maouss

Bonjour, Que dois-je faire maintenant ? Y-a-t-il toujours win32 ? Merci de me répondre.

Bonjour, Ci-après le rapport de smitfraufix + rapport hijackthis : SmitFraudFix v2.171 Rapport fait à 8:32:03,68, 20/04/2007 Executé à partir de C:\Documents and Settings\Nathalie\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nathalie »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nathalie\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NATHALIE\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Palladia 300/400 Usb Adsl Modem #3 - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5B10C8B-EEE2-4256-82DC-1DF8B33E5BBB}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B5B10C8B-EEE2-4256-82DC-1DF8B33E5BBB}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{B5B10C8B-EEE2-4256-82DC-1DF8B33E5BBB}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Logfile of HijackThis v1.99.1 Scan saved at 09:04 Nathalie, on 20/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {39F64A9C-963E-41A8-A7A6-0F785F2EAA78} - C:\WINDOWS\system32\kvugkhwp.dll O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ssneydkh.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7B278C59-AB49-4F36-8C33-4DC040DB1034} - C:\WINDOWS\system32\kvugkhwp.dll O2 - BHO: (no name) - {7BF9F18C-E294-45E7-BCCB-9FDC9E9AC3EB} - C:\WINDOWS\system32\pmkhf.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O2 - BHO: (no name) - {E861E125-5ECA-40C8-A503-0CED98ABF7E5} - C:\WINDOWS\system32\kvugkhwp.dll O2 - BHO: (no name) - {F278BBB7-EF6E-4018-AC6F-CF66CA4F25F9} - C:\WINDOWS\system32\kvugkhwp.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: vtustsr - vtustsr.dll (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

J'ai effectué les manips demandées. Ci-après tous les "rapports" collectés : Bon courage ! VundoFix V6.3.19 Checking Java version... Java version is 1.4.2.1 Old versions of java are exploitable and should be removed. Java version is 1.4.2.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 13:15:00 Nathalie 19/04/2007 Listing files found while scanning.... C:\WINDOWS\system32\eksjllcr.dll C:\WINDOWS\system32\fhkmp.bak1 C:\WINDOWS\system32\fhkmp.bak2 C:\WINDOWS\system32\fhkmp.ini C:\WINDOWS\system32\fhkmp.ini2 C:\WINDOWS\system32\fhkmp.tmp C:\WINDOWS\system32\hjkkj.ini C:\WINDOWS\system32\hswcslvm.dll C:\WINDOWS\system32\jkkjh.dll C:\WINDOWS\system32\jrtgioea.dll C:\WINDOWS\system32\kkymlmfx.dll C:\WINDOWS\system32\nvqnvdlp.dll C:\WINDOWS\system32\pmkhf.dll C:\WINDOWS\system32\qghhyhsk.dll C:\WINDOWS\system32\qupcxfly.dll C:\WINDOWS\system32\roipxblw.ini C:\WINDOWS\system32\ssneydkh.dll C:\WINDOWS\system32\tgrvknsa.dll C:\WINDOWS\system32\tvbauxyp.dll C:\WINDOWS\system32\ugdsrvno.dll C:\WINDOWS\system32\vtustsr.dll C:\WINDOWS\system32\wlbxpior.dll C:\WINDOWS\system32\xfmlmykk.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\eksjllcr.dll C:\WINDOWS\system32\eksjllcr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fhkmp.bak1 C:\WINDOWS\system32\fhkmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\fhkmp.bak2 C:\WINDOWS\system32\fhkmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\fhkmp.ini C:\WINDOWS\system32\fhkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\fhkmp.ini2 C:\WINDOWS\system32\fhkmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\fhkmp.tmp C:\WINDOWS\system32\fhkmp.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\hjkkj.ini C:\WINDOWS\system32\hjkkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jkkjh.dll C:\WINDOWS\system32\jkkjh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jrtgioea.dll C:\WINDOWS\system32\jrtgioea.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kkymlmfx.dll C:\WINDOWS\system32\kkymlmfx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nvqnvdlp.dll C:\WINDOWS\system32\nvqnvdlp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkhf.dll C:\WINDOWS\system32\pmkhf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qghhyhsk.dll C:\WINDOWS\system32\qghhyhsk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qupcxfly.dll C:\WINDOWS\system32\qupcxfly.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\roipxblw.ini C:\WINDOWS\system32\roipxblw.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ssneydkh.dll C:\WINDOWS\system32\ssneydkh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tgrvknsa.dll C:\WINDOWS\system32\tgrvknsa.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ugdsrvno.dll C:\WINDOWS\system32\ugdsrvno.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wlbxpior.dll C:\WINDOWS\system32\wlbxpior.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xfmlmykk.ini C:\WINDOWS\system32\xfmlmykk.ini Has been deleted! Performing Repairs to the registry. Done! Search Navipromo version 1.1.5 commencé le 19/04/2007 à 14:02:18,07 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Documents and Settings\Nathalie\Bureau Mise a jour le 13.04.2007 a 20h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Nathalie\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of April, 2007. Version information: 2.2.1061. [+] Started on 04/19/07 at 14:02:19. [-] ERROR: F-Secure BlackLight could not acquire debug privileges. [+] Exited on 04/19/07 at 14:02:19 (return code = 3). *** Recherche fichiers *** *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * ** C:\WINDOWS\system32\bfpzneuw.dat trouvé ! *** **** ***** ****** ******* ******** *** Analyse Terminé le 19/04/2007 à 14:02:34,57 *** Deckard's System Scanner v20070411.38 Run by Nathalie on 2007-04-19 at 14:04:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 41: 2007-04-19 12:05:22 UTC - RP846 - Deckard's System Scanner Restore Point 40: 2007-04-18 20:35:48 UTC - RP845 - Point de vérification système 39: 2007-04-17 19:36:28 UTC - RP844 - Point de vérification système 38: 2007-04-16 11:53:08 UTC - RP843 - Point de vérification système 37: 2007-04-15 11:33:08 UTC - RP842 - Point de vérification système -- First Restore Point -- 1: 2007-03-24 19:23:56 UTC - RP806 - Installation de pilote non signé Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-04-19 14:09:25 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.0.5730.11) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\explorer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Nathalie\Bureau\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: (no name) - {39F64A9C-963E-41A8-A7A6-0F785F2EAA78} - C:\WINDOWS\system32\kvugkhwp.dll O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ssneydkh.