grosnain01

Voici voila les deux logs en question.... All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! No active process named gmt.exe was found! ========== FILES ========== File/Folder c:\windows\web\sys.exe not found. File/Folder c:\program files\fichiers communs\gmt\gmt.exe not found. c:\windows\system32\shdocvw.dll unregistered successfully. c:\windows\system32\shdocvw.dll moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NoooH deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77EDA01-3C56-4a96-8D08-02B42891C169}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur User: All Users User: Default User User: Frédéric ->Temp folder emptied: -1760192265 bytes ->Temporary Internet Files folder emptied: 100352506 bytes ->Java cache emptied: 1593747 bytes ->Google Chrome cache emptied: 179353400 bytes User: LocalService ->Temp folder emptied: 66016 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 7152013 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19528 bytes %systemroot%\System32 .tmp files removed: 11196912 bytes Windows Temp folder emptied: 3705744 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = -1389,24 mb OTM by OldTimer - Version 3.0.0.2 log created on 06302009_194020 Files moved on Reboot... Registry entries deleted on Reboot... ----------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:55:10, on 30/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Frédéric\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RESEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://grosnain01.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe -- End of file - 10359 bytes

Voici maintenant le rapport MBAM et le nouveau rapport HiJackThis. Au cours du scan, avira a détecté 4 fichiers sur une clé USB (tye WORM et Trojan), qu'il a supprimé. A plus et merci encore ! Malwarebytes' Anti-Malware 1.38 Version de la base de données: 2353 Windows 5.1.2600 Service Pack 2 30/06/2009 14:44:36 mbam-log-2009-06-30 (14-44-36).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Eléments examinés: 219626 Temps écoulé: 1 hour(s), 58 minute(s), 15 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) --------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:46:15, on 30/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Frédéric\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NoooH] C:\WINDOWS\Web\Sys.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RESEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://grosnain01.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe -- End of file - 10330 bytes

Merci de ta réponse !!!! Voici les 2 posts donnés par TB Toolbar, le reste suit.... -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Edition familiale ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : PhoenixBIOS 4.0 Release 6.0 USER : Frédéric ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.30 (Activated) C:\ (Local Disk) - NTFS - Total:18 Go (Free:3 Go) D:\ (Local Disk) - NTFS - Total:18 Go (Free:10 Go) E:\ (USB) F:\ (CD or DVD) G:\ (Local Disk) - NTFS - Total:465 Go (Free:250 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 30/06/2009|10:25 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0 C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\dynamic C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1 C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\ads.cdf C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\business_promo.htm C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\buttondir.txt C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\components.cdf C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\default.cdf C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_511745-514279.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_categorize.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_comparison.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_explorer-Mails.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_explorer-people.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_favorites.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_Games.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_Hide.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_hotbarcom.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_Hotmail.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_hsskin.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_Mails.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_new.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_premium.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_ringtone.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_SearchBoxTrapper.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_searchfor.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_searchgo.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_weather.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Default_yellowpages.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_1000.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_2000.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_3000.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bar.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar1.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar10.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar11.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar12.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar13.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar14.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar2.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar3.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar4.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar5.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar6.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar7.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar8.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_bbar9.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_logos.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_other.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_buttons_x.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\d_icons_weather.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\email-def-511724-548964.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\email-def-511724-9595.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\email-t1-bg.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\hotbar-premium-hotbar-premium.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\hotbar-premium.cdf C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\hotbar_promo.htm C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\icons2.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\keywords.idx C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\keywords1.dat C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\layout.cdf C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\linkpathlegal.txt C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\progress.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\s_icons_buttons.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\t2_bg.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\theweb.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\top7.cdf C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\Top7_theweb.mnu C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\1\tsd_bg.res C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\ads.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\business_promo.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\buttondir.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\default.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_1000.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_2000.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_3000.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bar.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar1.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar10.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar11.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar12.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar13.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar14.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar2.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar3.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar4.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar5.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar6.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar7.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar8.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_bbar9.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_logos.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_other.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_buttons_x.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\d_icons_weather.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\email-t1-bg.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\hotbar-premium.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\hotbar_promo.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\icons2.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\keywords.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\keywords1.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\layout.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\linkpathlegal.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\progress.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\samplegroups2.txt C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\samplegroups2.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\s_icons_buttons.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\t2_bg.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\top7.xip C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0\hotbar\static\DownLoad\tsd_bg.xip C:\Program Files\Hotbar C:\Program Files\Hotbar\hotbar.log C:\Program Files\KaZaA C:\Program Files\KaZaA\ammp3.dll C:\Program Files\KaZaA\bdupd.dll C:\Program Files\KaZaA\BGP2P C:\Program Files\KaZaA\data C:\Program Files\KaZaA\Db C:\Program Files\KaZaA\Help C:\Program Files\KaZaA\kazaa.exe C:\Program Files\KaZaA\Kazaa.url C:\Program Files\KaZaA\kzscan.dll C:\Program Files\KaZaA\libcurl.dll C:\Program Files\KaZaA\libeay32.dll C:\Program Files\KaZaA\libssl32.dll C:\Program Files\KaZaA\licenses C:\Program Files\KaZaA\My Channels C:\Program Files\KaZaA\My Search Agents C:\Program Files\KaZaA\My Shared Folder C:\Program Files\KaZaA\My Unshared Folder C:\Program Files\KaZaA\myshare.ico C:\Program Files\KaZaA\Promotions C:\Program Files\KaZaA\Skins C:\Program Files\KaZaA\ssleay32.dll C:\Program Files\KaZaA\BGP2P\bdcore.dll C:\Program Files\KaZaA\BGP2P\bdupd.dll C:\Program Files\KaZaA\BGP2P\libfn.dll C:\Program Files\KaZaA\BGP2P\plugins C:\Program Files\KaZaA\BGP2P\plugins.htm C:\Program Files\KaZaA\BGP2P\versions.dat C:\Program Files\KaZaA\BGP2P\plugins\7zip.xmd C:\Program Files\KaZaA\BGP2P\plugins\ace.xmd C:\Program Files\KaZaA\BGP2P\plugins\adsntfs.xmd C:\Program Files\KaZaA\BGP2P\plugins\alz.xmd C:\Program Files\KaZaA\BGP2P\plugins\arc.xmd C:\Program Files\KaZaA\BGP2P\plugins\arj.xmd C:\Program Files\KaZaA\BGP2P\plugins\bach.xmd C:\Program Files\KaZaA\BGP2P\plugins\boot.xmd C:\Program Files\KaZaA\BGP2P\plugins\bzip2.xmd C:\Program Files\KaZaA\BGP2P\plugins\cab.xmd C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.cvd C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.ivd C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.rvd C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.xmd C:\Program Files\KaZaA\BGP2P\plugins\ceva_dll.cvd C:\Program Files\KaZaA\BGP2P\plugins\ceva_emu.cvd C:\Program Files\KaZaA\BGP2P\plugins\ceva_vfs.cvd C:\Program Files\KaZaA\BGP2P\plugins\chm.xmd C:\Program Files\KaZaA\BGP2P\plugins\cpio.xmd C:\Program Files\KaZaA\BGP2P\plugins\cran.cvd C:\Program Files\KaZaA\BGP2P\plugins\cran.ivd C:\Program Files\KaZaA\BGP2P\plugins\cran.xmd C:\Program Files\KaZaA\BGP2P\plugins\dbx.xmd C:\Program Files\KaZaA\BGP2P\plugins\docfile.xmd C:\Program Files\KaZaA\BGP2P\plugins\emalware.cvd C:\Program Files\KaZaA\BGP2P\plugins\emalware.i01 C:\Program Files\KaZaA\BGP2P\plugins\emalware.i02 C:\Program Files\KaZaA\BGP2P\plugins\emalware.i03 C:\Program Files\KaZaA\BGP2P\plugins\emalware.i04 C:\Program Files\KaZaA\BGP2P\plugins\emalware.i05 C:\Program Files\KaZaA\BGP2P\plugins\emalware.i06 C:\Program Files\KaZaA\BGP2P\plugins\emalware.i07 C:\Program Files\KaZaA\BGP2P\plugins\emalware.i08 C:\Program Files\KaZaA\BGP2P\plugins\emalware.i09 C:\Program Files\KaZaA\BGP2P\plugins\emalware.ivd C:\Program Files\KaZaA\BGP2P\plugins\emalware.xmd C:\Program Files\KaZaA\BGP2P\plugins\epoc.xmd C:\Program Files\KaZaA\BGP2P\plugins\e_spyw.ivd C:\Program Files\KaZaA\BGP2P\plugins\gzip.xmd C:\Program Files\KaZaA\BGP2P\plugins\ha.xmd C:\Program Files\KaZaA\BGP2P\plugins\hlp.xmd C:\Program Files\KaZaA\BGP2P\plugins\hpe.cvd C:\Program Files\KaZaA\BGP2P\plugins\hpe.xmd C:\Program Files\KaZaA\BGP2P\plugins\hqx.xmd C:\Program Files\KaZaA\BGP2P\plugins\html.xmd C:\Program Files\KaZaA\BGP2P\plugins\imp.xmd C:\Program Files\KaZaA\BGP2P\plugins\inno.xmd C:\Program Files\KaZaA\BGP2P\plugins\instyler.xmd C:\Program Files\KaZaA\BGP2P\plugins\iso.xmd C:\Program Files\KaZaA\BGP2P\plugins\java.cvd C:\Program Files\KaZaA\BGP2P\plugins\java.xmd C:\Program Files\KaZaA\BGP2P\plugins\jpeg.xmd C:\Program Files\KaZaA\BGP2P\plugins\lha.xmd C:\Program Files\KaZaA\BGP2P\plugins\lnk.xmd C:\Program Files\KaZaA\BGP2P\plugins\mbox.xmd C:\Program Files\KaZaA\BGP2P\plugins\mbx.xmd C:\Program Files\KaZaA\BGP2P\plugins\mdx.xmd C:\Program Files\KaZaA\BGP2P\plugins\mdx_97.cvd C:\Program Files\KaZaA\BGP2P\plugins\mdx_97.ivd C:\Program Files\KaZaA\BGP2P\plugins\mdx_w95.cvd C:\Program Files\KaZaA\BGP2P\plugins\mdx_x95.cvd C:\Program Files\KaZaA\BGP2P\plugins\mdx_xf.cvd C:\Program Files\KaZaA\BGP2P\plugins\mime.xmd C:\Program Files\KaZaA\BGP2P\plugins\mso.xmd C:\Program Files\KaZaA\BGP2P\plugins\na.cvd C:\Program Files\KaZaA\BGP2P\plugins\na.xmd C:\Program Files\KaZaA\BGP2P\plugins\nelf.cvd C:\Program Files\KaZaA\BGP2P\plugins\nelf.xmd C:\Program Files\KaZaA\BGP2P\plugins\nsis.xmd C:\Program Files\KaZaA\BGP2P\plugins\objd.xmd C:\Program Files\KaZaA\BGP2P\plugins\pdf.xmd C:\Program Files\KaZaA\BGP2P\plugins\pst.xmd C:\Program Files\KaZaA\BGP2P\plugins\rar.xmd C:\Program Files\KaZaA\BGP2P\plugins\regscan.cvd C:\Program Files\KaZaA\BGP2P\plugins\rpm.xmd C:\Program Files\KaZaA\BGP2P\plugins\rtf.xmd C:\Program Files\KaZaA\BGP2P\plugins\rup.cvd C:\Program Files\KaZaA\BGP2P\plugins\rup.xmd C:\Program Files\KaZaA\BGP2P\plugins\sdx.cvd C:\Program Files\KaZaA\BGP2P\plugins\sdx.ivd C:\Program Files\KaZaA\BGP2P\plugins\sdx.xmd C:\Program Files\KaZaA\BGP2P\plugins\sfx.xmd C:\Program Files\KaZaA\BGP2P\plugins\swf.xmd C:\Program Files\KaZaA\BGP2P\plugins\tar.xmd C:\Program Files\KaZaA\BGP2P\plugins\td0.xmd C:\Program Files\KaZaA\BGP2P\plugins\thebat.xmd C:\Program Files\KaZaA\BGP2P\plugins\tnef.xmd C:\Program Files\KaZaA\BGP2P\plugins\unpack.cvd C:\Program Files\KaZaA\BGP2P\plugins\unpack.ivd C:\Program Files\KaZaA\BGP2P\plugins\unpack.xmd C:\Program Files\KaZaA\BGP2P\plugins\update.txt C:\Program Files\KaZaA\BGP2P\plugins\uudecode.xmd C:\Program Files\KaZaA\BGP2P\plugins\ve.cvd C:\Program Files\KaZaA\BGP2P\plugins\ve.ivd C:\Program Files\KaZaA\BGP2P\plugins\ve.xmd C:\Program Files\KaZaA\BGP2P\plugins\vedata.cvd C:\Program Files\KaZaA\BGP2P\plugins\viza.xmd C:\Program Files\KaZaA\BGP2P\plugins\wise.xmd C:\Program Files\KaZaA\BGP2P\plugins\xishield.xmd C:\Program Files\KaZaA\BGP2P\plugins\z.xmd C:\Program Files\KaZaA\BGP2P\plugins\zip.xmd C:\Program Files\KaZaA\BGP2P\plugins\zoo.xmd C:\Program Files\KaZaA\data\{4814FE7B-A74E-D453-9766-6443BAFE4DE1} C:\Program Files\KaZaA\data\{5D16F16C-8C4F-C598-C51A-D0F2C6BCBF49} C:\Program Files\KaZaA\data\{97428ADA-49AB-EA4F-C60D-B0466CE122F5} C:\Program Files\KaZaA\data\{B03B1DB0-1827-5B21-0FDF-A4F9DCCC30EB} C:\Program Files\KaZaA\Db\config.cab C:\Program Files\KaZaA\Db\ctx4-050310.cab C:\Program Files\KaZaA\Db\ctx4-051016.cab C:\Program Files\KaZaA\Db\ctx4-070305.cab C:\Program Files\KaZaA\Db\d01.cab C:\Program Files\KaZaA\Db\d02.cab C:\Program Files\KaZaA\Db\data1024.dbb C:\Program Files\KaZaA\Db\data256.dbb C:\Program Files\KaZaA\Db\k7tqkgkk_tssv125.dat C:\Program Files\KaZaA\Db\np.tmp C:\Program Files\KaZaA\Db\ova4-051106.cab C:\Program Files\KaZaA\Db\ova4-070305.cab C:\Program Files\KaZaA\Db\tsi4-050224a.cab C:\Program Files\KaZaA\Db\tsi4-050224b.cab C:\Program Files\KaZaA\Db\tsi4-051103a.cab C:\Program Files\KaZaA\Db\tsi4-051103b.cab C:\Program Files\KaZaA\Db\tsi4-070305.cab C:\Program Files\KaZaA\Db\tss4.cab C:\Program Files\KaZaA\Db\tss4.dat C:\Program Files\KaZaA\Db\tss5.cab C:\Program Files\KaZaA\Db\tssv124.dat C:\Program Files\KaZaA\Help\arrow.gif C:\Program Files\KaZaA\Help\arrow_sml.gif C:\Program Files\KaZaA\Help\background.gif C:\Program Files\KaZaA\Help\h_mykazaa.gif C:\Program Files\KaZaA\Help\h_myMedia.gif C:\Program Files\KaZaA\Help\h_myplaylists.gif C:\Program Files\KaZaA\Help\icon_gold_kap.gif C:\Program Files\KaZaA\Help\myKapsules.gif C:\Program Files\KaZaA\Help\mykapsules.htm C:\Program Files\KaZaA\Help\mykazaa.css C:\Program Files\KaZaA\Help\mykazaa.htm C:\Program Files\KaZaA\Help\mymedia.htm C:\Program Files\KaZaA\Help\myplaylists.htm C:\Program Files\KaZaA\Help\spacer.gif C:\Program Files\KaZaA\My Channels\Bin C:\Program Files\KaZaA\My Channels\Images C:\Program Files\KaZaA\My Channels\Bin\crazyplaygames.kcd C:\Program Files\KaZaA\My Channels\Bin\dating.kcd C:\Program Files\KaZaA\My Channels\Bin\emerging_artists.kcd C:\Program Files\KaZaA\My Channels\Bin\g_spot.kcd C:\Program Files\KaZaA\My Channels\Bin\onelove_browse.kcd C:\Program Files\KaZaA\My Channels\Bin\ringtonechannel.kcd C:\Program Files\KaZaA\My Channels\Bin\rshiphop.kcd C:\Program Files\KaZaA\My Channels\Bin\skilledgames.kcd C:\Program Files\KaZaA\My Channels\Images\crazyplaygames.bmp C:\Program Files\KaZaA\My Channels\Images\dating.bmp C:\Program Files\KaZaA\My Channels\Images\emerging_artists.bmp C:\Program Files\KaZaA\My Channels\Images\g_spot.bmp C:\Program Files\KaZaA\My Channels\Images\onelove_browse.bmp C:\Program Files\KaZaA\My Channels\Images\ringtonechannel.bmp C:\Program Files\KaZaA\My Channels\Images\rshiphop_browse.bmp C:\Program Files\KaZaA\My Channels\Images\skilledgames.bmp C:\Program Files\KaZaA\My Shared Folder\Audio - Alternative Rock.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Barrington Levy.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Electronica.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Fine Arts Militia Album.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Folk.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Funk.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Hip Hop.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Jazz.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Pop Rock.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Public Enemy Revolverlution Album.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - R&B.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Reggae.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - The Honey Palace Album.kpl C:\Program Files\KaZaA\My Shared Folder\kazaa326_en.exe C:\Program Files\KaZaA\My Shared Folder\SkypeSetup.exe C:\Program Files\KaZaA\My Shared Folder\Song To Myself.wma C:\Program Files\KaZaA\My Unshared Folder\kazaa267_fr.exe C:\Program Files\KaZaA\My Unshared Folder\kazaa300_en.exe C:\Program Files\KaZaA\My Unshared Folder\Stop! In The Name Of Love (1).mp3 C:\Program Files\KaZaA\My Unshared Folder\Time Out Of Mind Highlands.mp3 C:\Program Files\KaZaA\Promotions\Play Poker Now.ico C:\Program Files\KaZaA\Promotions\Play Poker Now.url C:\Program Files\KaZaA\Promotions\Your Free Casino Chips.ico C:\Program Files\KaZaA\Promotions\Your Free Casino Chips.url C:\Program Files\KaZaA\Skins\Black Glass C:\Program Files\KaZaA\Skins\Black Glass\License.txt C:\Program Files\KaZaA\Skins\Black Glass\mainbar_mykazaa.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_mykazaa_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_mykazaa_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_mykazaa_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_peer.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_peer_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_peer_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_peer_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_search.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_search_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_search_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_search_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_shop.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_shop_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_shop_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_shop_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_start.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_start_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_start_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_start_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_tell.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_tell_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_tell_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_tell_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_theatre.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_theatre_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_theatre_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_theatre_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_traffic.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_traffic_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_traffic_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_traffic_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_addtoplay.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_addtoplay_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_addtoplay_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_addtoplay_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_next.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_next_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_next_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_next_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_pause.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_pause_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_pause_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_pause_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_play.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_play_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_play_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_play_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_prev.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_prev_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_prev_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_prev_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_slider.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_sliderThumb.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_sliderThumb_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_stop.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_stop_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_stop_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_stop_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_volume.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_volume_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_volume_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_volume_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_delete.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_delete_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_delete_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_delete_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_folders.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_folders_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_folders_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_folders_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_moreinfo.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_moreinfo_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_moreinfo_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_moreinfo_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_share.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_share_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_share_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_share_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_closetabs.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_closetabs_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_closetabs_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_closetabs_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_download.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_download_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_download_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_download_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_messageuser.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_messageuser_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_messageuser_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_messageuser_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_newsearch.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_newsearch_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_newsearch_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_newsearch_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_searchuser.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_searchuser_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_searchuser_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_searchuser_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_showsearch.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_showsearch_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_showsearch_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_showsearch_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\skin.xml C:\Program Files\KaZaA\Skins\Black Glass\startbar_back.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_back_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_back_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_back_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_fwd.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_fwd_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_fwd_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_fwd_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_home.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_home_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_home_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_home_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_refresh.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_refresh_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_refresh_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_refresh_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_stop.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_stop_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_stop_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_stop_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\theatrebar_fullscreen.bmp C:\Program Files\KaZaA\Skins\Black Glass\theatrebar_fullscreen_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\theatrebar_fullscreen_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\theatrebar_fullscreen_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_cancel.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_cancel_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_cancel_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_cancel_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_pause.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_pause_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_pause_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_pause_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_resume.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_resume_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_resume_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_resume_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_close.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_close_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_close_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_close_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_maximise.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_maximise_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_maximise_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_maximise_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_minimise.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_minimise_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_minimise_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_minimise_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_restore.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_restore_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_restore_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_restore_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_btm.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_btmLeft.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_btmright.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_left.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_right.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_top.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_topleft.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_topright.bmp C:\DOCUME~1\FRDRIC~1\MENUDM~1\PROGRA~1\Kazaa C:\Program Files\Need2Find C:\Program Files\Need2Find\bar C:\WINDOWS\smdat32a.sys C:\WINDOWS\smdat32m.sys C:\WINDOWS\Fonts\acrsec.fon C:\WINDOWS\Fonts\acrsecB.fon C:\WINDOWS\Fonts\acrsecI.fon -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="about:blank" "Default_Page_URL"="http://www.neuf.fr"'>http://www.neuf.fr" "Search Page"="http://www.google.com"'>http://www.google.com" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"'>http://www.google.com/ie"'>http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 30/06/2009|10:26 - Option : [1] ---------------------------------------------------------------------------------------------------------------------------------- -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Edition familiale ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : PhoenixBIOS 4.0 Release 6.0 USER : Frédéric ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.30 (Activated) C:\ (Local Disk) - NTFS - Total:18 Go (Free:3 Go) D:\ (Local Disk) - NTFS - Total:18 Go (Free:10 Go) E:\ (USB) F:\ (CD or DVD) G:\ (Local Disk) - NTFS - Total:465 Go (Free:250 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 30/06/2009|10:31 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar\v3.0 Supprime! - C:\Program Files\Hotbar\hotbar.log Supprime! - C:\Program Files\KaZaA\ammp3.dll Supprime! - C:\Program Files\KaZaA\bdupd.dll Supprime! - C:\Program Files\KaZaA\BGP2P Supprime! - C:\Program Files\KaZaA\data Supprime! - C:\Program Files\KaZaA\Db Supprime! - C:\Program Files\KaZaA\Help Supprime! - C:\Program Files\KaZaA\kazaa.exe Supprime! - C:\Program Files\KaZaA\Kazaa.url Supprime! - C:\Program Files\KaZaA\kzscan.dll Supprime! - C:\Program Files\KaZaA\libcurl.dll Supprime! - C:\Program Files\KaZaA\libeay32.dll Supprime! - C:\Program Files\KaZaA\libssl32.dll Supprime! - C:\Program Files\KaZaA\licenses Supprime! - C:\Program Files\KaZaA\My Channels Supprime! - C:\Program Files\KaZaA\My Search Agents Supprime! - C:\Program Files\KaZaA\My Shared Folder Supprime! - C:\Program Files\KaZaA\My Unshared Folder Supprime! - C:\Program Files\KaZaA\myshare.ico Supprime! - C:\Program Files\KaZaA\Promotions Supprime! - C:\Program Files\KaZaA\Skins Supprime! - C:\Program Files\KaZaA\ssleay32.dll Supprime! - C:\DOCUME~1\FRDRIC~1\MENUDM~1\PROGRA~1\Kazaa Supprime! - C:\Program Files\Need2Find\bar Supprime! - C:\WINDOWS\smdat32a.sys Supprime! - C:\WINDOWS\smdat32m.sys Supprime! - C:\WINDOWS\Fonts\acrsec.fon Supprime! - C:\WINDOWS\Fonts\acrsecB.fon Supprime! - C:\WINDOWS\Fonts\acrsecI.fon Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\Hotbar Supprime! - C:\Program Files\Hotbar Supprime! - C:\Program Files\KaZaA Supprime! - C:\Program Files\Need2Find -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="about:blank" "Default_Page_URL"="http://www.neuf.fr" "Search Page"="http://www.google.com" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 30/06/2009|10:26 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 30/06/2009|10:35 - Option : [2]

Le virus se manifeste à l'ouverture d'un document word ou d'une fenetre internet par la répétition automatique du sigle 2 (au carré). Suivent les rapports Avira puis HijackThis. Avira AntiVir Personal Report file date: lundi 29 juin 2009 12:36 Scanning for 1432083 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Save mode Username : Frédéric Computer name : ROBIN Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/05/2009 03:14:47 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 04:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 05:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 04:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 06:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 05:04:46 ANTIVIR2.VDF : 7.1.4.133 2048 Bytes 24/06/2009 05:04:46 ANTIVIR3.VDF : 7.1.4.146 117248 Bytes 28/06/2009 05:04:47 Engineversion : 8.2.0.199 AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 05:52:04 AESCRIPT.DLL : 8.1.2.10 418171 Bytes 29/06/2009 05:05:01 AESCN.DLL : 8.1.2.3 127347 Bytes 14/05/2009 05:02:01 AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 12:24:41 AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 10:07:20 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 29/06/2009 05:04:59 AEHEUR.DLL : 8.1.0.137 1823095 Bytes 29/06/2009 05:04:58 AEHELP.DLL : 8.1.3.6 205174 Bytes 29/06/2009 05:04:50 AEGEN.DLL : 8.1.1.46 348533 Bytes 29/06/2009 05:04:49 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 08:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 10:07:20 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 08:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 02:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 04:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 08:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 04:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 09:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 04:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 09:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 02:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 04:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 09:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 04:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, G:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: lundi 29 juin 2009 12:36 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'G:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '63' files ). Starting the file scan: Begin scan in 'C:\' <VAIO> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\Frédéric\Local Settings\Temp\CKGFRs.dll [DETECTION] Contains recognition pattern of the APPL/Altnet application C:\Program Files\Fichiers communs\CMEII\GDwldEng.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Fichiers communs\CMEII\GIoclClient.dll [DETECTION] Contains recognition pattern of the ADSPY/Gator.6051.47 adware or spyware C:\Program Files\Fichiers communs\CMEII\GMTProxy.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Fichiers communs\CMEII\GStoreServer.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Kazaa\CKGFRs.dll [DETECTION] Contains recognition pattern of the APPL/Altnet application C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\hh.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\itircl.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\itss.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\locator.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\magnify.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\narrator.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\newdev.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\ole32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\shdocvw.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\shell32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\srv.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\urlmon.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\user32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\win32k.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\ndis.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\netshell.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\colbact.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comuid.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\es.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\ole32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\txflog.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\callcont.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msgina.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mst120.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\schannel.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\dao360.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ828026$\wmp.dll [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'G:\' <Iomega HDD> Beginning disinfection: C:\Documents and Settings\Frédéric\Local Settings\Temp\CKGFRs.dll [DETECTION] Contains recognition pattern of the APPL/Altnet application [NOTE] The file was moved to '4a8fa7b7.qua'! C:\Program Files\Fichiers communs\CMEII\GDwldEng.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to '4abfa7b0.qua'! C:\Program Files\Fichiers communs\CMEII\GIoclClient.dll [DETECTION] Contains recognition pattern of the ADSPY/Gator.6051.47 adware or spyware [NOTE] The file was moved to '4ab7a7b6.qua'! C:\Program Files\Fichiers communs\CMEII\GMTProxy.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to '4a9ca7ba.qua'! C:\Program Files\Fichiers communs\CMEII\GStoreServer.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to '4abca7c0.qua'! C:\Program Files\Kazaa\CKGFRs.dll [DETECTION] Contains recognition pattern of the APPL/Altnet application [NOTE] The file was moved to '4a8fa7b8.qua'! End of the scan: lundi 29 juin 2009 18:37 Used time: 2:47:18 Hour(s) The scan has been done completely. 10689 Scanned directories 292714 Files were scanned 6 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 6 Files were moved to quarantine 0 Files were renamed 96 Files cannot be scanned 292612 Files not concerned 6890 Archives were scanned 96 Warnings 7 Notes ------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:23:33, on 29/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Frédéric\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NoooH] C:\WINDOWS\Web\Sys.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Frédéric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RESEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://grosnain01.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe -- End of file - 10756 bytes Merci d'avance de votre aide !