Prodan

voila..aucune amélioration 21:38:11:890 3764 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 21:38:11:890 3764 ================================================================================ 21:38:11:890 3764 SystemInfo: 21:38:11:890 3764 OS Version: 5.1.2600 ServicePack: 2.0 21:38:11:890 3764 Product type: Workstation 21:38:11:890 3764 ComputerName: LOTUS 21:38:11:890 3764 UserName: Nathalie 21:38:11:890 3764 Windows directory: C:\WINDOWS 21:38:11:906 3764 Processor architecture: Intel x86 21:38:11:906 3764 Number of processors: 1 21:38:11:906 3764 Page size: 0x1000 21:38:11:906 3764 Boot type: Normal boot 21:38:11:906 3764 ================================================================================ 21:38:11:921 3764 UnloadDriverW: NtUnloadDriver error 2 21:38:11:921 3764 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 21:38:12:078 3764 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 21:38:12:078 3764 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 21:38:12:078 3764 wfopen_ex: Trying to KLMD file open 21:38:12:078 3764 wfopen_ex: File opened ok (Flags 2) 21:38:12:078 3764 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 21:38:12:078 3764 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 21:38:12:078 3764 wfopen_ex: Trying to KLMD file open 21:38:12:078 3764 wfopen_ex: File opened ok (Flags 2) 21:38:12:078 3764 Initialize success 21:38:12:078 3764 21:38:12:078 3764 Scanning Services ... 21:38:12:937 3764 Raw services enum returned 393 services 21:38:12:968 3764 21:38:12:968 3764 Scanning Kernel memory ... 21:38:12:968 3764 Devices to scan: 5 21:38:12:968 3764 21:38:12:968 3764 Driver Name: Disk 21:38:12:968 3764 IRP_MJ_CREATE : F7535C30 21:38:12:968 3764 IRP_MJ_CREATE_NAMED_PIPE : 805031BE 21:38:12:968 3764 IRP_MJ_CLOSE : F7535C30 21:38:12:968 3764 IRP_MJ_READ : F752FD9B 21:38:12:968 3764 IRP_MJ_WRITE : F752FD9B 21:38:12:968 3764 IRP_MJ_QUERY_INFORMATION : 805031BE 21:38:12:968 3764 IRP_MJ_SET_INFORMATION : 805031BE 21:38:12:968 3764 IRP_MJ_QUERY_EA : 805031BE 21:38:12:968 3764 IRP_MJ_SET_EA : 805031BE 21:38:12:968 3764 IRP_MJ_FLUSH_BUFFERS : F7530366 21:38:12:968 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE 21:38:12:968 3764 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE 21:38:12:968 3764 IRP_MJ_DIRECTORY_CONTROL : 805031BE 21:38:12:968 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE 21:38:12:968 3764 IRP_MJ_DEVICE_CONTROL : F753044D 21:38:12:968 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7533FC3 21:38:12:968 3764 IRP_MJ_SHUTDOWN : F7530366 21:38:12:968 3764 IRP_MJ_LOCK_CONTROL : 805031BE 21:38:12:968 3764 IRP_MJ_CLEANUP : 805031BE 21:38:12:968 3764 IRP_MJ_CREATE_MAILSLOT : 805031BE 21:38:12:968 3764 IRP_MJ_QUERY_SECURITY : 805031BE 21:38:12:968 3764 IRP_MJ_SET_SECURITY : 805031BE 21:38:12:968 3764 IRP_MJ_POWER : F7531EF3 21:38:12:968 3764 IRP_MJ_SYSTEM_CONTROL : F7536A24 21:38:12:968 3764 IRP_MJ_DEVICE_CHANGE : 805031BE 21:38:12:968 3764 IRP_MJ_QUERY_QUOTA : 805031BE 21:38:12:968 3764 IRP_MJ_SET_QUOTA : 805031BE 21:38:12:984 3764 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 21:38:12:984 3764 21:38:12:984 3764 Driver Name: USBSTOR 21:38:12:984 3764 IRP_MJ_CREATE : F193D218 21:38:12:984 3764 IRP_MJ_CREATE_NAMED_PIPE : 805031BE 21:38:12:984 3764 IRP_MJ_CLOSE : F193D218 21:38:12:984 3764 IRP_MJ_READ : F193D23C 21:38:12:984 3764 IRP_MJ_WRITE : F193D23C 21:38:12:984 3764 IRP_MJ_QUERY_INFORMATION : 805031BE 21:38:12:984 3764 IRP_MJ_SET_INFORMATION : 805031BE 21:38:12:984 3764 IRP_MJ_QUERY_EA : 805031BE 21:38:12:984 3764 IRP_MJ_SET_EA : 805031BE 21:38:12:984 3764 IRP_MJ_FLUSH_BUFFERS : 805031BE 21:38:12:984 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE 21:38:12:984 3764 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE 21:38:12:984 3764 IRP_MJ_DIRECTORY_CONTROL : 805031BE 21:38:12:984 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE 21:38:12:984 3764 IRP_MJ_DEVICE_CONTROL : F193D180 21:38:12:984 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : F19389E6 21:38:12:984 3764 IRP_MJ_SHUTDOWN : 805031BE 21:38:12:984 3764 IRP_MJ_LOCK_CONTROL : 805031BE 21:38:12:984 3764 IRP_MJ_CLEANUP : 805031BE 21:38:12:984 3764 IRP_MJ_CREATE_MAILSLOT : 805031BE 21:38:12:984 3764 IRP_MJ_QUERY_SECURITY : 805031BE 21:38:12:984 3764 IRP_MJ_SET_SECURITY : 805031BE 21:38:12:984 3764 IRP_MJ_POWER : F193C5F0 21:38:12:984 3764 IRP_MJ_SYSTEM_CONTROL : F193AA6E 21:38:12:984 3764 IRP_MJ_DEVICE_CHANGE : 805031BE 21:38:12:984 3764 IRP_MJ_QUERY_QUOTA : 805031BE 21:38:12:984 3764 IRP_MJ_SET_QUOTA : 805031BE 21:38:13:000 3764 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 21:38:13:000 3764 21:38:13:000 3764 Driver Name: Disk 21:38:13:000 3764 IRP_MJ_CREATE : F7535C30 21:38:13:000 3764 IRP_MJ_CREATE_NAMED_PIPE : 805031BE 21:38:13:000 3764 IRP_MJ_CLOSE : F7535C30 21:38:13:000 3764 IRP_MJ_READ : F752FD9B 21:38:13:000 3764 IRP_MJ_WRITE : F752FD9B 21:38:13:000 3764 IRP_MJ_QUERY_INFORMATION : 805031BE 21:38:13:000 3764 IRP_MJ_SET_INFORMATION : 805031BE 21:38:13:000 3764 IRP_MJ_QUERY_EA : 805031BE 21:38:13:000 3764 IRP_MJ_SET_EA : 805031BE 21:38:13:000 3764 IRP_MJ_FLUSH_BUFFERS : F7530366 21:38:13:000 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE 21:38:13:000 3764 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE 21:38:13:000 3764 IRP_MJ_DIRECTORY_CONTROL : 805031BE 21:38:13:000 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE 21:38:13:000 3764 IRP_MJ_DEVICE_CONTROL : F753044D 21:38:13:000 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7533FC3 21:38:13:000 3764 IRP_MJ_SHUTDOWN : F7530366 21:38:13:000 3764 IRP_MJ_LOCK_CONTROL : 805031BE 21:38:13:000 3764 IRP_MJ_CLEANUP : 805031BE 21:38:13:000 3764 IRP_MJ_CREATE_MAILSLOT : 805031BE 21:38:13:000 3764 IRP_MJ_QUERY_SECURITY : 805031BE 21:38:13:000 3764 IRP_MJ_SET_SECURITY : 805031BE 21:38:13:000 3764 IRP_MJ_POWER : F7531EF3 21:38:13:000 3764 IRP_MJ_SYSTEM_CONTROL : F7536A24 21:38:13:000 3764 IRP_MJ_DEVICE_CHANGE : 805031BE 21:38:13:000 3764 IRP_MJ_QUERY_QUOTA : 805031BE 21:38:13:000 3764 IRP_MJ_SET_QUOTA : 805031BE 21:38:13:000 3764 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 21:38:13:000 3764 21:38:13:000 3764 Driver Name: Disk 21:38:13:000 3764 IRP_MJ_CREATE : F7535C30 21:38:13:000 3764 IRP_MJ_CREATE_NAMED_PIPE : 805031BE 21:38:13:000 3764 IRP_MJ_CLOSE : F7535C30 21:38:13:000 3764 IRP_MJ_READ : F752FD9B 21:38:13:000 3764 IRP_MJ_WRITE : F752FD9B 21:38:13:000 3764 IRP_MJ_QUERY_INFORMATION : 805031BE 21:38:13:000 3764 IRP_MJ_SET_INFORMATION : 805031BE 21:38:13:000 3764 IRP_MJ_QUERY_EA : 805031BE 21:38:13:000 3764 IRP_MJ_SET_EA : 805031BE 21:38:13:000 3764 IRP_MJ_FLUSH_BUFFERS : F7530366 21:38:13:000 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE 21:38:13:000 3764 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE 21:38:13:000 3764 IRP_MJ_DIRECTORY_CONTROL : 805031BE 21:38:13:000 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE 21:38:13:000 3764 IRP_MJ_DEVICE_CONTROL : F753044D 21:38:13:000 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7533FC3 21:38:13:000 3764 IRP_MJ_SHUTDOWN : F7530366 21:38:13:000 3764 IRP_MJ_LOCK_CONTROL : 805031BE 21:38:13:000 3764 IRP_MJ_CLEANUP : 805031BE 21:38:13:000 3764 IRP_MJ_CREATE_MAILSLOT : 805031BE 21:38:13:000 3764 IRP_MJ_QUERY_SECURITY : 805031BE 21:38:13:000 3764 IRP_MJ_SET_SECURITY : 805031BE 21:38:13:000 3764 IRP_MJ_POWER : F7531EF3 21:38:13:000 3764 IRP_MJ_SYSTEM_CONTROL : F7536A24 21:38:13:000 3764 IRP_MJ_DEVICE_CHANGE : 805031BE 21:38:13:000 3764 IRP_MJ_QUERY_QUOTA : 805031BE 21:38:13:000 3764 IRP_MJ_SET_QUOTA : 805031BE 21:38:13:015 3764 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 21:38:13:015 3764 21:38:13:015 3764 Driver Name: atapi 21:38:13:015 3764 IRP_MJ_CREATE : 86CD3008 21:38:13:015 3764 IRP_MJ_CREATE_NAMED_PIPE : 86CD3008 21:38:13:015 3764 IRP_MJ_CLOSE : 86CD3008 21:38:13:015 3764 IRP_MJ_READ : 86CD3008 21:38:13:015 3764 IRP_MJ_WRITE : 86CD3008 21:38:13:015 3764 IRP_MJ_QUERY_INFORMATION : 86CD3008 21:38:13:015 3764 IRP_MJ_SET_INFORMATION : 86CD3008 21:38:13:015 3764 IRP_MJ_QUERY_EA : 86CD3008 21:38:13:015 3764 IRP_MJ_SET_EA : 86CD3008 21:38:13:015 3764 IRP_MJ_FLUSH_BUFFERS : 86CD3008 21:38:13:015 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 86CD3008 21:38:13:015 3764 IRP_MJ_SET_VOLUME_INFORMATION : 86CD3008 21:38:13:015 3764 IRP_MJ_DIRECTORY_CONTROL : 86CD3008 21:38:13:015 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 86CD3008 21:38:13:015 3764 IRP_MJ_DEVICE_CONTROL : 86CD3008 21:38:13:015 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86CD3008 21:38:13:015 3764 IRP_MJ_SHUTDOWN : 86CD3008 21:38:13:015 3764 IRP_MJ_LOCK_CONTROL : 86CD3008 21:38:13:015 3764 IRP_MJ_CLEANUP : 86CD3008 21:38:13:015 3764 IRP_MJ_CREATE_MAILSLOT : 86CD3008 21:38:13:015 3764 IRP_MJ_QUERY_SECURITY : 86CD3008 21:38:13:015 3764 IRP_MJ_SET_SECURITY : 86CD3008 21:38:13:015 3764 IRP_MJ_POWER : 86CD3008 21:38:13:015 3764 IRP_MJ_SYSTEM_CONTROL : 86CD3008 21:38:13:015 3764 IRP_MJ_DEVICE_CHANGE : 86CD3008 21:38:13:015 3764 IRP_MJ_QUERY_QUOTA : 86CD3008 21:38:13:015 3764 IRP_MJ_SET_QUOTA : 86CD3008 21:38:13:015 3764 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1 21:38:13:015 3764 21:38:13:015 3764 Completed 21:38:13:015 3764 21:38:13:015 3764 Results: 21:38:13:015 3764 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 21:38:13:015 3764 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 21:38:13:015 3764 File objects infected / cured / cured on reboot: 0 / 0 / 0 21:38:13:015 3764 21:38:13:015 3764 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 21:38:13:015 3764 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 21:38:13:031 3764 KLMD(ARK) unloaded successfully