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7B278C59-AB49-4F36-8C33-4DC040DB1034} - C:\WINDOWS\system32\kvugkhwp.dll O2 - BHO: (no name) - {7BF9F18C-E294-45E7-BCCB-9FDC9E9AC3EB} - C:\WINDOWS\system32\pmkhf.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O2 - BHO: (no name) - {E861E125-5ECA-40C8-A503-0CED98ABF7E5} - C:\WINDOWS\system32\kvugkhwp.dll O2 - BHO: (no name) - {F278BBB7-EF6E-4018-AC6F-CF66CA4F25F9} - C:\WINDOWS\system32\kvugkhwp.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE O4 - HKLM\..\Run: [disk monitor] c:\program files\generic\usb card reader driver v1.9e3\disk_monitor.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [soft help more eq] C:\Documents and Settings\All Users\Application Data\DefaultGramSoftHelp\Remotedrv.exe O4 - HKLM\..\Run: [soundService] rundll32.exe "C:\WINDOWS\system32\kkymlmfx.dll",setvm O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\wlbxpior.dll",setvm O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra 'Tools' menuitem: (no name) - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: teleir_cert () - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000 O16 - DPF: {D27CDB55-0000-0000-0000-000000000000} () - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O18 - Protocol: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: vtustsr - C:\WINDOWS\system32\vtustsr.dll (file missing) O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashServ.exe" O23 - Service: avast! Mail Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service O23 - Service: avast! Web Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - Unknown owner - "C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - "C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe" -- HijackThis Fixed Entries (C:\Documents and Settings\Kévin\Bureau\hijackthis\backups\) -------------------------------------------------------------------------------- backup-20050423-193543-622 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank backup-20050423-193543-539 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/ backup-20050423-193543-319 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank backup-20050423-193543-494 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = backup-20050423-193543-309 R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file) backup-20050423-193543-131 O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\system32\winprox.dll backup-20050423-193543-992 O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll backup-20050423-193543-190 O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe backup-20050423-193543-859 O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe backup-20050423-193543-853 O4 - HKCU\..\Run: [Win32 USB2.0 Driver] 386.exe backup-20050423-193543-607 O4 - HKCU\..\Run: [instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess backup-20050423-193543-344 O4 - HKCU\..\Run: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES backup-20050423-193543-867 O4 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe backup-20050423-193543-579 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE backup-20050423-193543-821 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm79689FR backup-20050423-193543-739 O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC..._1029_FR_XP.cab backup-20050423-193543-134 O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c139.cab backup-20050423-193544-310 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab backup-20050423-193544-294 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab backup-20050423-193544-478 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab backup-20050423-193545-665 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.56.77.243/activex/AxisCamControl.cab backup-20050423-193545-271 O18 - Filter: text/html - {3163110E-D499-4773-AEA8-59D1A570CF41} - C:\Documents and Settings\Kévin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat backup-20050501-113316-832 O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file) backup-20050501-113316-289 O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll backup-20050502-082215-947 R3 - Default URLSearchHook is missing backup-20050502-082215-116 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm79689FR backup-20050502-210529-582 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50184 backup-20050502-210529-362 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) backup-20050502-210529-757 O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe backup-20050502-210529-227 O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe backup-20050502-210529-317 O4 - HKCU\..\Run: [Win32 USB2.0 Driver] 386.exe backup-20050502-210529-516 O4 - HKCU\..\Run: [instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess backup-20050502-210529-184 O4 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe backup-20050502-210529-178 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm79689FR backup-20061105-175007-512 R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll backup-20061105-175007-242 O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll backup-20061105-175007-585 O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing) backup-20061105-175007-981 O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll (file missing) backup-20061105-175007-795 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll backup-20061105-175007-733 O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll backup-20061105-175007-199 O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys R1 prodrv04 (Star Force copy protection driver v4) - c:\windows\system32\drivers\prodrv04.sys R2 atksgt - c:\windows\system32\drivers\atksgt.sys R2 DCFS2K (Kodak DCFS2K Driver) - c:\windows\system32\drivers\dcfs2k.sys R2 enodpl - c:\windows\system32\drivers\enodpl.sys R2 Fallback - c:\windows\system32\drivers\c4c_fall.sys R2 Fsks - c:\windows\system32\drivers\c4c_fsks.sys R2 K56 - c:\windows\system32\drivers\c4c_k56k.sys R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys R2 SoftFax - c:\windows\system32\drivers\c4c_faxx.sys R2 tandpl - c:\windows\system32\drivers\tandpl.sys R2 TICalc - c:\windows\system32\drivers\ticalc.sys R2 Tones - c:\windows\system32\drivers\c4c_tone.sys R2 V124 - c:\windows\system32\drivers\c4c_v124.sys R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys R3 C4C_BSC2 - c:\windows\system32\drivers\c4c_bsc2.sys R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys R3 PALLADIA (Palladia 300/400 Usb Adsl Modem) - c:\windows\system32\drivers\usbiad.sys R3 Rksample - c:\windows\system32\drivers\c4c_samp.sys