system32\ferazolu.dll c:\windows\system32\niwogepi.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwogepi.dll
    O20 - AppInit_DLLs: c:\windows\system32\niwogepi.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwogepi.dll
    O20 - AppInit_DLLs: c:\windows\system32\niwogepi.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwogepi.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\niwogepi.dll

    ======Hosts File======

    127.0.0.1 1ad2srvr-cpt-v1.com
    127.0.0.1 www.1ad2srvr-cpt-v1.com
    127.0.0.1 207-182-237-233.visionaire-us.com
    127.0.0.1 www.207-182-237-233.visionaire-us.com
    127.0.0.1 3721.com
    127.0.0.1 www.3721.com
    127.0.0.1 680180.net
    127.0.0.1 www.680180.net
    127.0.0.1 7search.com
    127.0.0.1 www.7search.com

    ======Security center information======

    AV: AVG 7.5.523 (outdated)
    FW: Pare Feu AVG 7.5.500

    System event log

    Computer Name: ABIZMILFAMILLY
    Event Code: 11
    Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\D.

    Record Number: 422707
    Source Name: Disk
    Time Written: 20081229192500.000000+060
    Event Type: erreur
    User:

    Computer Name: ABIZMILFAMILLY
    Event Code: 11
    Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\D.

    Record Number: 422706
    Source Name: Disk
    Time Written: 20081229192459.000000+060
    Event Type: erreur
    User:

    Computer Name: ABIZMILFAMILLY
    Event Code: 11
    Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\D.

    Record Number: 422705
    Source Name: Disk
    Time Written: 20081229192458.000000+060
    Event Type: erreur
    User:

    Computer Name: ABIZMILFAMILLY
    Event Code: 11
    Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\D.

    Record Number: 422704
    Source Name: Disk
    Time Written: 20081229192457.000000+060
    Event Type: erreur
    User:

    Computer Name: ABIZMILFAMILLY
    Event Code: 11
    Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\D.

    Record Number: 422703
    Source Name: Disk
    Time Written: 20081229192456.000000+060
    Event Type: erreur
    User:

    Application event log

    Computer Name: ABIZMILFAMILLY
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 6187
    Source Name: SecurityCenter
    Time Written: 20081022192629.000000+120
    Event Type: Informations
    User:

    Computer Name: ABIZMILFAMILLY
    Event Code: 1
    Message:
    Record Number: 6186
    Source Name: Bonjour Service
    Time Written: 20081022192629.000000+120
    Event Type: Informations
    User:

    Computer Name: ABIZMILFAMILLY
    Event Code: 1
    Message: Service started

    Record Number: 6185
    Source Name: Avg7UpdSvc
    Time Written: 20081022192628.000000+120
    Event Type: Informations
    User:

    Computer Name: ABIZMILFAMILLY
    Event Code: 0
    Message:
    Record Number: 6184
    Source Name: iPod Service
    Time Written: 20081022173347.000000+120
    Event Type: Informations
    User:

    Computer Name: ABIZMILFAMILLY
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 6183
    Source Name: SecurityCenter
    Time Written: 20081022173252.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "BitRock"=1
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "DEVMGR_SHOW_NONPRESENT_DEVICES"=1
    "FP_NO_HOST_CHECK"=NO
    "NUMBER_OF_PROCESSORS"=1
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;c:\Python22;C:\Program Files\QuickTime\QTSystem
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_REVISION"=0a00
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "windir"=%SystemRoot%
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------
    a b 8 Sécurité
    1 Janvier 2009 19:20:26

    Refais le script suivant avec OTMI.

    :files
    C:\WINDOWS\tasks\A34CE68D90939AD9.job
    C:\WINDOWS\tasks\AEA1DC0E91EA522E.job
    C:\WINDOWS\tasks\At?.job
    C:\WINDOWS\system32\uu7px3do.dll
    c:\windows\system32\rotawapo.dll
    C:\:\WINDOWS\system32\rijipiku.dll
    C:\WINDOWS\system32\binosino.dll

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f77351f1-2f42-4092-a979-c1d6a9023b24}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "nufikelalo"=-
    "b40636e9"=-
    "CPMb7350575"=-
    2 Janvier 2009 17:23:20

    Error: Unable to interpret <C:\WINDOWS\tasks\A34CE68D90939AD9.job > in the current context!
    Error: Unable to interpret <C:\WINDOWS\tasks\AEA1DC0E91EA522E.job > in the current context!
    Error: Unable to interpret <C:\WINDOWS\tasks\At?.job > in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\uu7px3do.dll > in the current context!
    Error: Unable to interpret <c:\windows\system32\rotawapo.dll > in the current context!
    Error: Unable to interpret <C:\:\WINDOWS\system32\rijipiku.dll > in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\binosino.dll > in the current context!
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f77351f1-2f42-4092-a979-c1d6a9023b24}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nufikelalo deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\b40636e9 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPMb7350575 deleted successfully.

    OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01022009_172241
    a b 8 Sécurité
    2 Janvier 2009 18:04:26

    Tu as bien copié/collé ce que j'ai donné ?
    2 Janvier 2009 23:04:08

    Attendez je le refais.