Voila les scans dans l'ordre et pas d'amélioration .... Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 00:32:16 le 25/03/2010 | Mode normal | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 2 - X86 Nom du PC: LOTUS | Utilisateur actuel: Nathalie (Administrateur) . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . . C:\Documents and Settings\Nathalie\Application Data\EoRezo C:\Documents and Settings\Nathalie\Application Data\ItsLabel C:\Documents and Settings\Propriétaire\Application Data\EoRezo C:\Documents and Settings\Propriétaire\Application Data\ItsLabel C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Roxy Palace Online Casino C:\MicroGaming\Casino\Roxypalace C:\Program Files\Crawler C:\Program Files\PartyGaming . HKCU\Software\EoRezo HKCU\Software\ItsLabel HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64F56FC1-1272-44CD-BA6E-39723696E350} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350} HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350} HKLM\Software\Classes\EoRezoBHO.EoBho HKLM\Software\Classes\EoRezoBHO.EoBho.1 HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A} HKLM\Software\Classes\TR.TRFactory HKLM\Software\Classes\TR.TRFactory.1 HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F} HKLM\Software\ItsLabel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RoxyPalace HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542} HKCU\Software\Mozilla\Firefox\Extensions|{A89AED22-9133-424c-88E7-C8235C5FF302} HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\ARA.ini HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\DID.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\DM.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\images\habeas_webseal.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\language\en_US\lang_pack_en_US.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\language\fr_FR\lang_pack_fr_FR.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\libeay32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\llh.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\MFC42LU.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\MSLUP60.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\MSLURT.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\GRA.ini HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\en_US\lang_pack_en_US.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\account_but_newacocunt.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\allversion.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\bonus-icon.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\but.bmp HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\but_account.bmp HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\but_skin.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\but_skin_account.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\client_bottom.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\client_bottom_right.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\client_gradient.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\client_top.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\connect_screen_bg.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\down_arrow.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\down_arrow_o.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\addplaymoney_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\aud.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\autospincancel_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\autospinoptions_background.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\autospinstart_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\balance_strip.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\bottombar_logo_net.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\bottombar_net.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\bottombar_net_big.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\bottombar_net_medium.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_botbg.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_cancelbutton.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_cashierbutton.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_midbg.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_okbutton.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_topbg.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\BuyInConfig.ini HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cad.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\6_bigcardback.bmp HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bj_check.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_americanroulette_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_baccarat_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_bjbonuspairs_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_bjhighlimit_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_bjsingledeck_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_boardbabe_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_cashcruise_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_casinowar_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_coolbanana_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_deuceswild_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_europeanroulette_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_firedrake_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_flamingo_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_fruitparty_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_goannagold_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_goldenoasis_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_graveyardbash_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_hotjokerpoker_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_hotroller_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_job_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_junglerumble_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_kangacash_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_kookakeno_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_lir_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_logo_cover.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_magicman_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_mhvp_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_paigow_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_pc_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_pcp_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_piggypayback_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_predator_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_reddog_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_safecrackerkeno_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_sfw_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_silvercity_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_superjoker_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_supermystic_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_superstar_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_sweethawaii_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_tcp_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_tod_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_vegasclub_icon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\BlackJack.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\blackjack.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\blackjack\bj_table.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\blackjack\Config.ini HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\blackjack\version.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\chip_pointer_R.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\clear_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\deal_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\double_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\hit_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\insurance.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\insure_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\number_circle.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\pointer_R.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\push.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\repeatbet_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_bj.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_bust.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_insure.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_lost.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_push.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_won.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\split.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\split_button.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\stand_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\surrender_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\version.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c0_5.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c1.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c10.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c100.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c100k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c10k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c1k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c2_5k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c25.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c250.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c25k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c5.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c50.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c500.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c500k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c50k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c5k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\Card.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\card_deck.bmp HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\CardFlip.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\FRU_6_bigcardback.bmp HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\number_circle.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\pointer_R.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\qd_cashier_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\qd_exit_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\qd_gamelogs_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\qd_version_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc0_5.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc1.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc10.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc100.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc100k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc10k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc1k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc2_5k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc25.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc250.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc25k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc5.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc50.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc500.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc500k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc50k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc5k.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\Rr.bmp HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rules_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\version.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cashier_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cashout_midbg.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cent_strip.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\chf.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\chips.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\czk.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\dkk.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\eur.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\exit_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\format.ini HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\game_topbar_pff.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\gamelogs_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\gbp.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\hkd.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\huf.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\ils.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\inr.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\jpy.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\krw.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\myr.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\nok.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\nzd.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\php.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\pln.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_but_cancel.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_but_cashier.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_but_ok.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_buyin_but_all.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_buyin_tab.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\PushBut.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\quickdeposit_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\ron.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\rur.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\sek.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\sgd.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\skk.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\status_dlg.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\sys_icons.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\system_but_close.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\system_but_inactive_close.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\system_but_inactive_minimise.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\system_but_minimise.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\table_logo_com.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\table_logo_net.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\thb.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\trny_buyin_botbg.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\try.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\twd.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\usd.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\version.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\version_button.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\win.wav HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\zar.png HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\icon_three.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\icon_ticked.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_account_background.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_account_divider.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_ani_refresh.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_jackpot.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_jackpot_numbers.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_jackpot_numbers.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_jackpot_numbers_small.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_news.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_cashout.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_deposit.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_deposit_large.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_options.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_redeem.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_refresh.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_reload_play.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_status.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_details_open.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_link_arrow.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_tab_background.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\loading.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_01_myaccount.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_02_cashier.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_03_news.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_04_rules.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_05_tellfriend.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_06_about.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_07_help.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\new-mail-icon.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\no-mail-icon.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\PartyCasino.ico HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\popup_login_bottom.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\popup_login_top.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\popup_register_bottomleft.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\popup_register_top.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\skin.bmp HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\skin_account.bmp HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\spacer.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_bets.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_bingo.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_cashier.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_connected.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_gammon.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_poker.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_security.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\ticker_bg.jpg HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\up_arrow.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\up_arrow_o.gif HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\version.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\lang_pack_fr_FR.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\lobbyconfig.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\PartyCasino.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\pc_uninstall.bat HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\ProductVersion.txt HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\sys.ini HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyGaming.exe HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\ssleay32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\UNICOWS.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\zlib1.dll . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.5.7 (fr) * . C:\Documents and Settings\Nathalie\..\42orv7l5.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Nathalie\\Bureau C:\Documents and Settings\Nathalie\..\42orv7l5.default\prefs.js - browser.startup.homepage: hxxp://fr.msn.com/ C:\Documents and Settings\Nathalie\..\42orv7l5.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.7 C:\Documents and Settings\Nathalie\..\42orv7l5.default\prefs.js - keyword.URL: hxxp://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q= C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\Invalidprefs.js - browser.download.lastDir: C:\\Documents and Settings\\Propriétaire\\Mes documents\\dossier adeuh RA C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\Invalidprefs.js - browser.startup.homepage: hxxp://www.lo.st C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\Invalidprefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.3 C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Propriétaire\\Mes documents\\dossier adeuh RA C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\prefs.js - browser.startup.homepage: hxxp://www.lo.st C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.3 . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Show_ToolBar: yes Start Page: hxxp://www.wanadoo.fr Use Custom Search URL: 1 Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm SearchAssistant: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://www.google.com/ie Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ============== SUSPECT(S) ============== . C:\Documents and Settings\Nathalie\Application Data\BitTorrent\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_122a_English +CD Key.torrent C:\Documents and Settings\Nathalie\Bureau\LauncherQuickPatcher.exe C:\Documents and Settings\Nathalie\Bureau\Rayman_3_-_Hoodlum_havoc___CRACK_100__WORKING___ENGLISH__saliko.4563499.TPB.torrent C:\Documents and Settings\Nathalie\Mes documents\Downloads\Compressed\!Crack.nfo C:\Documents and Settings\Nathalie\Mes documents\Downloads\Compressed\CrackNocd4flt.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.1-0.7.0.2.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.2-0.7.0.3.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.3-0.7.0.4.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.4-0.7.0.5.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.5-0.7.0.6.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.6-0.7.0.7.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.7-0.7.0.8.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.8-0.7.0.9.exe C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.9-0.7.1.0.exe . ======================================== . C:\DOCUME~1\Nathalie\LOCALS~1\Temp: 15 Fichier(s), 4 Dossier(s) Temporary Internet Files: 26 Fichier(s), 11 Dossier(s) . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 13 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 503 Octet(s) C:\Ad-Report-SCAN[1].txt - 47430 Octet(s) . Fin à: 00:55:06, 25/03/2010 . ============== E.O.F - SCAN[1] ============== . ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 23/03/10 à 14:00 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 22:06:28 le 24/03/2010 | Mode normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 2 - X86 Nom du PC: LOTUS | Utilisateur actuel: Nathalie (Administrateur) . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . . Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3861 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 25/03/2010 00:08:09 mbam-log-2010-03-25 (00-08-09).txt Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|) Eléments examinés: 410943 Temps écoulé: 1 hour(s), 25 minute(s), 26 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\WINDOWS\_VOIDnylnoismbu (Rootkit.TDSS) -> Quarantined and deleted successfully. Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of random's system information tool 1.06 (written by random/random) Run by Nathalie at 2010-03-25 00:16:44 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 25 GB (17%) free of 149 GB Total RAM: 1023 MB (55% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:16:59, on 25/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Ares\Ares.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Nathalie\Bureau\RSIT.exe C:\Documents and Settings\Nathalie\Bureau\Nathalie.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [user Protection] "C:\Program Files\User Protection\usrprot.exe" -noscan O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe O4 - Startup: zipdkg32.exe O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214425194984 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://fr.smscity.com/Activex/smscity.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB14070-87B1-4199-96A7-65496344BAC2}: NameServer = 192.168.0.1 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Update Service (gupdate1c8e1ca6e7dc03c) (gupdate1c8e1ca6e7dc03c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- End of file - 12306 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\Norton Security Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}] EoBho Class - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}] ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-21 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-28 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll [2006-01-17 282624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-21 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll [2006-01-17 282624] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-21 251504] {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-08-20 430592] {52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-05-18 456440] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480] "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880] "Acme.PCHButton"=C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe [2004-01-01 159744] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-10-07 323392] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-21 39408] "ares"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072] "User Protection"=C:\Program Files\User Protection\usrprot.exe [2010-03-18 2355200] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [2008-02-20 963072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malware Defense] C:\Program Files\Malware Defense\mdefense.exe -noscan [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-21 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-08-20 2000120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nathalie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000] C:\Documents and Settings\Nathalie\Menu Démarrer\Programmes\Démarrage Notification de cadeaux MSN.lnk - C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe zipdkg32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2003-12-03 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2003-11-18 323584] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Documents and Settings\Nathalie\Bureau\WoW.exe"="C:\Documents and Settings\Nathalie\Bureau\WoW.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\Valve\Steam\SteamApps\narodan\source sdk base\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\source sdk base\hl2.exe:*:Enabled:hl2" "C:\Program Files\Valve\Steam\SteamApps\narodan\source sdk base 2007\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\source sdk base 2007\hl2.exe:*:Enabled:hl2" "C:\Documents and Settings\Propriétaire\Bureau\WoWBC.exe"="C:\Documents and Settings\Propriétaire\Bureau\WoWBC.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Documents and Settings\Propriétaire\Bureau\Spellborn_Downloader_1_0_0_4-fr.exe"="C:\Documents and Settings\Propriétaire\Bureau\Spellborn_Downloader_1_0_0_4-fr.exe:*:Enabled:Spellborn Downloader" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Valve\Steam\SteamApps\narodan\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "C:\Documents and Settings\Nathalie\Mes documents\Downloads\hl.exe"="C:\Documents and Settings\Nathalie\Mes documents\Downloads\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Valve\Steam\SteamApps\narodan\zombie panic! source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\zombie panic! source\hl2.exe:*:Disabled:hl2" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player " "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Valve\Steam\SteamApps\narodan\insurgency\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\insurgency\hl2.exe:*:Enabled:hl2" "C:\Program Files\Valve\Steam\SteamApps\narodan\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\counter-strike source\hl2.exe:*:Enabled:hl2" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel" "C:\NCsoft\Exteel\System\Exteel.exe"="C:\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" ======List of files/folders created in the last 1 months====== 2010-03-25 00:16:44 ----D---- C:\rsit 2010-03-24 22:06:38 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-03-24 22:06:27 ----D---- C:\Ad-Remover 2010-03-23 20:13:14 ----D---- C:\WINDOWS\temp 2010-03-23 20:13:13 ----A---- C:\ComboFix.txt 2010-03-22 18:16:57 ----A---- C:\WINDOWS\zip.exe 2010-03-22 18:16:57 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-03-22 18:16:57 ----A---- C:\WINDOWS\SWSC.exe 2010-03-22 18:16:57 ----A---- C:\WINDOWS\SWREG.exe 2010-03-22 18:16:57 ----A---- C:\WINDOWS\sed.exe 2010-03-22 18:16:57 ----A---- C:\WINDOWS\PEV.exe 2010-03-22 18:16:57 ----A---- C:\WINDOWS\NIRCMD.exe 2010-03-22 18:16:57 ----A---- C:\WINDOWS\MBR.exe 2010-03-22 18:16:57 ----A---- C:\WINDOWS\grep.exe 2010-03-22 18:15:59 ----D---- C:\Qoobox 2010-03-18 00:30:49 ----D---- C:\Program Files\User Protection 2010-03-17 23:19:04 ----D---- C:\WINDOWS\system32\Adobe 2010-03-16 00:36:12 ----A---- C:\WINDOWS\WORDPAD.INI ======List of files/folders modified in the last 1 months====== 2010-03-25 00:16:50 ----D---- C:\WINDOWS\Prefetch 2010-03-25 00:11:53 ----D---- C:\Program Files\Wanadoo 2010-03-25 00:11:08 ----D---- C:\Program Files\DNA 2010-03-25 00:11:08 ----D---- C:\Documents and Settings\Nathalie\Application Data\DNA 2010-03-25 00:09:52 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-25 00:08:09 ----D---- C:\WINDOWS 2010-03-23 23:45:45 ----HD---- C:\WINDOWS\inf 2010-03-23 23:45:45 ----A---- C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2010-03-23 23:42:27 ----A---- C:\WINDOWS\system32\W32N50.dll 2010-03-23 23:15:53 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-23 23:14:29 ----RD---- C:\Program Files 2010-03-23 23:14:29 ----D---- C:\WINDOWS\system32 2010-03-23 22:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$ 2010-03-23 22:17:50 ----D---- C:\WINDOWS\system32\drivers 2010-03-23 20:09:50 ----A---- C:\WINDOWS\system.ini 2010-03-23 20:05:49 ----D---- C:\WINDOWS\AppPatch 2010-03-23 20:05:44 ----D---- C:\Program Files\Fichiers communs 2010-03-23 19:50:07 ----D---- C:\Program Files\Mozilla Firefox 2010-03-23 19:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$ 2010-03-23 18:49:04 ----D---- C:\Documents and Settings\Nathalie\Application Data\vlc 2010-03-23 17:26:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-23 17:20:53 ----D---- C:\Documents and Settings\Nathalie\Application Data\dvdcss 2010-03-22 21:19:02 ----D---- C:\WINDOWS\system32\Restore 2010-03-22 20:14:51 ----SD---- C:\WINDOWS\Tasks 2010-03-22 18:33:22 ----D---- C:\WINDOWS\system32\config 2010-03-22 18:32:53 ----D---- C:\WINDOWS\ERDNT 2010-03-18 00:40:38 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-03 21:53:47 ----D---- C:\Program Files\BitComet 2010-03-03 21:49:18 ----D---- C:\Downloads 2010-02-27 17:03:48 ----SHD---- C:\WINDOWS\Installer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-01-01 43488] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-19 41600] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-01-01 75096] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272] R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-12-05 11392] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-14 1042816] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-14 210304] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-09-22 5888] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-14 679808] S1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [] S1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [] S1 sbqb4ac;sbqb4ac; C:\WINDOWS\System32\drivers\sbqb4ac.sys [] S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110] S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002] S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600] S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688] S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-12-03 641536] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [2005-05-31 20480] S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [2005-04-30 10804] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [2005-04-30 11860] S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\Nathalie\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 cpuz129;cpuz129; \??\C:\DOCUME~1\Nathalie\LOCALS~1\Temp\cpuz_x32.sys [] S3 DFE528TX;D-Link DFE-528TX PCI Adapter; C:\WINDOWS\System32\DRIVERS\DLKRTL.SYS [2002-06-24 45568] S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [] S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-18 66591] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-15 41984] S3 gAGP440p;gAGP440p; \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\gAGP440p.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] S3 npkcrypt;npkcrypt; \??\C:\Lineage II\system\npkcrypt.sys [] S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys [] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] S3 RescueDrv;Inventel Access Point USB Rescue Driver; C:\WINDOWS\System32\Drivers\resc_dwb.sys [2006-08-07 74828] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\WINDOWS\System32\DRIVERS\sis163u.sys [2006-03-01 217088] S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-12-06 429440] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976] S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-03 12672] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 VComm;Virtual Serial port driver; C:\WINDOWS\System32\DRIVERS\VComm.sys [2004-10-19 61312] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148] S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-16 117760] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-19 5504] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-06-27 717296] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-12-03 385024] S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S2 gupdate1c8e1ca6e7dc03c;Google Update Service (gupdate1c8e1ca6e7dc03c); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe [] S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe [] S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-19 268800] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-08 651720] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2007-09-29 68096] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-03-25 00:17:02 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\CERLAND\Odyssea\Uninst.isu" -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL -->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" 802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B} Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Ad-Remover By C_XX-->"C:\Ad-Remover\Un-ADR.exe" Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6} Avidemux 2.4-->C:\Program Files\Avidemux 2.4\uninstall.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Barre d'outils MSN-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG BitComet 1.15-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CometBird (3.5.3)-->C:\Program Files\CometBird\uninstall\helper.exe Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1036 Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} Dessinez, C'est Disney-->C:\WINDOWS\unin040c.exe -f"C:\Disney Interactive\Dessinez, C'est Disney\DeIsL1.isu" Digimax Master-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x40c -removeonly DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Dreamweaver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x40c mmUninstall eMule-->"C:\Program Files\eMule\Uninstall.exe" eoEngine 7.0-->"C:\Program Files\EoRezo\unins000.exe" EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" FileZilla Client 3.2.7.1-->C:\Program Files\FileZilla Client\uninstall.exe GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins001.exe" Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} HijackThis 2.0.2-->"C:\Documents and Settings\Nathalie\Bureau\HijackThis.exe" /uninstall HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878} HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat hp psc 1300 series-->rundll32 hpzcon09.dll,VendorJettison hp psc 1300 series HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Insurgency-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/17700 InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56} Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Lively by Google-->MsiExec.exe /X{2DE38C17-DD7E-41BA-88BC-0A2387D29657} Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x40c UNINSTALL Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x40c UNINSTALL Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x40c UNINSTALL Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Micro Application - Votre Imprimerie Créative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCF94650-7C40-4CE9-A99E-A9235A117F52}\SETUP.EXE" -l0x40c Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72} Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} nLite 1.4.6-->"C:\Program Files\nLite\unins000.exe" Norton Security Scan-->MsiExec.exe /I{230C4A45-2586-4161-84EF-5C0D75D5B270} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} Officiel des diplômes désinstallation-->C:\Program Files\Officiel des Diplômes 2007\uninstall.exe OpenMG Limited Patch 4.2-05-07-27-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.2-05-07-27-01\HotFixSetup\setup.exe /u OpenMG Secure Module 4.2.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33} Outil de connexion Wanadoo-->C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PartyCasino-->"C:\Program Files\PartyGaming\PartyCasino\Uninstall.exe" "C:\Program Files\PartyGaming\PartyCasino\install.log" PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Rayman3-->MsiExec.exe /X{BAF5914B-5730-4373-B038-9F436AC6A0D6} Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Replay Media Catcher 3.01-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml" Roxy Palace Online Casino-->C:\MicroGaming\Casino\RoxyPalace\install.exe -uninstall Security Update pour Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SIW version 2008-06-04-->"C:\Program Files\SIW\unins000.exe" Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe" Source SDK Base - Orange Box-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/218 Source SDK Base-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/215 SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel StarTopia-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBC0E8C0-63AC-11D4-BEF2-00A0C9E0B324}\setup.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Super Blank 3.01-->"C:\Program Files\SuperBlank\unins000.exe" System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TES Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x40c Titanic-->C:\Program Files\CyberFlix\Titanic\TITANIC.EXE -U Trine-->"C:\Program Files\Trine\unins000.exe" UltraSnap Trial 1.8-->"C:\Program Files\UltraSnap\unins000.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Veoh Video Compass-->C:\Program Files\Veoh Networks\Veoh Video Compass\uninst.exe VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WinHTTrack Website Copier 3.43-7-->"C:\Program Files\WinHTTrack\unins000.exe" Worms World Party-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe" Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe Zombie Panic! Source-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/17500 ======Security center information====== AV: User Protection (outdated) AV: Avira AntiVir PersonalEdition Classic (outdated) ======System event log====== Computer Name: LOTUS Event Code: 26 Message: Application popup : : \SystemRoot\System32\drivers\afd.sys failed to load Record Number: 136231 Source Name: Application Popup Time Written: 20100324211449.000000+060 Event Type: Informations User: Computer Name: LOTUS Event Code: 26 Message: Application popup : : \SystemRoot\System32\drivers\afd.sys failed to load Record Number: 136230 Source Name: Application Popup Time Written: 20100324211449.000000+060 Event Type: Informations User: Computer Name: LOTUS Event Code: 26 Message: Application popup : : \SystemRoot\System32\drivers\afd.sys failed to load Record Number: 136229 Source Name: Application Popup Time Written: 20100324211449.000000+060 Event Type: Informations User: Computer Name: LOTUS Event Code: 26 Message: Application popup : : \SystemRoot\System32\drivers\afd.sys failed to load Record Number: 136228 Source Name: Application Popup Time Written: 20100324211449.000000+060 Event Type: Informations User: Computer Name: LOTUS Event Code: 26 Message: Application popup : : \SystemRoot\System32\drivers\afd.sys failed to load Record Number: 136227 Source Name: Application Popup Time Written: 20100324211449.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: LOTUS Event Code: 4096 Message: Le service AntiVir a bien démarré! Record Number: 5 Source Name: Avira AntiVir Time Written: 20100302144157.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: LOTUS Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 4 Source Name: SecurityCenter Time Written: 20100302144152.000000+060 Event Type: Informations User: Computer Name: LOTUS Event Code: 1 Message: Record Number: 3 Source Name: Bonjour Service Time Written: 20100302144150.000000+060 Event Type: Informations User: Computer Name: LOTUS Event Code: 0 Message: Record Number: 2 Source Name: gupdate1c8e1ca6e7dc03c Time Written: 20100302144148.000000+060 Event Type: Informations User: Computer Name: LOTUS Event Code: 2570 Message: Le service Adobe Active File Monitor a démarré. Record Number: 1 Source Name: Adobe Active File Monitor 7.0 Time Written: 20100302144148.000000+060 Event Type: User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF-----------------

Bonjour Je demande encore une fois l'aide de cette communauté, il y a quelques jour mon pc a été un attaint par un malware "User Protection " et hasard ou non trés peu après je n'avais plus internet, même la livebox branché l'icone du reseau ne s'affiché plus Sachant donc que c'est trés irritant et pénalisant d'avoir un Pc qui ne dispose plus d'internet je me permet de demander votre aide pour regler au plus vite cet incident et reprendre mes activités. Je vous met ici mon rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:30:14, on 22/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Nathalie\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [user Protection] "C:\Program Files\User Protection\usrprot.exe" -noscan O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe O4 - Startup: zipdkg32.exe O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214425194984 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://fr.smscity.com/Activex/smscity.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB14070-87B1-4199-96A7-65496344BAC2}: NameServer = 192.168.0.1 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Update Service (gupdate1c8e1ca6e7dc03c) (gupdate1c8e1ca6e7dc03c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- End of file - 11956 bytes PS: Si jamais vous trouvez la solution mon problème pourrez m'indiquer toutes les étapes parce qu'il est vrai que j'utilise un ordinteur qui n'est pas le mien et éloigné de ma résidence Merci beaucoup pour vos réponses

oui merci beaucoup ca va bien mieux sauf que quand je démarre le Pc, Antivir détecte un prob avec internet explorer... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:22:49, on 19/01/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Nathalie\Mes documents\Téléchargements\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfr10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214425194984 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://fr.smscity.com/Activex/smscity.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB14070-87B1-4199-96A7-65496344BAC2}: NameServer = 192.168.0.1 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Update Service (gupdate1c8e1ca6e7dc03c) (gupdate1c8e1ca6e7dc03c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- End of file - 11958 bytes

Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3595 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 19/01/2010 08:24:06 mbam-log-2010-01-19 (08-24-06).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 383514 Temps écoulé: 1 hour(s), 19 minute(s), 39 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 17 Processus mémoire infecté(s): C:\WINDOWS\Temp\_ex-08.exe (Trojan.Bredolab) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ialm (Rootkit.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65531424 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Trojan.Bredolab) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\65531424 (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\65531424\65531424.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\_ex-08.exe (Trojan.Bredolab) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Local Settings\temp\TMP1C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Local Settings\temp\TMP32.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP411\A1876463.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP411\A1877417.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP411\A1877418.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP411\A1877419.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP411\A1877420.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP411\A1877421.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP412\A1882439.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\ialmnt5.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~TM196.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Bureau\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Menu Démarrer\Programmes\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

Bonsoir Après quelque problème avec Malware Defense c'est au tour de ce virus " Security Tool", je demande alors votre aide une fois de plus pour éradiquer ces cauchemars de ma vie.. Merci beaucoup pour vos réponses Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:32:33, on 18/01/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Temp\_ex-08.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Documents and Settings\Nathalie\Mes documents\Téléchargements\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfr10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM194.tmp O4 - HKLM\..\Run: [65531424] C:\DOCUME~1\ALLUSE~1\APPLIC~1\65531424\65531424.exe O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\Temp\_ex-08.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214425194984 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://fr.smscity.com/Activex/smscity.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB14070-87B1-4199-96A7-65496344BAC2}: NameServer = 192.168.0.1 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Update Service (gupdate1c8e1ca6e7dc03c) (gupdate1c8e1ca6e7dc03c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- End of file - 12147 bytes

non on dirait que tous marche nikel...me faut du temps pour m'habituer ...on tous cas je te remercie beaucoup Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:54, on 30/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Nathalie\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfr10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214425194984 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://fr.smscity.com/Activex/smscity.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB14070-87B1-4199-96A7-65496344BAC2}: NameServer = 192.168.0.1 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Update Service (gupdate1c8e1ca6e7dc03c) (gupdate1c8e1ca6e7dc03c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- End of file - 12480 bytes

Voila Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3454 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 30/12/2009 18:54:08 mbam-log-2009-12-30 (18-54-08).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 389662 Temps écoulé: 2 hour(s), 51 minute(s), 21 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 20 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Menu Démarrer\Programmes\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Malware Defense\mdefense.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Mes documents\Autre utilisateur\Setup.exe (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTjxwdmjnxrq.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTyvdtnctqxb.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTdghtcxvmkq.sys.vir (Malware.Packer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP401\A1853676.sys (Malware.Packer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP401\A1853677.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP401\A1853678.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Program Files\Malware Defense\mdext.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Malware Defense\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Menu Démarrer\Programmes\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Menu Démarrer\Programmes\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Menu Démarrer\Programmes\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Bureau\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Bureau\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\Nathalie\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

voila Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK

bon merci beaucoup je vois déjà des améliorations le rapport en question ComboFix 09-12-29.05 - Nathalie 30/12/2009 14:51:58.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1023.627 [GMT 1:00] Lancé depuis: c:\documents and settings\Nathalie\Bureau\grossbaf.exe AV: avast! antivirus 4.8.1201 [VPS 090831-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Nathalie\LOCALS~1\Temp\wscsvc32.exe c:\documents and settings\All Users\Bureau\nudetube.com.lnk c:\documents and settings\All Users\Bureau\pornotube.com.lnk c:\documents and settings\All Users\Bureau\youporn.com.lnk c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\recycler\S-1-5-21-3187453870-659916163-2531616752-500 c:\windows\system32\drivers\H8SRTdghtcxvmkq.sys c:\windows\system32\H8SRTjxwdmjnxrq.dll c:\windows\system32\H8SRTpconimnnsl.dat c:\windows\system32\H8SRTyvdtnctqxb.dll c:\windows\system32\krl32mainweq.dll c:\windows\system32\srcr.dat D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys -------\Legacy_LDRSVC -------\Legacy_NTMLSVC ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-30 )))))))))))))))))))))))))))))))))))) . 2009-12-30 13:18 . 2009-12-30 13:19 -------- d-----w- c:\program files\Malware Defense 2009-12-30 13:05 . 2008-05-09 11:15 45376 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-12-30 13:05 . 2008-01-21 16:11 22336 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-12-30 13:05 . 2009-12-30 13:05 -------- d-----w- c:\program files\Avira 2009-12-30 13:05 . 2009-12-30 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-12-30 13:05 . 2008-10-30 09:21 75072 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-12-24 15:33 . 2009-12-24 15:59 141129 ----a-w- c:\windows\War3Unin.dat 2009-12-24 15:33 . 2009-12-24 15:43 2829 ----a-w- c:\windows\War3Unin.pif 2009-12-24 15:33 . 2009-12-24 15:43 139264 ----a-w- c:\windows\War3Unin.exe 2009-12-11 19:43 . 2009-12-11 19:43 -------- d-----w- c:\documents and settings\Nathalie\Application Data\Malwarebytes 2009-12-11 19:43 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-11 19:42 . 2009-12-11 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-11 19:42 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-11 19:42 . 2009-12-28 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-08 22:23 . 2009-12-08 22:23 -------- d-----w- c:\documents and settings\Nathalie\Application Data\dvdcss 2009-12-06 13:18 . 2009-12-30 02:08 -------- d-----w- c:\documents and settings\Nathalie\Application Data\vlc 2009-12-03 22:28 . 2009-12-03 22:29 -------- d-----w- c:\windows\Ubisoft 2009-12-03 20:12 . 2009-12-03 20:25 -------- d-----w- c:\program files\Ubi Soft 2009-11-30 19:35 . 2009-12-30 12:11 -------- d-----w- c:\documents and settings\Nathalie\Application Data\DMCache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-30 14:12 . 2004-12-20 15:00 -------- d-----w- c:\program files\Wanadoo 2009-12-30 14:11 . 2008-06-27 12:27 -------- d-----w- c:\program files\DNA 2009-12-30 14:11 . 2008-06-27 12:27 -------- d-----w- c:\documents and settings\Nathalie\Application Data\DNA 2009-12-29 13:03 . 2009-10-10 11:41 -------- d-----w- c:\program files\BitComet 2009-12-29 10:35 . 2009-01-21 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-12-28 00:07 . 2005-03-20 13:57 -------- d-----w- c:\program files\Fichiers communs\GMT 2009-12-28 00:03 . 2005-03-20 14:03 -------- d-----w- c:\program files\DashBar 2009-12-24 11:21 . 2009-03-10 22:37 -------- d-----w- c:\program files\Warcraft III 2009-12-24 11:07 . 2009-10-10 11:44 -------- d-----w- c:\program files\CometBird 2009-12-11 20:55 . 2008-09-28 09:33 -------- d-----w- c:\documents and settings\Nathalie\Application Data\EoRezo 2009-11-11 18:42 . 2009-03-24 13:40 -------- d-----w- c:\documents and settings\Nathalie\Application Data\uTorrent 2009-11-01 19:15 . 2005-06-03 14:28 -------- d-----w- c:\program files\Google 2009-11-01 19:08 . 2005-06-03 14:28 -------- d-----w- c:\program files\DivX 2009-11-01 19:08 . 2009-11-01 19:08 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2009-10-25 09:00 . 2004-01-01 15:44 77014 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 09:00 . 2004-01-01 15:44 472378 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-10 13:54 . 2007-01-22 10:45 89064 ----a-w- c:\documents and settings\Nathalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2007-10-19 19:42 . 2006-01-23 17:54 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "Acme.PCHButton"="c:\progra~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-01-01 159744] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392] "Malware Defense"="c:\program files\Malware Defense\mdefense.exe" [2009-12-30 1756088] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Nathalie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Nathalie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2008-02-20 14:33 963072 ----a-w- c:\program files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-05-30 10:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malware Defense] 2009-12-30 13:19 1756088 ----a-w- c:\program files\Malware Defense\mdefense.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-01-21 20:08 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2009-08-20 19:08 2000120 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Documents and Settings\\Nathalie\\Bureau\\WoW.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\narodan\\source sdk base\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\narodan\\source sdk base 2007\\hl2.exe"= "c:\\Documents and Settings\\Propriétaire\\Bureau\\WoWBC.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Documents and Settings\\Propriétaire\\Bureau\\Spellborn_Downloader_1_0_0_4-fr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\narodan\\counter-strike\\hl.exe"= "c:\\Documents and Settings\\Nathalie\\Mes documents\\Downloads\\hl.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\narodan\\zombie panic! source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\narodan\\insurgency\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\narodan\\counter-strike source\\hl2.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6112:TCP"= 6112:TCP:6112 "18191:TCP"= 18191:TCP:BitComet 18191 TCP "18191:UDP"= 18191:UDP:BitComet 18191 UDP R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [02/01/2008 17:46 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [02/01/2008 17:46 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/06/2008 11:37 78416] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/06/2008 11:37 20560] S2 gupdate1c8e1ca6e7dc03c;Google Update Service (gupdate1c8e1ca6e7dc03c);c:\program files\Google\Update\GoogleUpdate.exe [09/07/2008 14:48 133104] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe --> c:\program files\Spyware Doctor\svcntaux.exe [?] S3 cpuz129;cpuz129;\??\c:\docume~1\Nathalie\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Nathalie\LOCALS~1\Temp\cpuz_x32.sys [?] S3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [30/07/2004 16:00 45568] S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys --> c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [?] S3 gAGP440p;gAGP440p;\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\PROPRI~1\LOCALS~1\Temp\gAGP440p.sys [?] S3 RescueDrv;Inventel Access Point USB Rescue Driver;c:\windows\system32\drivers\resc_dwb.sys [24/04/2003 12:03 74828] S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/10/2007 16:01 217088] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/06/2008 21:24 717296] . Contenu du dossier 'Tâches planifiées' 2009-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-09 10:45] 2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-09 10:45] 2009-12-25 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42] . . ------- Examen supplémentaire ------- . uSearch Page = hxxp://www.google.com uStart Page = www.google.fr uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://qfr10.hpwis.com/ mSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe TCP: {8AB14070-87B1-4199-96A7-65496344BAC2} = 192.168.0.1 DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} - hxxp://mannequin.redoute.fr/activex/Mannequin.cab DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} - hxxp://fr.smscity.com/Activex/smscity.cab FF - ProfilePath - c:\documents and settings\Nathalie\Application Data\Mozilla\Firefox\Profiles\42orv7l5.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/ FF - component: c:\documents and settings\Nathalie\Application Data\Mozilla\Firefox\Profiles\42orv7l5.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Lively\nplively.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Steam - (no file) HKCU-Run-RecordNow! - (no file) MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AddRemove-AdVantage_DAEM - c:\program files\AdVantage\AdVUninst.exe AddRemove-Joyland Casino - c:\casino\Joyland Casino\_SetupCasino(2).exe AddRemove-Oldblivion - c:\program files\Oldblivion\uninstall.exe AddRemove-Paint Shop Pro 5.03 - c:\progra~1\PAINTS~1\Unwise.exe AddRemove-PS2 - c:\windows\system32\ps2.exe AddRemove-Yu-Gi-Oh Virtual Battle 4.4 - c:\program files\Yu-Gi-Oh Virtual Battle 4\Uninstal.exe AddRemove-Yu-Gi-Oh Virtual Battle 5.19 - c:\program files\Yu-Gi-Oh Virtual Battle 5\Uninstal.exe AddRemove-{15B9DC72-73F9-4d99-9E28-848D66DA8D99} - c:\program files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe AddRemove-{45B6180B-DCAB-4093-8EE8-6164457517F0} - c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-30 15:10 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86CBA840]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7550fc3 \Driver\ACPI -> ACPI.sys @ 0xf749ccb8 \Driver\atapi -> 0x86cba840 IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8057016c \Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8057016c NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3187453870-659916163-2531616752-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:54,d1,5b,b0,65,7e,d0,21,0d,1b,23,82,9f,9b,57,c6,99,c1,e3,6e,c7,7d,8f, f2,4d,9e,c6,5d,e7,31,e0,6b,b4,cc,c0,80,c4,80,9f,55,ab,74,5a,05,7c,02,c9,b0,\ "??"=hex:bc,f8,e8,1c,a9,f7,d8,c4,86,21,5d,6f,17,f6,86,41 [HKEY_USERS\S-1-5-21-3187453870-659916163-2531616752-1007\Software\SecuROM\License information*] "datasecu"=hex:ce,76,b7,6e,3c,f3,4e,37,6e,c5,f9,49,7b,52,9d,c9,e5,3c,ee,ca,87, 9c,b4,2a,00,f4,80,05,52,c1,49,f6,bf,62,d3,54,7b,ab,45,56,b0,d4,2f,12,5b,6a,\ "rkeysecu"=hex:28,63,43,5c,92,5f,de,1d,db,1e,0d,89,e8,46,ef,17 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):b3,54,49,4e,d6,5c,a8,4a,4b,68,03,37,ab,06,b0,32,e3,aa,f2,d3,be, 2d,21,e3,bd,c4,21,fd,47,f2,c4,c1,b7,9d,02,49,51,0e,3d,49,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ab4a2d06-ee56-4364-8e80-ab853cd3779a}] @Denied: (Full) (Everyone) "Model"=dword:0000016a "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,51,c4,5c,06,a5,56,2b,b8,82,c1,f9,cf,ef,06,9d,f2,83,e0,8b,c5,07,bb,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(684) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\FTRTSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\wdfmgr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Heure de fin: 2009-12-30 15:22:26 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-30 14:22 Avant-CF: 12 240 965 632 octets libres Après-CF: 30 548 221 952 octets libres - - End Of File - - 6CF6CED0AA068C8C905591032605C776

Bonjour Bon c'est ma première démarche de ce type...disons que bon j'en ai assez de mon pc qui rame..et bon avec cette venue de malware defense j'en profite pour poster le rapport hiajck this pour régler tous ça, a noter que MBAM ne marche plus... Bref merci de votre intervention Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:12:04, on 30/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\DNA\btdna.exe C:\DOCUME~1\Nathalie\LOCALS~1\Temp\settdebugx.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Nathalie\LOCALS~1\Temp\wscsvc32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Documents and Settings\Nathalie\Bureau\HiJackThis.exe C:\Program Files\Internet Explorer\Iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfr10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: 85.168.46.214 l2authd.lineage2.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\Nathalie\LOCALS~1\Temp\settdebugx.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214425194984 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://fr.smscity.com/Activex/smscity.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB14070-87B1-4199-96A7-65496344BAC2}: NameServer = 192.168.0.1 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Update Service (gupdate1c8e1ca6e7dc03c) (gupdate1c8e1ca6e7dc03c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- End of file - 12480 bytes