R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys S1 Exportit - c:\windows\system32\drivers\exportit.sys S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing) S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing) S3 CAM1210 (SM0121 USB 2.0 Video Camera) - c:\windows\system32\drivers\cam1210.sys S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys S3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys S3 DcPTP - c:\windows\system32\drivers\dcptp.sys S3 DMSKSSRh - c:\documents and settings\yohan\local settings\temp\dmskssrh.sys S3 DSDrv4 - c:\progra~1\k!tv\plugins\s_bt8x8\dsdrv4.sys (file missing) S3 Maplom - c:\windows\system32\drivers\maplom.sys S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys S3 memsysdrv (Memory System) - c:\windows\system32\drivers\memsysdrv.sys S3 PortlUSB - c:\windows\system32\drivers\mtc.sys S3 sscdbus (SAMSUNG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\sscdbus.sys S3 sscdmdfl (SAMSUNG CDMA Modem Filter) - c:\windows\system32\drivers\sscdmdfl.sys S3 sscdmdm (SAMSUNG CDMA Modem Drivers) - c:\windows\system32\drivers\sscdmdm.sys S3 ssm_bus (SAMSUNG Mobile USB Device II 1.0 driver (WDM)) - c:\windows\system32\drivers\ssm_bus.sys S3 ssm_mdfl (SAMSUNG Mobile USB Modem II 1.0 Filter) - c:\windows\system32\drivers\ssm_mdfl.sys S3 ssm_mdm (SAMSUNG Mobile USB Modem II 1.0 Drivers) - c:\windows\system32\drivers\ssm_mdm.sys S3 usbbus (LGE Mobile Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys S3 UsbDiag (LGE Mobile USB Serial Port) - c:\windows\system32\drivers\lgusbdiag.sys S3 USBModem (LGE Mobile USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 UxTuneUp (TuneUp Design Expansion) - c:\windows\system32\svchost.exe -k netsvcs S3 SC Test Branding Service 1 - "c:\program files\fichiers communs\sc test branding 1 shared\service\sctestservice1.exe" S4 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" (file missing) -- Scheduled Tasks ------------------------------------------------------------- 2007-04-19 14:00:02 266 --ah----- C:\WINDOWS\Tasks\B6797712990AE3C6.job<B67977~1.JOB> 2007-04-19 12:00:02 408 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job<MAINTE~1.JOB> 2007-04-19 09:00:02 402 --ah----- C:\WINDOWS\Tasks\{090DF807-D890-4C8C-B528-C7BC031F1B07}_SALLEÀMANGER_Kévin.job<{090DF~1.JOB> 2007-04-18 18:37:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB> 2007-04-18 16:00:02 402 --ah----- C:\WINDOWS\Tasks\{8868444E-8FCB-42E2-B9F5-9642D65E87BE}_SALLEÀMANGER_Kévin.job<{88684~1.JOB> 2007-04-13 21:00:02 362 --a------ C:\WINDOWS\Tasks\fée_du_logis.job<FÉE_DU~1.JOB> 2007-04-13 17:15:02 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB> 2007-04-13 16:00:02 402 --ah----- C:\WINDOWS\Tasks\{4CA5B36E-F9A4-4FA1-A437-31D869AED1CF}_SALLEÀMANGER_Kévin.job<{4CA5B~1.JOB> -- Files created between 2007-03-19 and 2007-04-19 ----------------------------- 2007-04-19 14:01:57 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-04-19 13:15:00 0 d-------- C:\VundoFix Backups<VUNDOF~1> 2007-04-18 14:11:54 125460 --a------ C:\WINDOWS\system32\hlbxfugu.dll 2007-04-18 10:58:22 125460 --a------ C:\WINDOWS\system32\uhrcakql.dll 2007-04-14 14:43:13 0 d-------- C:\Program Files\VirtualDJ<VIRTUA~3> 2007-04-13 22:48:27 5 --a------ C:\Documents and Settings\Yohan\RavMonLog<RAVMON~1> 2007-04-12 18:25:18 0 d--hs---- C:\FOUND.002 2007-04-11 13:31:49 5 --a------ C:\Documents and Settings\Kévin.SALLEÀMANGER\RavMonLog<RAVMON~1> 2007-04-11 08:01:22 0 d--hs---- C:\FOUND.001 2007-04-07 15:22:47 440832 --a------ C:\icsetup.exe 2007-04-07 03:41:19 0 --a------ C:\Documents and Settings\Jean-Michel\svc012.exe 2007-04-06 22:07:32 5 --a------ C:\Documents and Settings\Nathalie\RavMonLog<RAVMON~1> 2007-04-06 06:14:27 5 --a------ C:\Documents and Settings\Jean-Michel\RavMonLog<RAVMON~1> 2007-04-04 19:07:10 0 d--hs---- C:\FOUND.000 2007-04-04 07:51:41 132116 --a------ C:\WINDOWS\system32\trqlojxl.dll 2007-04-03 21:00:36 39248 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys<LGUSBM~1.SYS> 2007-04-03 21:00:36 38144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys<LGUSBD~1.SYS> 2007-04-03 21:00:36 21344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2007-04-03 21:00:33 0 d-------- C:\Program Files\LG Electronics<LGELEC~1> 2007-04-03 18:20:25 5 --a------ C:\RavMonLog<RAVMON~1> 2007-03-29 21:19:47 132116 --a------ C:\WINDOWS\system32\fdgtlhkd.dll 2007-03-29 20:14:17 132116 --a------ C:\WINDOWS\system32\sobkykfw.dll 2007-03-24 01:53:06 132116 --a------ C:\WINDOWS\system32\dilsuija.dll 2007-03-24 01:29:33 132116 --a------ C:\WINDOWS\system32\lcbiejnt.dll 2007-03-23 22:23:26 54784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-03-23 22:02:33 132116 --a------ C:\WINDOWS\system32\tuvibcgs.dll 2007-03-23 21:53:29 0 d-------- C:\Program Files\PC Camera<PCCAME~1> 2007-03-23 21:46:12 132116 --a------ C:\WINDOWS\system32\rshhoplo.dll 2007-03-23 21:17:44 132116 --a------ C:\WINDOWS\system32\moqfqisc.dll -- Find3M Report --------------------------------------------------------------- 2007-04-14 15:19:06 3580 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-04-14 09:42:44 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-10 13:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-03-17 18:26:52 132116 --a------ C:\WINDOWS\system32\lotequnm.dll 2007-03-17 15:44:48 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-10 18:08:34 131604 --a------ C:\WINDOWS\system32\kvugkhwp.dll 2007-03-10 04:00:36 131604 --a------ C:\WINDOWS\system32\wfldvbgi.dll 2007-03-10 01:25:30 131604 --a------ C:\WINDOWS\system32\jqhhwkak.dll 2007-03-09 15:55:10 131604 --a------ C:\WINDOWS\system32\vybxwlnf.dll 2007-03-08 17:37:50 578560 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:37:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:37:50 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:33:58 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-03 15:44:00 0 d-------- C:\Program Files\Hasbro Interactive<HASBRO~1> 2007-03-03 13:23:18 0 d-------- C:\Program Files\hopemessbook<HOPEME~1> 2007-02-25 20:48:54 0 d-------- C:\Program Files\Tropico 2007-02-25 19:42:56 69792 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT> 2007-02-25 01:19:42 0 d-------- C:\Program Files\Monte Cristo<MONTEC~1> 2007-02-24 14:40:38 0 d-------- C:\Program Files\Wall Street Tycoon<WALLST~1> 2007-02-23 17:49:50 0 d-------- C:\Program Files\Transport Tycoon Deluxe<TRANSP~1> 2007-02-23 03:35:04 0 d-------- C:\Program Files\Dial-Messenger<DIAL-M~1> 2007-02-23 00:32:00 0 d-------- C:\Program Files\IncrediMail<INCRED~1> 2007-02-05 22:19:06 185344 --a------ C:\WINDOWS\system32\upnphost.dll 2007-01-20 10:04:16 46 --a------ C:\AUTOEXEC.BAT 2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "cursorxp"="\"C:\\Program Files\\CursorXP\\CursorXP.exe\" -s" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Steam"="\"c:\\valve\\steam\\steam.exe\" -silent" "msnmsgr"="\"C:\\PROGRA~1\\MSNMES~1\\msnmsgr.exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "sunjavaupdatesched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "soundman"="SOUNDMAN.EXE" "disk monitor"="c:\\program files\\generic\\usb card reader driver v1.9e3\\disk_monitor.