    ========== FILES ==========
    C:\WINDOWS\tasks\A34CE68D90939AD9.job moved successfully.
    C:\WINDOWS\tasks\AEA1DC0E91EA522E.job moved successfully.
    C:\WINDOWS\tasks\At1.job moved successfully.
    C:\WINDOWS\tasks\At2.job moved successfully.
    C:\WINDOWS\tasks\At3.job moved successfully.
    C:\WINDOWS\tasks\At4.job moved successfully.
    C:\WINDOWS\tasks\At5.job moved successfully.
    C:\WINDOWS\tasks\At6.job moved successfully.
    C:\WINDOWS\tasks\At7.job moved successfully.
    C:\WINDOWS\tasks\At8.job moved successfully.
    C:\WINDOWS\tasks\At9.job moved successfully.
    C:\WINDOWS\system32\uu7px3do.dll unregistered successfully.
    C:\WINDOWS\system32\uu7px3do.dll moved successfully.
    DllUnregisterServer procedure not found in c:\windows\system32\rotawapo.dll
    c:\windows\system32\rotawapo.dll NOT unregistered.
    c:\windows\system32\rotawapo.dll moved successfully.
    File/Folder C:\:\WINDOWS\system32\rijipiku.dll not found.
    File/Folder C:\WINDOWS\system32\binosino.dll not found.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f77351f1-2f42-4092-a979-c1d6a9023b24}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nufikelalo deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\b40636e9 deleted successfully.

    OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01022009_230300



    a b 8 Sécurité
    3 Janvier 2009 18:25:42

    Reposte un rapport Hijackthis :) 
    3 Janvier 2009 20:36:40

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:36, on 2009-01-03
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {f77351f1-2f42-4092-a979-c1d6a9023b24} - C:\WINDOWS\system32\kutakobi.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s
    O4 - HKLM\..\Run: [CPMb7350575] Rundll32.exe "c:\windows\system32\jijejeju.dll",a
    O4 - HKLM\..\Run: [b40636e9] rundll32.exe "C:\WINDOWS\system32\pujojiwu.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab509...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
    O20 - AppInit_DLLs: c:\windows\system32\rotawapo.dll C:\WINDOWS\system32\horarugo.dll c:\windows\system32\jijejeju.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jijejeju.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jijejeju.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10208 bytes
    4 Janvier 2009 16:47:35

    J'ai toujours des pubs intempestive sur mon ordinateur.
    a b 8 Sécurité
    4 Janvier 2009 17:29:04

    Je crois avoir compris pourquoi les fichiers reviennent.

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {f77351f1-2f42-4092-a979-c1d6a9023b24} - C:\WINDOWS\system32\kutakobi.dll
    O4 - HKLM\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s
    O4 - HKLM\..\Run: [CPMb7350575] Rundll32.exe "c:\windows\system32\jijejeju.dll",a
    O4 - HKLM\..\Run: [b40636e9] rundll32.exe "C:\WINDOWS\system32\pujojiwu.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s (User 'SERVICE RÉSEAU')
    O20 - AppInit_DLLs: c:\windows\system32\rotawapo.dll C:\WINDOWS\system32\horarugo.dll c:\windows\system32\jijejeju.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jijejeju.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jijejeju.dll


    &

    Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :services
    wincom32
    ddxgb

    :files
    C:\WINDOWS\system32\guyohimu.dll
    c:\windows\system32\jijejeju.dll
    C:\WINDOWS\system32\pujojiwu.dll
    c:\windows\system32\rotawapo.dll
    C:\WINDOWS\system32\horarugo.dll
    C:\DOCUME~1\Ruben\LOCALS~1\Temp\ddxgb.sys
    C:\WINDOWS\system32\wincom32.sys


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    4 Janvier 2009 17:53:59

    Je n'ai pas trouver cette ligne :

    O4 - HKLM\..\Run: [b40636e9] rundll32.exe "C:\WINDOWS\system32\pujojiwu.dll",b
    a b 8 Sécurité
    4 Janvier 2009 17:54:29

    Pas grave ;) 
    4 Janvier 2009 17:55:04

    ok ;) 
    4 Janvier 2009 17:57:05

    ========== SERVICES/DRIVERS ==========
    Service wincom32 stopped successfully.
    Service wincom32 deleted successfully.
    Service ddxgb stopped successfully.
    Service ddxgb deleted successfully.
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\guyohimu.dll
    C:\WINDOWS\system32\guyohimu.dll NOT unregistered.
    C:\WINDOWS\system32\guyohimu.dll moved successfully.
    DllUnregisterServer procedure not found in c:\windows\system32\jijejeju.dll
    c:\windows\system32\jijejeju.dll NOT unregistered.
    c:\windows\system32\jijejeju.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\pujojiwu.dll
    C:\WINDOWS\system32\pujojiwu.dll NOT unregistered.
    C:\WINDOWS\system32\pujojiwu.dll moved successfully.
    File/Folder c:\windows\system32\rotawapo.dll not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\horarugo.dll
    C:\WINDOWS\system32\horarugo.dll NOT unregistered.
    C:\WINDOWS\system32\horarugo.dll moved successfully.
    File/Folder C:\DOCUME~1\Ruben\LOCALS~1\Temp\ddxgb.sys not found.
    File/Folder C:\WINDOWS\system32\wincom32.sys not found.

    OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01042009_175548
    a b 8 Sécurité
    4 Janvier 2009 18:34:15

    Reposte un rapport Hijackthis.
    4 Janvier 2009 18:38:48

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:38, on 2009-01-04
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\uu7px3do.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {f77351f1-2f42-4092-a979-c1d6a9023b24} - C:\WINDOWS\system32\kutakobi.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CPMb7350575] Rundll32.exe "c:\windows\system32\kufiselu.dll",a
    O4 - HKLM\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKUS\S-1-5-19\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\Run: [nufikelalo] Rundll32.exe "C:\WINDOWS\system32\guyohimu.dll",s (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab509...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
    O20 - AppInit_DLLs: c:\windows\system32\kufiselu.dll,C:\WINDOWS\system32\horarugo.dll c:\windows\system32\jijejeju.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kufiselu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kufiselu.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9998 bytes
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS