Salut à toi et tout d'abord merci pour ton assistance...
J'admire le mec qui a créé cette vermine infame de virtumonde, c'est un vrai cauchemard.... J'ai très récemment reformaté mon pc et installé avant toute chose Kaspersky 2009, Spybot et Adaware, tous 3 parfaitement à jour....et devine quoi...Je me retape cette saloperie!
Voici donc les infos que tu demandes contre ton aide:
*Rapports DSS après tentative de désinfection avec VundoFix:
-moved.txt:
Directories/Files moved to C:\Deckard\System Scanner\backup
2008-07-01 17:45:33 46 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\atmadm2.exe.bat
2008-07-01 17:45:32 47 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe.bat
2008-07-01 17:47:08 911046 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\caevents.log
2008-06-27 17:49:18 36864 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CmdLineExt02.dll
2008-06-30 18:22:02 8240544 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DivXInstaller.exe <Verified; DivX, Inc.; >
2008-07-01 17:44:41 44 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dssec.exe.bat
2008-06-26 19:54:02 610 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GEARInstall.log
2008-06-30 22:25:59 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hsperfdata_Administrator
2008-06-30 18:22:20 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp
2008-07-01 17:45:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP
2008-07-01 17:45:33 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP
2008-06-25 22:00:56 23569 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install.log
2008-07-01 16:57:14 3075 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_reg.log
2008-06-26 10:55:59 1163 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_sp.log
2008-06-26 10:47:18 8265 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jinstall.cfg
2008-07-02 14:22:53 9046 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jusched.log
2008-06-30 16:43:29 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jv16PT_2007
2008-06-28 07:57:24 3426690 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-06-28-07-55-24.log
2008-06-29 17:15:19 3415000 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-06-29-17-14-19.log
2008-07-01 17:47:09 4162078 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-07-01-17-44-58.log
2008-06-28 07:57:24 6757 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-06-28-07-55-24.log
2008-06-29 17:15:19 6654 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-06-29-17-14-19.log
2008-07-01 17:47:09 7175 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-07-01-17-44-58.log
2008-06-29 17:14:39 3940 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 1700) 2008-06-29 17-14-38.log
2008-06-29 17:14:32 7531 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 324) 2008-06-29 17-14-32.log
2008-06-29 17:14:34 10481 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 324) 2008-06-29 17-14-34.log
2008-07-01 17:45:17 8181 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3272) 2008-07-01 17-45-17.log
2008-07-01 17:45:18 16668 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3272) 2008-07-01 17-45-18.log
2008-06-28 07:56:26 7711 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3448) 2008-06-28 07-56-26.log
2008-06-28 07:56:28 10726 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3448) 2008-06-28 07-56-28.log
2008-07-01 17:45:23 4100 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3768) 2008-07-01 17-45-23.log
2008-06-28 07:56:38 3940 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 4028) 2008-06-28 07-56-38.log
2008-07-01 17:44:42 44 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\media.php.bat
2008-07-01 16:33:51 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache
2008-06-30 18:20:54 34 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod4.tmp
2008-06-30 18:22:02 34 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod5.tmp
2008-06-29 21:26:47 1224 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Silverlight0.log
2008-06-29 21:26:47 176206 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SilverlightMSI.log
2008-06-27 17:49:18 12067 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntf16.dll
2008-06-27 17:49:18 19924 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntf32.dll
2008-06-27 17:49:22 4592 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntfIcn.ani
2008-06-27 17:49:18 24516 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntfNT.dll
2008-06-28 07:55:26 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp33.tmp
2008-06-29 17:14:20 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA.tmp
2008-07-01 17:44:59 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp
2003-05-20 04:22:26 307200 -----n--- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\war3_Install.exe <Not Verified; Blizzard Entertainment; Frozen Throne Installer>
2008-07-02 14:01:30 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER3e83.dir00
2008-06-26 21:20:37 1408 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmplog00.sqm
2008-07-02 14:17:45 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPDNSE
2008-06-26 11:15:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{87849F8C-770E-45CA-8CA9-5E40D5B1773F}
2008-06-30 16:01:14 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{8B3FAD83-CF61-487C-A824-7F565C5A6B69}
2008-07-01 17:47:02 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
2008-06-28 07:51:22 597 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{AC76BA86-7AD7-1036-7B44-A81200000003}.ini
2008-06-30 16:01:14 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8E90355-CB9F-42DB-9AEB-4D4B1D4519B1}
2008-06-26 20:32:09 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{E14936DC-6C1E-41EC-9477-295012DB0F25}
2008-07-02 14:06:56 32768 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9F20.tmp
2008-06-25 17:20:39 20865 --a------ C:\WINDOWS\temp\IntelGFX.log
2008-06-24 18:18:27 6019 --a------ C:\WINDOWS\temp\NetFxUpdate_v1.1.4322.log
2008-07-01 17:51:01 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_950.dat
2008-07-02 14:17:24 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-06-26 20:04:52 0 d-------- C:\WINDOWS\temp\_avast4_
2007-10-18 10:04:16 341296 --a------ C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll <Verified; Hewlett-Packard Co.; HPDEXAXO>
-*- End of Logfile -*-
-extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Genuine Intel(R) CPU T1300 @ 1.66GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 1526.05 MiB / 1170.28 MiB
Pagefile Memory (total/avail): 3422.51 MiB / 3212.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1872.11 MiB
C: is Fixed (NTFS) - 19.53 GiB total, 11.62 GiB free.
D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
E: is CDROM (UDF)
\\.\PHYSICALDRIVE0 - FUJITSU MHW2080BH - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BILLGAFF-89EFD5
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\BILLGAFF-89EFD5
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=BILLGAFF-89EFD5
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
billgaffe [I](admin)
/I
Administrator [I](admin)
/I
-- Add/Remove Programs ---------------------------------------------------------
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpl30a5a.inf
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.9.5 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Microsoft Compression Client Pack 1.0 for Windows XP -->
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 -->
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
RegSupreme Pro --> "C:\Program Files\RegSupreme Pro\unins000.exe"
Satsuki Decoder Pack 4000 --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime -->
-- Application Event Log -------------------------------------------------------
Event Record #/Type293 / Error
Event Submitted/Written: 07/02/2008 02:01:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type289 / Error
Event Submitted/Written: 07/02/2008 00:29:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type285 / Error
Event Submitted/Written: 07/02/2008 02:45:58 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type249 / Success
Event Submitted/Written: 07/01/2008 04:26:31 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type197 / Error
Event Submitted/Written: 06/28/2008 08:12:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2055 / Warning
Event Submitted/Written: 07/02/2008 02:22:52 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type2010 / Warning
Event Submitted/Written: 07/02/2008 02:02:36 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type2009 / Warning
Event Submitted/Written: 07/02/2008 02:02:35 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1937 / Warning
Event Submitted/Written: 07/02/2008 00:31:09 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1928 / Warning
Event Submitted/Written: 07/02/2008 00:17:39 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0018DE7EE42C. The IP address being used is 169.254.187.245.
-- End of Deckard's System Scanner: finished at 2008-07-02 14:39:31 ------------
-main.txt:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-02 14:35:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
30: 2008-07-02 12:36:03 UTC - RP30 - Deckard's System Scanner Restore Point
29: 2008-07-01 15:51:00 UTC - RP29 - Last known good configuration
28: 2008-07-01 15:50:54 UTC - RP28 - Installed Kaspersky Internet Security 2009.
27: 2008-07-01 15:50:54 UTC - RP27 - Removed Kaspersky Anti-Virus 7.0.
26: 2008-07-01 15:50:53 UTC - RP26 - clean
-- First Restore Point --
1: 2008-07-01 15:50:47 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:17, on 02/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ecogle.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} - (no file)
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\ljJCsppQ.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {74200AD9-50E4-4965-8CB7-7E70AE26E8F3} - C:\WINDOWS\system32\hgGyyaaA.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BA835039-A72D-4005-A135-2A1AC6EB9F6D} - C:\WINDOWS\system32\fccDuttq.dll (file missing)
O2 - BHO: (no name) - {BDD85FFD-C3B7-444C-A5CD-BC7307E0D887} - C:\WINDOWS\system32\hgGvuSkI.dll (file missing)
O2 - BHO: (no name) - {C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F} - (no file)
O2 - BHO: (no name) - {EBD82173-92C5-42F9-8A62-B573912E1F7B} - (no file)
O2 - BHO: (no name) - {F8906697-EC80-4E8A-9056-7BB1396F8C86} - C:\WINDOWS\system32\tuvwUNdb.dll (file missing)
O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [e8b8a1d3] rundll32.exe "C:\WINDOWS\system32\yekiwhur.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: ljJCsppQ - C:\WINDOWS\SYSTEM32\ljJCsppQ.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
End of file - 6909 bytes
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\HPQ0006\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0006\2&DABA3FF&0
Service:
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: HDAUDIO Soft Data Fax Modem with SmartCP
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_5047&SUBSYS_103C30A5&REV_1000\4&2BB472F0&0&0002
Manufacturer: CXT
Name: HDAUDIO Soft Data Fax Modem with SmartCP
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_5047&SUBSYS_103C30A5&REV_1000\4&2BB472F0&0&0002
Service: Modem
Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Description: Microsoft ACPI-Compliant Control Method Battery
Device ID: ACPI\PNP0C0A\1
Manufacturer: Microsoft
Name: Microsoft ACPI-Compliant Control Method Battery
PNP Device ID: ACPI\PNP0C0A\1
Service: CmBatt
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30A5103C&REV_01\3&B1BFB68&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30A5103C&REV_01\3&B1BFB68&0&FB
Service:
-- Files created between 2008-06-02 and 2008-07-02 -----------------------------
2008-07-02 14:37:08 0 d-------- C:\Program Files\Trend Micro
2008-07-02 14:08:28 91520 --a------ C:\WINDOWS\system32\yekiwhur.dll
2008-07-02 14:07:17 0 d-------- C:\VundoFix Backups
2008-07-02 03:46:08 142717 --ahs---- C:\WINDOWS\system32\bdNUwvut.ini2
2008-07-01 23:11:03 130101 --ahs---- C:\WINDOWS\system32\IkSuvGgh.ini2
2008-07-01 17:53:19 92032 --a------ C:\WINDOWS\system32\wxhbdnkd.dll
2008-07-01 17:50:37 1267 --ahs---- C:\WINDOWS\system32\qttuDccf.ini2
2008-07-01 17:46:42 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-01 17:46:41 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-01 17:45:47 147488 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-01 17:45:47 738336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-01 17:45:47 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-01 17:45:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-01 17:45:33 28288 --a------ C:\WINDOWS\system32\nnnkJywX.dll
2008-07-01 17:45:28 28288 --a------ C:\WINDOWS\system32\ljJCsppQ.dll
2008-07-01 17:44:53 81920 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-01 17:44:53 94208 --a------ C:\WINDOWS\eolk.exe
2008-06-30 22:37:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-06-30 18:22:14 0 d-------- C:\Program Files\DivX
2008-06-30 15:20:35 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-30 15:20:34 0 d-------- C:\Program Files\DVD Shrink
2008-06-29 21:26:47 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-29 17:10:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-06-29 17:10:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-06-28 07:55:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-28 07:51:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-28 07:51:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-28 07:41:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-06-28 07:39:48 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-28 05:36:40 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-28 05:32:29 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-28 05:32:21 0 d-------- C:\Program Files\Windows Live
2008-06-28 05:32:12 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-27 17:34:39 106732 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 17:34:38 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-27 17:34:38 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-27 17:30:02 0 d-------- C:\Program Files\Warcraft III
2008-06-26 19:53:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-26 10:56:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 22:01:21 0 d-------- C:\WINDOWS\Sun
2008-06-25 22:01:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-25 22:00:44 0 d-------- C:\Program Files\Java
2008-06-25 22:00:06 0 d-------- C:\Program Files\Common Files\Java
2008-06-25 18:24:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-25 18:22:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-25 18:20:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-25 18:18:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-06-25 18:11:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-25 18:10:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-25 18:10:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-25 18:10:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-25 18:10:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-25 18:10:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-25 18:10:39 2883584 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-25 18:10:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-25 18:10:39 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-25 18:10:39 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-25 18:10:39 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-25 18:10:39 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-25 18:10:39 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-25 18:10:39 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-25 18:03:09 0 d-------- C:\Program Files\RegSupreme Pro
2008-06-25 17:57:52 0 d-------- C:\Program Files\Satsuki Decoder Pack
2008-06-25 17:57:17 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-25 17:57:15 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-06-25 17:57:15 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2008-06-25 17:57:14 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-25 17:57:14 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-25 17:57:14 2121235 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-06-25 17:57:14 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-06-25 17:57:14 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-06-25 17:57:14 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2008-06-25 17:57:13 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-25 17:57:13 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-25 17:57:13 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-25 17:57:11 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-25 17:55:33 0 d-------- C:\Program Files\VideoLAN
2008-06-25 17:54:13 0 d-------- C:\Program Files\uTorrent
2008-06-25 17:54:09 0 d-------- C:\Documents and Settings\billgaffe\Application Data\uTorrent
2008-06-25 17:51:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 17:45:52 0 d-------- C:\Program Files\Lavasoft
2008-06-25 17:45:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 17:45:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 17:43:58 0 d-------- C:\Program Files\SP35954
2008-06-25 17:24:29 0 d-------- C:\Documents and Settings\billgaffe\Application Data\Macromedia
2008-06-25 17:24:28 0 d-------- C:\Documents and Settings\billgaffe\Application Data\Adobe
2008-06-25 17:20:12 0 d-------- C:\WINDOWS\system32\Lang
2008-06-25 17:20:12 397312 --a------ C:\WINDOWS\system32\igxpun.exe <Not Verified; Intel(R) Corporation; Intel(R) Graphics Media Accelerator Driver>
2008-06-25 17:20:12 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-25 17:20:03 0 d-------- C:\swsetup
2008-06-25 17:10:26 0 d-------- C:\Program Files\HP
2008-06-25 17:10:25 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-25 16:59:35 0 dr-h----- C:\Documents and Settings\billgaffe\Recent
2008-06-24 19:29:06 0 d--hs---- C:\WINDOWS\Installer
2008-06-24 19:29:05 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-24 19:29:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-24 19:29:00 0 dr------- C:\Program Files
2008-06-24 19:29:00 0 d-------- C:\Program Files\Common Files
2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-24 19:28:24 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-24 19:28:24 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-24 19:28:24 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-24 19:28:24 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2008-06-24 19:28:24 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-24 19:28:24 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-24 19:28:24 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-24 19:28:24 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-24 19:28:09 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-24 19:28:09 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-24 19:28:03 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-24 19:28:03 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-24 19:28:03 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-24 19:28:03 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-24 19:27:14 0 d-------- C:\Documents and Settings
2008-06-24 19:27:13 0 d--hs---- C:\System Volume Information
2008-06-24 19:21:26 0 d-------- C:\WINDOWS
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\WinSxS
2008-06-24 19:21:26 0 dr------- C:\WINDOWS\Web
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\twain_32
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\wins
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\wbem
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\usmt
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\spool
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\Setup
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\scripting
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\ras
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\oobe
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\npp
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\mui
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\IME
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\ias
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\export
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\en
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\drivers
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-24 19:21:26 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\config
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\3076
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\2052
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1054
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1042
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1041
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1037
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1033
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1031
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1028
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system32\1025
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\system
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\security
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Resources
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\repair
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Provisioning
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\PeerNet
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\pchealth
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Offline Web Pages
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\NLDRV
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Network Diagnostic
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\mui
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\msapps
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\msagent
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Media
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\L2Schemas
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\java
2008-06-24 19:21:26 0 d--h----- C:\WINDOWS\inf
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\ime
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Help
2008-06-24 19:21:26 0 dr--s---- C:\WINDOWS\Fonts
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\ehome
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Driver Cache
2008-06-24 19:21:26 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Debug
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Cursors
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\Config
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\AppPatch
2008-06-24 19:21:26 0 d-------- C:\WINDOWS\addins
2008-06-24 18:09:10 0 d-------- C:\Program Files\Synaptics
2008-06-24 18:09:09 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-24 18:08:30 0 d-------- C:\Program Files\CONEXANT
2008-06-24 18:00:17 0 d-------- C:\WINDOWS\system32\URTTemp
2008-06-24 17:53:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-24 17:53:42 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-24 17:52:39 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-24 17:48:52 0 d-------- C:\Documents and Settings\billgaffe\Application Data\Identities
2008-06-24 17:48:46 0 d--h----- C:\Documents and Settings\billgaffe\Templates
2008-06-24 17:48:46 0 dr------- C:\Documents and Settings\billgaffe\Start Menu
2008-06-24 17:48:46 0 dr-h----- C:\Documents and Settings\billgaffe\SendTo
2008-06-24 17:48:46 0 d--h----- C:\Documents and Settings\billgaffe\PrintHood
2008-06-24 17:48:46 2359296 --ah----- C:\Documents and Settings\billgaffe\NTUSER.DAT
2008-06-24 17:48:46 0 d--h----- C:\Documents and Settings\billgaffe\NetHood
2008-06-24 17:48:46 0 dr------- C:\Documents and Settings\billgaffe\My Documents
2008-06-24 17:48:46 0 d--h----- C:\Documents and Settings\billgaffe\Local Settings
2008-06-24 17:48:46 0 dr------- C:\Documents and Settings\billgaffe\Favorites
2008-06-24 17:48:46 0 d-------- C:\Documents and Settings\billgaffe\Desktop
2008-06-24 17:48:46 0 d--hs---- C:\Documents and Settings\billgaffe\Cookies
2008-06-24 17:48:46 0 dr-h----- C:\Documents and Settings\billgaffe\Application Data
2008-06-24 17:48:46 0 d---s---- C:\Documents and Settings\billgaffe\Application Data\Microsoft
2008-06-24 17:47:31 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-24 17:47:17 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-24 17:47:17 0 d-------- C:\WINDOWS\Prefetch
2008-06-24 17:47:15 245760 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-24 17:47:15 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-24 17:47:15 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-24 17:47:15 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-24 17:47:15 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-24 17:46:59 245760 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-24 17:46:59 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-24 17:46:59 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-06-24 17:46:59 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-24 17:46:59 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-24 17:44:01 0 d-------- C:\WINDOWS\system32\xircom
2008-06-24 17:44:01 0 d-------- C:\Program Files\microsoft frontpage
2008-06-24 17:43:48 245760 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-24 17:43:46 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-24 17:43:43 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-24 17:43:29 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-24 17:43:09 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-24 17:42:44 0 -rahs---- C:\MSDOS.SYS
2008-06-24 17:42:44 0 -rahs---- C:\IO.SYS
2008-06-24 17:42:44 0 --a------ C:\CONFIG.SYS
2008-06-24 17:42:44 0 --a------ C:\AUTOEXEC.BAT
2008-06-24 17:41:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-24 17:41:27 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-24 17:41:02 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-24 17:40:37 0 d---s---- C:\WINDOWS\Tasks
2008-06-24 17:40:36 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-24 17:40:30 0 d-------- C:\WINDOWS\srchasst
2008-06-24 17:40:29 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-24 17:40:19 0 d-------- C:\Program Files\Movie Maker
2008-06-24 17:39:52 0 d-------- C:\WINDOWS\system32\Restore
2008-06-24 17:38:55 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-24 17:38:36 0 d-------- C:\WINDOWS\Registration
2008-06-24 17:38:14 0 d-------- C:\Program Files\System
2008-06-24 17:38:13 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-24 17:38:13 398416 --a------ C:\WINDOWS\system\vbrun300.dll <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-06-24 17:38:13 356992 --a------ C:\WINDOWS\system\vbrun200.dll <Not Verified; Microsoft Corporation; Visual Basic 2.0>
2008-06-24 17:38:13 271264 --a------ C:\WINDOWS\system\vbrun100.dll
2008-06-24 17:38:12 722192 --a------ C:\WINDOWS\system32\vb40032.dll <Not Verified; Microsoft Corporation; Visual Basic 4.0>
2008-06-24 17:38:12 935632 --a------ C:\WINDOWS\system\vb40016.dll <Not Verified; Microsoft Corporation; Visual Basic 4.0>
2008-06-24 17:38:11 32768 --a------ C:\WINDOWS\system\PLUGIN.DLL <Not Verified; Adobe Systems, Inc.; Adobe Photoshop>
2008-06-24 17:38:11 210944 --a------ C:\WINDOWS\system\MSVCRT10.DLL
2008-06-24 17:38:10 94208 --a------ C:\WINDOWS\system32\msstkprp.dll <Not Verified; Microsoft Corporation; msprop32>
2008-06-24 17:38:10 119808 --a------ C:\WINDOWS\system32\msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-24 17:38:05 2789468 --a------ C:\WINDOWS\system32\libmmd.dll <Not Verified; Intel Corporation; Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler>
2008-06-24 17:38:05 101888 --a------ C:\WINDOWS\system32\libintl3.dll <Not Verified; GNU <www.gnu.org>; GetText>
2008-06-24 17:38:05 898048 --a------ C:\WINDOWS\system32\libiconv2.dll <Not Verified; GNU <www.gnu.org>; LibIconv>
2008-06-24 17:38:04 394752 --a------ C:\WINDOWS\system32\cygwinb19.dll
2008-06-24 17:38:03 1872666 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-06-24 17:37:54 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-24 17:37:07 0 d-------- C:\Program Files\Windows NT
2008-06-24 17:37:02 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-24 17:36:59 0 d-------- C:\WINDOWS\system32\Com
-- Find3M Report ---------------------------------------------------------------
2008-06-24 19:28:24 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-04-24 04:26:23 1614848 --a------ C:\WINDOWS\system32\sfcfiles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-24 04:25:38 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-24 04:21:45 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2008-04-24 04:21:32 501760 --a------ C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Uniscribe Unicode script processor>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}]
01/07/2008 17:45 28288 --a------ C:\WINDOWS\system32\ljJCsppQ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
25/04/2008 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74200AD9-50E4-4965-8CB7-7E70AE26E8F3}]
C:\WINDOWS\system32\hgGyyaaA.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA835039-A72D-4005-A135-2A1AC6EB9F6D}]
C:\WINDOWS\system32\fccDuttq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD85FFD-C3B7-444C-A5CD-BC7307E0D887}]
C:\WINDOWS\system32\hgGvuSkI.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBD82173-92C5-42F9-8A62-B573912E1F7B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8906697-EC80-4E8A-9056-7BB1396F8C86}]
C:\WINDOWS\system32\tuvwUNdb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [14/08/2006 14:39]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [14/08/2006 14:41]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [14/08/2006 14:38]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25/04/2008 18:21]
"e8b8a1d3"="C:\WINDOWS\system32\yekiwhur.dll" [02/07/2008 14:08]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_2"=regsvr32 /s /n /i:U shell32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{28220052-D9A9-44B1-AB98-EDC594D238B6}"= C:\WINDOWS\system32\ljJCsppQ.dll [01/07/2008 17:45 28288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCsppQ]
ljJCsppQ.dll 01/07/2008 17:45 28288 C:\WINDOWS\system32\ljJCsppQ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGyyaaA
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa640f68-42c6-11dd-85e9-0016d49b1b1b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa640f69-42c6-11dd-85e9-0016d49b1b1b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa640f6a-42c6-11dd-85e9-0016d49b1b1b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8772 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-02 14:39:31 ------------
*Rapport VirtumundoBeGone après 2nde tentative en mode sans échec:
[07/02/2008, 15:16:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
[07/02/2008, 15:16:18] - Detected System Information:
[07/02/2008, 15:16:18] - Windows Version: 5.1.2600, Service Pack 3
[07/02/2008, 15:16:18] - Current Username: Administrator (Admin)
[07/02/2008, 15:16:18] - Windows is in SAFE mode with Networking.
[07/02/2008, 15:16:18] - Searching for Browser Helper Objects:
[07/02/2008, 15:16:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/02/2008, 15:16:18] - BHO 2: {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} ()
[07/02/2008, 15:16:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:18] - No filename found. Continuing.
[07/02/2008, 15:16:18] - BHO 3: {28220052-D9A9-44B1-AB98-EDC594D238B6} ()
[07/02/2008, 15:16:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:18] - Checking for HKLM\...\Winlogon\Notify\ljJCsppQ
[07/02/2008, 15:16:18] - Found: HKLM\...\Winlogon\Notify\ljJCsppQ - This is probably Virtumundo.
[07/02/2008, 15:16:18] - Assigning {28220052-D9A9-44B1-AB98-EDC594D238B6} MSEvents Object
[07/02/2008, 15:16:18] - BHO list has been changed! Starting over...
[07/02/2008, 15:16:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/02/2008, 15:16:18] - BHO 2: {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} ()
[07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:19] - No filename found. Continuing.
[07/02/2008, 15:16:19] - BHO 3: {28220052-D9A9-44B1-AB98-EDC594D238B6} (MSEvents Object)
[07/02/2008, 15:16:19] - ALERT: Found MSEvents Object!