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "soft help more eq"="C:\\Documents and Settings\\All Users\\Application Data\\DefaultGramSoftHelp\\Remotedrv.exe" "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\kkymlmfx.dll\",setvm" "PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\wlbxpior.dll\",setvm" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logiciel Kodak EasyShare.lnk" "backup"="C:\\WINDOWS\\pss\\Logiciel Kodak EasyShare.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h" "item"="Logiciel Kodak EasyShare" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SolidWorks Task Scheduler Engine.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\SolidWorks Task Scheduler Engine.lnk" "backup"="C:\\WINDOWS\\pss\\SolidWorks Task Scheduler Engine.lnkCommon Startup" "location"="Common Startup" "command"="C:\\Documents and Settings\\Nathalie\\Bureau\\swScheduler\\swBOEngine.exe " "item"="SolidWorks Task Scheduler Engine" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\WinZip Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Emurayden PSX AutoLauncher" "hkey"="HKLM" "command"="c:\\Program Files\\Emurayden PSX Emulator v2.1\\Emurayden PSX AutoLauncher.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MsnMsgr" "hkey"="HKCU" "command"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="outlook" "hkey"="HKLM" "command"="C:\\Program Files\\outlook\\outlook.exe /auto" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Shareaza" "hkey"="HKCU" "command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" "{0F01FF26-18F5-4613-BFD6-14DE2FBA24C3}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "alualert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtustsr HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ WudfServiceGroup REG_MULTI_SZ WUDFSvc\ HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp -- Hosts ----------------------------------------------------------------------- 127.0.0.1 dle-news.ru 127.0.0.1 www.dle-news.ru 127.0.0.1 pc-soft.ru 127.0.0.1 www.pc-soft.ru 127.0.0.1 forum.pc-soft.ru 127.0.0.1 www.forum.pc-soft.ru 127.0.0.1 yandex.ru 127.0.0.1 www.yandex.ru 127.0.0.1 ya.ru 127.0.0.1 www.ya.ru 150 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-04-19 at 14:10:01 --------- Deckard's System Scanner v20070411.38 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Édition familiale (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: AMD Athlon XP 2600+ Percentage of Memory in Use: 72% Physical Memory (total/avail): 255.48 MiB / 69.45 MiB Pagefile Memory (total/avail): 617.7 MiB / 281.14 MiB Virtual Memory (total/avail): 2047.88 MiB / 1958.84 MiB A: is Removable (No Media) C: is Fixed (FAT32) - 74.51 GiB total, 22.76 GiB free. D: is CDROM (No Media) E: is CDROM (CDFS) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is CDROM (No Media) K: is CDROM (No Media) L: is CDROM (No Media) M: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: avast! antivirus 4.7.981 [VPS 000734-3] v4.7.981 (ALWIL Software) -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Nathalie\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=SALLE·MANGER ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Nathalie LOGONSERVER=\\SALLE·MANGER NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0a00 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Nathalie\LOCALS~1\Temp TMP=C:\DOCUME~1\Nathalie\LOCALS~1\Temp USERDOMAIN=SALLE·MANGER USERNAME=Nathalie USERPROFILE=C:\Documents and Settings\Nathalie windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Nathalie (admin) Jean-Michel (admin) Kévin.SALLEÀMANGER (admin) Kévin (admin) Yohan (admin) Lou Administrateur (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x40c --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe" ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2} ABBYY FineReader 6.0 --> MsiExec.exe /I{AF600F7B-67A7-48D9-BA3B-0FF97F35F970} Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop 6.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe SVG Viewer --> C:\WINDOWS\IsUn040c.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu" AGF --> C:\Program Files\AGF\uninstagf.exe "C:\Program Files\AGF\" "C:\Documents and Settings\Yohan\Menu Démarrer\Programmes\AGF\" Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C} Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x40c -uninst ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audiator3 --> MsiExec.exe /I{78B283AC-7F3C-41ED-9102-28E12CE08026} avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6} CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04} CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} CMN --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C8FC80-E542-11D3-8F7F-009027591AA8}\setup.exe" Compel Adaptec WinASPI --> "C:\Program Files\WinASPI\unins000.exe" Copernic Agent Basic --> "C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat" Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Correctif Windows XP - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe Correctif Windows XP - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Correctif Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Correctif Windows XP - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Correctif Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0} CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u Dial-Messenger 1.0.39 --> "C:\Program Files\Dial-Messenger\unins000.exe" DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" EPSON Copy Utility --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x40c ADDREMOVEDLG EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C51957C2-F025-4FB3-B181-09131504A29D}\setup.exe" -l0x40c MyUninstall EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst EPSON Scan --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x40c UNINSTALL EPSON Smart Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall ESCX5400 Guide de référence --> C:\Program Files\EPSON\ESCX5400\REF_G\DOCUNINS.EXE ESCX5400 Guide des logiciels --> C:\Program Files\EPSON\ESCX5400\PQU_G\DOCUNINS.EXE ESCX5400 Guide du copieur --> C:\Program Files\EPSON\ESCX5400\COPY_G\DOCUNINS.EXE ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97} ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9} ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619} ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8} ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD} ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331} ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567} ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69} ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1} Gimp pour Windows --> "C:\Program Files\Gimp\uninstall.exe" HijackThis 1.99.1 --> C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe /uninstall HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC} HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE} HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21} HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593} Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010} Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060} Kit d'installation --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C650676-CDDB-42C0-8D11-3EEB7F791F99}\setup.exe" -l0x40c -usb KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} Les Sims : Entre Chiens et Chats --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l040c LG PhoneManager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EE65592-88FD-48AA-98CA-EE9BDB1FF518}\setup.exe" -l0x40c -removeonly LG SyncManager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFD25152-1916-4744-BAAF-F2D2EBF38284}\setup.exe" -l0x40c -removeonly LG USB Modem driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c -removeonly LGeneral 1.1 --> "C:\Program Files\LGeneral\unins000.exe" Logiciel Kodak EasyShare --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_49be1a4f\Setup.exe /APR-REMOVE Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Office 2000 CD-ROM 2 --> MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7} Microsoft Office 2000 Professional --> MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7} Microsoft Reader --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x40c Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" MP3Guest Encoder Wizard --> C:\PROGRA~1\MP3GUEST\ENCODE~1\UNWISE.EXE C:\PROGRA~1\MP3GUEST\ENCODE~1\INSTALL.LOG Neodivx --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C043F4-56F0-440F-BC5E-149666045A55}\setup.exe" -l0x40c Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} NTI CD & DVD-Maker 6.5 Gold --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1036 AnyText OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C} OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D} PhotoFiltre --> "c:\Program Files\PhotoFiltre\Uninst.exe" PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung\SSCDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly Samsung Samples Installer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly ScanToWeb --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314} SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0} Shareaza version 2.2.5.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe" ShareazaPlus version 2.3.0.0 --> "C:\Program Files\ShareazaPlus\Uninstall\unins000.exe" Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SweetIM For Internet Explorer 1.0a --> MsiExec.exe /X{BBB1528C-2F8C-4526-9C8E-699F17AF21CA} Theme Hospital --> C:\WINDOWS\unin040c.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu" TMPGEnc 2.01 Fr --> "C:\Program Files\TMPGEnc\uninstall.exe" Transport Tycoon Deluxe --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE3F2D10-B80D-4A41-A626-EE4673659120}\Setup.exe" -l0x40c Téléchargement PHOTOWAYS 1.0 --> "C:\Program Files\Téléchargement PHOTOWAYS\uninstall.exe" USB MODEM Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL USB Video Camera Driver v1.10 --> MsiExec.exe /I{926B578B-505F-4820-A62D-088E1124FED4} VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E} Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~3\UNWISE.EXE C:\PROGRA~1\VIRTUA~3\INSTALL.LOG Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Wall Street Tycoon --> C:\PROGRA~1\WALLST~1\UNWISE.EXE C:\PROGRA~1\WALLST~1\INSTALL.LOG WinCue (Remove only) --> "C:\Program Files\Winamp\Plugins\WinCue\uninstall.exe" WindowBlinds --> C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\INSTALL.LOG Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2} Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinMind --> D:\Simul\Stratege\wm32usa\WINMIND.EXE uninstall WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall -- End of Deckard's System Scanner: finished at 2007-04-19 at 14:10:01 ---------

Je te joins le journal d'avast : 18/04/2007 10:58 Nathalie SYSTEM 1924 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\xnwisdtr.dll" file. 18/04/2007 10:58 Nathalie SYSTEM 1924 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\xnwisdtr.dll" file. 18/04/2007 10:58 Nathalie SYSTEM 1924 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\xnwisdtr.dll" file. 18/04/2007 10:58 Nathalie SYSTEM 1924 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\xnwisdtr.dll" file. 18/04/2007 11:32 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\prmvymfs.dll" file. 18/04/2007 11:32 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\prmvymfs.dll" file. 18/04/2007 11:32 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\prmvymfs.dll" file. 18/04/2007 11:32 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\prmvymfs.dll" file. 18/04/2007 11:58 Nathalie Nathalie 3516 Sign of "Win32:Rjump [Wrm]" has been found in "c:\windows\bittorrent.exe" file. 18/04/2007 12:00 Nathalie Nathalie 3736 Sign of "Win32:Rjump [Wrm]" has been found in "c:\windows\bittorrent.exe" file. 18/04/2007 12:04 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\qomgelhy.dll" file. 18/04/2007 12:04 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\qvuvdivk.dll" file. 18/04/2007 12:05 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\WINDOWS\system32\vespflix.dll" file. 18/04/2007 12:05 Nathalie Nathalie 3880 Sign of "Win32:BHO-BG [Trj]" has been found in "C:\WINDOWS\system32\uaslcqqy.dll" file. 18/04/2007 12:05 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\tqtobjft.dll" file. 18/04/2007 12:06 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\aamhfbmj.dll" file. 18/04/2007 12:11 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\rngutbof.dll" file. 18/04/2007 12:11 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\rwgntlpo.exe" file. 18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\wubuxdug.exe" file. 18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\rduqidvw.exe" file. 18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\bbwrmfeg.dll" file. 18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\amsplwms.exe" file. 18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\epxuitdk.dll" file. 18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\yekcelya.dll" file. 18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\jxaqgekw.exe" file. 18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\ludugqmi.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\xnbjmaqd.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\ifmxpffe.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\csilrgux.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\txwrvxsd.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\pujgeipj.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\dbmusjpd.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\WINDOWS\system32\qgogwmjp.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\WINDOWS\system32\poxbhnvg.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\lyknvwjm.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\noohfjgr.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\pbgpoxgu.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\yeygysxm.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\ccakbabl.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\deanxxhi.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\eioljopn.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\gvrdesrj.exe" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\coniauho.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\prvluydh.dll" file. 18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\dwmtkkfv.dll" file. 18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\tnoueehr.dll" file. 18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\vtwxvjdw.dll" file. 18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\jmgvjbdt.dll" file. 18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\gsbycapn.dll" file. 18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\xnwisdtr.dll" file. 18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\prmvymfs.dll" file. 18/04/2007 12:22 Nathalie Nathalie 3880 Sign of "Win32:Rjump [Wrm]" has been found in "C:\WINDOWS\bittorrent.exe" file. 18/04/2007 13:01 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\Documents and Settings\Jean-Michel\Local Settings\Temp\yuolonpd.dll" file. 18/04/2007 13:56 Nathalie Nathalie 3880 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Documents and Settings\Yohan\Local Settings\Temp\4\cdn.dll" file. 18/04/2007 13:56 Nathalie Nathalie 3880 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Documents and Settings\Yohan\Local Settings\Temp\4\cdnaux.dll" file. 18/04/2007 14:11 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\tqdulfpx.dll" file. 18/04/2007 14:22 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\Lou\Local Settings\Temp\jptggwsu.exe" file. 18/04/2007 14:22 Nathalie Nathalie 3880 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\Documents and Settings\Kévin.SALLEÀMANGER\Local Settings\Temp\WER60a2.dir00\iexplore.exe.hdmp" file. 18/04/2007 15:12 Nathalie Nathalie 3880 Sign of "Win32:Rjump [Wrm]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP815\A0201946.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208205.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208206.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208207.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:BHO-BG [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208208.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208209.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208210.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208211.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208212.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208213.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208214.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208215.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208216.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208217.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208218.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208219.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208220.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208221.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208222.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208223.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208224.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208225.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208226.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208227.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208228.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208229.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208230.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208231.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208232.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208233.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208234.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208235.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208236.exe" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208237.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208238.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208239.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208240.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208241.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208242.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208243.dll" file. 18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208244.dll" file.

Bonjour, J'utilise avast et pourtant mon système est infecté par win32. Aidez-moi à m'en débarrasser. Ci-après mon rapport Hijackthis. Merci. Logfile of HijackThis v1.99.1 Scan saved at 09:59 Nathalie, on 19/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\bittorrent.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

Bonjour, Pour la dernière procédure, je n'ai pas rencontré de problème. Peux-tu me dire s'il reste encore des bestioles ? Suis-je bien protégé contre toutes ces bestioles ? Merci pour ton aide.

OK C'est fait. Ci-après mon dernier log + rapport Logfile of HijackThis v1.99.1 Scan saved at 22:22 Nathalie, on 25/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\CursorXP\CursorXP.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_uni_dd_final.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 22:12 Nathalie 25/11/2006 + Résultat de l'analyse: HKLM\SOFTWARE\Altnet -> Adware.Altnet : Erreur lors du nettoyage. HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Erreur lors du nettoyage. HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Erreur lors du nettoyage. C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP671\A0165147.dll -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Nathalie\Cookies\nathalie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. Fin du rapport

Bonjour, Je viens juste d'exécuter les dernières manips demandées et voici le nouveau rapport AVG. --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 13:48 Nathalie 25/11/2006 + Résultat de l'analyse: HKLM\SOFTWARE\Altnet -> Adware.Altnet : Erreur lors du nettoyage. HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Erreur lors du nettoyage. HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Erreur lors du nettoyage. C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP652\A0156498.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP652\A0156499.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Activate.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\AE_CD_Cr.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr4.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr5.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\ASDSEEpv.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\ASPack.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\BDelphi5.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\Babylon.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\CBuildr5.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\CCGA.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\CManager.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\CatchUp.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteFTP4.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteHTML.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\DAcceler.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\DiscJug.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\ECDCreat4.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\FFTsks.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\Far.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\FlashFXP.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\FrntPage.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\FrontPEx.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpEXP.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpVoya.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\GetRight.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\GoZilla.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\GravMRU.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\H_TxtPad.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\HomeSite.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\HotDogPr.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\IconExtr.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\ImgReady3.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\InsShExp.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\JASC_P_P.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\KaZaA.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\LView.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MMUnDisk.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MM_CON.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MPImaGal.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MPaint.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MPicPub.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MSExplorer.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MSRegEdit.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWMP.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWordPad.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MSoffice.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDir.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDrWea.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MicAng.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\MicDes.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\Morpheus.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\NTBackup.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\Nero.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\NetShow.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\PHPCoder.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\PhotShel.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\PowerZIP.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\RapidBr.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\RealAuPl.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\RealDown.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\SL_BlWin.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\SecurCRT.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\SmartClr.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\Sonique.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\StuffIt.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\TelepPro.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\UGifAnim.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\UMedStud.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhImpV.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhotoEx.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\UVidStud.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\UltraEd.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\VNC.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\WebFeret.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\WebReap.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\WinACE.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\WinGate.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\WinRAR.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\WinZIP.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\WiseInst.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\YahooPl.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\ZipMagic.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\iMesh.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\pfilelst.xda -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Appbase\wordslst.xda -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\InstHelp.exe -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\ScanReport.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Schedule.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\UDC2006.xml -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\UDC6.url -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\UDCShell.xml -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\Updater.exe -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\bnlink.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\err.log -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\lapv.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\license.rtf -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\manual.url -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\pv.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\pv.exe -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\readme.rtf -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\sr.log -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\support.url -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\unins000.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\unins000.exe -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\uninstall.ico -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\up.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\updater.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\DriveCleaner 2006 Free\vbpv.dat -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP667\A0163085.exe -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP667\A0163087.dll -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\DriveCleaner 2006 Free -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP652\A0156493.dll -> Dialer.InstantAccess : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP652\A0156494.dll -> Dialer.InstantAccess : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP666\A0161076.dll -> Dialer.InstantAccess : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP599\A0138627.dll -> Downloader.IstBar.pb : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Jean-Michel\Local Settings\Temporary Internet Files\Content.IE5\YFQJAXQ3\ErrorSafeFrenchNewReleaseInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Jean-Michel\Local Settings\Temporary Internet Files\Content.IE5\41ANKHEB\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Kévin.SALLEÀMANGER\Local Settings\Temporary Internet Files\Content.IE5\ODMJW563\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Yohan\Local Settings\Temporary Internet Files\Content.IE5\9NZV9PGY\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\jean-michel@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\jean-michel@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\jean-michel@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. Fin du rapport J'attends les nouvelles consignes. Merci pour ton aide.