[07/02/2008, 15:16:19] - BHO 4: {438719BC-356F-4109-A966-111CE178211B} ()
[07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:19] - Checking for HKLM\...\Winlogon\Notify\cbXpQkLE
[07/02/2008, 15:16:19] - Key not found: HKLM\...\Winlogon\Notify\cbXpQkLE, continuing.
[07/02/2008, 15:16:19] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/02/2008, 15:16:19] - BHO 6: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO Class)
[07/02/2008, 15:16:19] - BHO 7: {74200AD9-50E4-4965-8CB7-7E70AE26E8F3} ()
[07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:19] - Checking for HKLM\...\Winlogon\Notify\hgGyyaaA
[07/02/2008, 15:16:19] - Key not found: HKLM\...\Winlogon\Notify\hgGyyaaA, continuing.
[07/02/2008, 15:16:19] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/02/2008, 15:16:19] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:19] - No filename found. Continuing.
[07/02/2008, 15:16:19] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/02/2008, 15:16:19] - BHO 11: {BA835039-A72D-4005-A135-2A1AC6EB9F6D} ()
[07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:19] - Checking for HKLM\...\Winlogon\Notify\fccDuttq
[07/02/2008, 15:16:19] - Key not found: HKLM\...\Winlogon\Notify\fccDuttq, continuing.
[07/02/2008, 15:16:19] - BHO 12: {BDD85FFD-C3B7-444C-A5CD-BC7307E0D887} ()
[07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:19] - Checking for HKLM\...\Winlogon\Notify\hgGvuSkI
[07/02/2008, 15:16:19] - Key not found: HKLM\...\Winlogon\Notify\hgGvuSkI, continuing.
[07/02/2008, 15:16:19] - BHO 13: {C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F} ()
[07/02/2008, 15:16:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:19] - No filename found. Continuing.
[07/02/2008, 15:16:19] - BHO 14: {EBD82173-92C5-42F9-8A62-B573912E1F7B} ()
[07/02/2008, 15:16:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:20] - No filename found. Continuing.
[07/02/2008, 15:16:20] - BHO 15: {F8906697-EC80-4E8A-9056-7BB1396F8C86} ()
[07/02/2008, 15:16:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 15:16:20] - Checking for HKLM\...\Winlogon\Notify\tuvwUNdb
[07/02/2008, 15:16:20] - Key not found: HKLM\...\Winlogon\Notify\tuvwUNdb, continuing.
[07/02/2008, 15:16:20] - Finished Searching Browser Helper Objects
[07/02/2008, 15:16:20] - *** Detected MSEvents Object
[07/02/2008, 15:16:20] - Trying to remove MSEvents Object...
[07/02/2008, 15:16:21] - Terminating Process: IEXPLORE.EXE
[07/02/2008, 15:16:21] - Terminating Process: RUNDLL32.EXE
[07/02/2008, 15:16:21] - Disabling Automatic Shell Restart
[07/02/2008, 15:16:21] - Terminating Process: EXPLORER.EXE
[07/02/2008, 15:16:21] - Suspending the NT Session Manager System Service
[07/02/2008, 15:16:21] - Terminating Windows NT Logon/Logoff Manager
[07/02/2008, 15:16:22] - Re-enabling Automatic Shell Restart
[07/02/2008, 15:16:22] - File to disable: C:\WINDOWS\system32\ljJCsppQ.dll
[07/02/2008, 15:16:22] - Renaming C:\WINDOWS\system32\ljJCsppQ.dll -> C:\WINDOWS\system32\ljJCsppQ.dll.vir
[07/02/2008, 15:16:22] - File successfully renamed!
[07/02/2008, 15:16:22] - Removing HKLM\...\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}
[07/02/2008, 15:16:22] - Removing HKCR\CLSID\{28220052-D9A9-44B1-AB98-EDC594D238B6}
[07/02/2008, 15:16:22] - Adding Kill Bit for ActiveX for GUID: {28220052-D9A9-44B1-AB98-EDC594D238B6}
[07/02/2008, 15:16:22] - Deleting ATLEvents/MSEvents Registry entries
[07/02/2008, 15:16:22] - Removing HKLM\...\Winlogon\Notify\ljJCsppQ
[07/02/2008, 15:16:22] - Searching for Browser Helper Objects:
[07/02/2008, 15:16:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/02/2008, 15:16:22] - BHO 2: {08EC4AD6-5FBB-4E69
TribuFo, le mercredi 15 février 2006 à 15:41:02