Bonsoir, J'ai suivi tes instructions. Je n'ai pas pu enlever les deux programmes dans le panneau de config mais j'ai continué jusqu'au bout la procédure et voici mon dernier hijackthis + le report. Merci de m'informer de la suite à donner. --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:56 Nathalie 05/11/2006 + Résultat de l'analyse: HKLM\SOFTWARE\Altnet -> Adware.Altnet : Erreur lors du nettoyage. HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Erreur lors du nettoyage. HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Erreur lors du nettoyage. C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP599\A0138632.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP602\A0139648.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP602\A0140627.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP604\A0140675.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP607\A0140733.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP611\A0140812.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP612\A0141810.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP615\A0142810.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP616\A0142889.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP617\A0143047.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP621\A0143119.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP622\A0143828.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP623\A0143840.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP624\A0143890.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP624\A0144844.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP627\A0144897.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP628\A0145928.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP630\A0145982.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP630\A0146995.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP631\A0147982.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP634\A0148982.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP635\A0149982.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP635\A0150982.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP635\A0151982.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP635\A0153982.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP635\A0154016.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP636\A0154092.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP637\A0154114.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP641\A0155150.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP643\A0155371.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP643\A0155923.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP644\A0155937.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP645\A0155984.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP646\A0156083.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP651\A0156445.exe -> Adware.Bestofer : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\TBONBin -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\TBONBin\TBONInst.cfg -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\TBONBin\Uninstall.exe -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\TBONBin\tbon.exe -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP639\A0154165.EXE -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine). HKU\S-1-5-21-1256799619-1690550294-72185382-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DC9D850-144D-11E1-B3C9-10805E499D93} -> Adware.ContextuAd : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Erreur lors du nettoyage. HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Erreur lors du nettoyage. C:\Documents and Settings\Nathalie\Local Settings\Temp\temp.frFF39\NavHelper\v2.0.4c\NHUninstaller.exe -> Adware.NavExcel : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Nathalie\Local Settings\Temp\temp.frFF39\NavHelper\v2.0.4c\NHelper.dll -> Adware.NavExcel : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP647\A0156094.exe -> Adware.NavExcel : Nettoyé et sauvegardé (mise en quarantaine). C:\temp\kwdbfm\help\STUNTB.exe -> Adware.NavExcel : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Yohan\Menu Démarrer\Programmes\Power Scan -> Adware.PowerScan : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Yohan\Menu Démarrer\Programmes\Power Scan\Power Scan.lnk -> Adware.PowerScan : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\msclock32.dll -> Dialer.InstantAccess : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\msplock32.dll -> Dialer.InstantAccess : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Shareaza\Downloads\(( field of stratégie french 1 49.zip/install.exe -> Hijacker.Agent.hi : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Shareaza\Downloads\(Crack) hotel giant 1 13.zip/install.exe -> Hijacker.Agent.hi : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Shareaza\Downloads\(Release) field of stratégie french 2 24.zip/setup.exe -> Hijacker.Agent.hi : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Shareaza\Downloads\01 - field of stratégie 1 57.zip/install.exe -> Hijacker.Agent.hi : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Shareaza\Downloads\[New Version] patch field of stratégie 1 41.zip/setup.exe -> Hijacker.Agent.hi : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Shareaza\Downloads\serial keys rise of nation 2 1 49.zip/setup.exe -> Hijacker.Agent.hi : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Shareaza\Downloads\www.freewarez.to desmume 1 48.zip/install.exe -> Hijacker.Agent.hi : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Kévin.SALLEÀMANGER\Local Settings\Temporary Internet Files\Content.IE5\WDMRWX2R\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Yohan\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Kévin\Cookies\ké[email protected][1].txt -> TrackingCookie.66.220.17.154 : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.Adjuggler : Nettoyé. C:\Documents and Settings\Kévin\Cookies\ké[email protected][1].txt -> TrackingCookie.Adjuggler : Nettoyé. C:\Documents and Settings\Kévin\Cookies\ké[email protected][1].txt -> TrackingCookie.Admarketplace : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Yohan\Cookies\yohan@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Yohan\Cookies\yohan@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Yohan\Cookies\yohan@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Kévin\Cookies\kévin@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé. C:\Documents and Settings\Kévin\Cookies\kévin@burstnet[3].txt -> TrackingCookie.Burstnet : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Yohan\Cookies\yohan@cliks[2].txt -> TrackingCookie.Cliks : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@com[1].txt -> TrackingCookie.Com : Nettoyé. C:\Documents and Settings\Kévin\Cookies\kévin@com[2].txt -> TrackingCookie.Com : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@com[2].txt -> TrackingCookie.Com : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\jean-michel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé. C:\Documents and Settings\Yohan\Local Settings\Temp\Cookies\yohan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Yohan\Cookies\yohan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Yohan\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][1].txt -> TrackingCookie.Gamershell : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@gamershell[1].txt -> TrackingCookie.Gamershell : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][1].txt -> TrackingCookie.Gamershell : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Kévin\Cookies\kévin@ivwbox[1].txt -> TrackingCookie.Ivwbox : Nettoyé. C:\Documents and Settings\Kévin\Cookies\ké[email protected][1].txt -> TrackingCookie.Masterstats : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Yohan\Cookies\yohan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\jean-michel@need2find[2].txt -> TrackingCookie.Need2find : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\jean-michel@need2find[3].txt -> TrackingCookie.Need2find : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@need2find[1].txt -> TrackingCookie.Need2find : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@need2find[2].txt -> TrackingCookie.Need2find : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@need2find[2].txt -> TrackingCookie.Need2find : Nettoyé. C:\Documents and Settings\Yohan\Local Settings\Temp\Cookies\yohan@need2find[1].txt -> TrackingCookie.Need2find : Nettoyé. C:\Documents and Settings\Jean-Michel\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][2].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\Yohan\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Kévin\Cookies\kévin@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Yohan\Cookies\[email protected][2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé. C:\Documents and Settings\Kévin\Cookies\kévin@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Yohan\Cookies\yohan@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Yohan\Cookies\yohan@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\nathalie@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\ké[email protected][2].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Kévin\Cookies\ké[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Kévin\Cookies\ké[email protected][3].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Nathalie\Cookies\[email protected][3].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Yohan\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Yohan\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Kévin.SALLEÀMANGER\Cookies\kévin@ysbweb[1].txt -> TrackingCookie.Ysbweb : Nettoyé. C:\Program Files\Shareaza\Downloads\Zoo Empire Trainer.zip/setup.exe -> Worm.Alcan.a : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 20:03 Nathalie, on 05/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_uni_dd_final.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

Bonjour, J'ai mon ordi qui est infecté par win32. Je ne sais pas comment m'en débarrasser. Cela ralentit fortement mon ordi. Merci de m'aider. Logfile of HijackThis v1.99.1 Scan saved at 12:46 Nathalie, on 04/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing) O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_uni_dd_final.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: 64.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe