Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

User Protection....et un PC sans internet

Prodan

Par Prodan
dans Analyses et éradication malwares

 Partager

Messages recommandés

Prodan Junior Member

Prodan

Posté(e)
Posté(e)

Bonjour

 

Je demande encore une fois l'aide de cette communauté, il y a quelques jour mon pc a été un attaint par un malware "User Protection " et hasard ou non trés peu après je n'avais plus internet, même la livebox branché l'icone du reseau ne s'affiché plus

 

Sachant donc que c'est trés irritant et pénalisant d'avoir un Pc qui ne dispose plus d'internet je me permet de demander votre aide pour regler au plus vite cet incident et reprendre mes activités.

 

Je vous met ici mon rapport Hijackthis :

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:30:14, on 22/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Nathalie\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [user Protection] "C:\Program Files\User Protection\usrprot.exe" -noscan

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O4 - Startup: zipdkg32.exe

O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214425194984

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://fr.smscity.com/Activex/smscity.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB14070-87B1-4199-96A7-65496344BAC2}: NameServer = 192.168.0.1

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Update Service (gupdate1c8e1ca6e7dc03c) (gupdate1c8e1ca6e7dc03c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

 

--

End of file - 11956 bytes

 

 

PS: Si jamais vous trouvez la solution mon problème pourrez m'indiquer toutes les étapes parce qu'il est vrai que j'utilise un ordinteur qui n'est pas le mien et éloigné de ma résidence

 

Merci beaucoup pour vos réponses

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

A) désinstaller l'arnaque Spyware Doctor:

SpyHunter et Spyware Doctor sont proposés via de faux blogs de sécurité... Ces faux blogs sont créés par des sociétés affiliées qui multiplient les sites WEB et tentent d'être dans les premiers résultats de Google concernant une des infections présentes sur ton PC.

Ces faux blogs proposent des versions payantes pour soit disant désinfecter son PC, ces sociétés affiliés touchent un % sur la ventes

 

Ce sont des pratiques douteuses et très limites, et non des méthodes dignes d'antispywares sérieux.

Je te conseille donc de désinstaller SpyHunter et/ou Spyware Doctor s'il est présent sur ton PC.

 

Pour plus d'informations, voir : http://forum.malekal.com/faux-blogs-de-sec...tor-t12847.html

 

************************

B) Télécharge Ad-Remover de C-XX et Enregistre-le sur le bureau.

 

Ou ici: http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

 

Ferme toutes les applications ouvertes pour l'installer.

 

Sous Vista: Désactiver provisoirement l'UAC comme expliqué ICI

 

Double-clique (Clic droit/exécuter comme administrateur pour Vista) sur l'icône placée sur le bureau.

 

Si le firewall se manifeste, accorde les autorisations à l'outil pour qu'il puisse travailler.

 

TUTO: http://pagesperso-orange.fr/NosTools/tuto_adr_3.html

 

Tape S (Scanner) Valide par la touche Enter.

 

 

Appuyer sur n'importe quelle touche lorsque cela sera demandé et le rapport apparaitra.

 

Le rapport se trouve aussi sous C:\Ad-Report.

Copie/colle-le dans ta réponse stp.

 

-----------------------------------------------------------------------------------------------

 

2) Double-clique (Clic droit/exécuter comme administrateur pour Vista) sur l'icône placée sur le bureau.

 

Si le firewall se manifeste, accorde les autorisations à l'outil pour qu'il puisse travailler.

 

TUTO: http://pagesperso-orange.fr/NosTools/tuto_adr_3.html

 

Tape L (Nettoyer) Valide par la touche Enter.

 

Le bureau va disparaitre, c'est normal!

 

Appuyer sur n'importe quelle touche lorsque cela sera demandé et le rapport apparaitra.

 

Le rapport se trouve aussi sous C:\Ad-Report Clean.

Copie/colle-le dans ta réponse stp.

 

Réactiver l'UAC de Vista. (Si Vista bien sûr!).

 

La page d'accueil sera peut-être changée; il suffit de remettre sa page habituelle via les options internet.

 

*************************

Poste les rapports stp puis:

 

C) Télécharger ATF Cleaner par Atribune.

  • Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
     
    Double-clique ATF-Cleaner.exe afin de lancer le programme.
    --> Sous Vista/Seven: Clic droit/exécuter en temps qu'administrateur.
     
    Sous l'onglet Main, choisis : Select All
    Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

  • Clique Firefox au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

  • Clique Opera au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

**************************

D) Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

 

**************************

E) Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
     
    Sous VISTA: clic droit/exécuter en temps qu'administrateur.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

 

@++

Prodan Junior Member

Prodan

Posté(e)
  • Auteur
Posté(e)

Voila les scans dans l'ordre et pas d'amélioration ....

 

 

 

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Lancé à: 00:32:16 le 25/03/2010 | Mode normal | Option: SCAN

Exécuté de: C:\Ad-Remover\ADR.exe

SE: Microsoft® Windows XP Service Pack 2 - X86

Nom du PC: LOTUS | Utilisateur actuel: Nathalie (Administrateur)

.

============== ÉLÉMENT(S) TROUVÉ(S) ==============

.

.

C:\Documents and Settings\Nathalie\Application Data\EoRezo

C:\Documents and Settings\Nathalie\Application Data\ItsLabel

C:\Documents and Settings\Propriétaire\Application Data\EoRezo

C:\Documents and Settings\Propriétaire\Application Data\ItsLabel

C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Roxy Palace Online Casino

C:\MicroGaming\Casino\Roxypalace

C:\Program Files\Crawler

C:\Program Files\PartyGaming

.

HKCU\Software\EoRezo

HKCU\Software\ItsLabel

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64F56FC1-1272-44CD-BA6E-39723696E350}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}

HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}

HKLM\Software\Classes\EoRezoBHO.EoBho

HKLM\Software\Classes\EoRezoBHO.EoBho.1

HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}

HKLM\Software\Classes\TR.TRFactory

HKLM\Software\Classes\TR.TRFactory.1

HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}

HKLM\Software\ItsLabel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RoxyPalace

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

HKCU\Software\Mozilla\Firefox\Extensions|{A89AED22-9133-424c-88E7-C8235C5FF302}

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\ARA.ini

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\DID.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\DM.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\images\habeas_webseal.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\language\en_US\lang_pack_en_US.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\language\fr_FR\lang_pack_fr_FR.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\libeay32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\llh.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\MFC42LU.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\MSLUP60.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\MSLURT.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\GRA.ini

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\en_US\lang_pack_en_US.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\account_but_newacocunt.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\allversion.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\bonus-icon.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\but.bmp

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\but_account.bmp

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\but_skin.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\but_skin_account.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\client_bottom.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\client_bottom_right.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\client_gradient.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\client_top.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\connect_screen_bg.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\down_arrow.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\down_arrow_o.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\addplaymoney_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\aud.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\autospincancel_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\autospinoptions_background.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\autospinstart_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\balance_strip.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\bottombar_logo_net.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\bottombar_net.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\bottombar_net_big.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\bottombar_net_medium.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_botbg.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_cancelbutton.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_cashierbutton.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_midbg.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_okbutton.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\buyin_topbg.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\BuyInConfig.ini

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cad.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\6_bigcardback.bmp

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bj_check.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_americanroulette_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_baccarat_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_bjbonuspairs_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_bjhighlimit_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_bjsingledeck_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_boardbabe_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_cashcruise_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_casinowar_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_coolbanana_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_deuceswild_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_europeanroulette_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_firedrake_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_flamingo_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_fruitparty_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_goannagold_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_goldenoasis_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_graveyardbash_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_hotjokerpoker_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_hotroller_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_job_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_junglerumble_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_kangacash_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_kookakeno_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_lir_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_logo_cover.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_magicman_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_mhvp_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_paigow_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_pc_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_pcp_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_piggypayback_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_predator_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_reddog_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_safecrackerkeno_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_sfw_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_silvercity_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_superjoker_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_supermystic_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_superstar_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_sweethawaii_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_tcp_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_tod_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\bjbar_vegasclub_icon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\BlackJack.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\blackjack.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\blackjack\bj_table.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\blackjack\Config.ini

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\blackjack\version.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\chip_pointer_R.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\clear_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\deal_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\double_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\hit_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\insurance.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\insure_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\number_circle.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\pointer_R.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\push.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\repeatbet_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_bj.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_bust.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_insure.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_lost.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_push.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\result_won.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\split.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\split_button.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\stand_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\surrender_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\blackjack\version.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c0_5.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c1.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c10.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c100.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c100k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c10k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c1k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c2_5k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c25.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c250.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c25k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c5.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c50.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c500.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c500k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c50k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\c5k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\Card.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\card_deck.bmp

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\CardFlip.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\FRU_6_bigcardback.bmp

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\number_circle.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\pointer_R.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\qd_cashier_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\qd_exit_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\qd_gamelogs_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\qd_version_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc0_5.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc1.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc10.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc100.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc100k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc10k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc1k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc2_5k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc25.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc250.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc25k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc5.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc50.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc500.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc500k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc50k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rc5k.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\Rr.bmp

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\rules_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cardgames\version.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cashier_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cashout_midbg.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\cent_strip.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\chf.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\chips.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\czk.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\dkk.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\eur.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\exit_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\format.ini

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\game_topbar_pff.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\gamelogs_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\gbp.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\hkd.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\huf.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\ils.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\inr.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\jpy.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\krw.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\myr.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\nok.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\nzd.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\php.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\pln.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_but_cancel.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_but_cashier.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_but_ok.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_buyin_but_all.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\popup_buyin_tab.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\PushBut.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\quickdeposit_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\ron.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\rur.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\sek.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\sgd.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\skk.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\status_dlg.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\sys_icons.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\system_but_close.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\system_but_inactive_close.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\system_but_inactive_minimise.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\system_but_minimise.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\table_logo_com.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\table_logo_net.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\thb.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\trny_buyin_botbg.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\try.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\twd.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\usd.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\version.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\version_button.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\win.wav

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\games\zar.png

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\icon_three.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\icon_ticked.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_account_background.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_account_divider.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_ani_refresh.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_jackpot.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_jackpot_numbers.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_jackpot_numbers.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_jackpot_numbers_small.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_bar_news.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_cashout.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_deposit.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_deposit_large.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_options.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_redeem.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_refresh.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_reload_play.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_but_status.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_details_open.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_link_arrow.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\lhn_tab_background.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\loading.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_01_myaccount.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_02_cashier.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_03_news.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_04_rules.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_05_tellfriend.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_06_about.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\menu_07_help.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\new-mail-icon.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\no-mail-icon.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\PartyCasino.ico

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\popup_login_bottom.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\popup_login_top.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\popup_register_bottomleft.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\popup_register_top.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\skin.bmp

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\skin_account.bmp

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\spacer.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_bets.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_bingo.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_cashier.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_connected.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_gammon.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_poker.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\system_but_security.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\ticker_bg.jpg

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\up_arrow.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\up_arrow_o.gif

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\images\version.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\Language\fr_FR\lang_pack_fr_FR.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\lobbyconfig.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\PartyCasino.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\pc_uninstall.bat

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\ProductVersion.txt

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyCasino\sys.ini

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\PartyGaming.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\ssleay32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\UNICOWS.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\PartyGaming\zlib1.dll

.

============== SCAN ADDITIONNEL ==============

.

* Mozilla FireFox Version 3.5.7 (fr) *

.

C:\Documents and Settings\Nathalie\..\42orv7l5.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Nathalie\\Bureau

C:\Documents and Settings\Nathalie\..\42orv7l5.default\prefs.js - browser.startup.homepage: hxxp://fr.msn.com/

C:\Documents and Settings\Nathalie\..\42orv7l5.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.7

C:\Documents and Settings\Nathalie\..\42orv7l5.default\prefs.js - keyword.URL: hxxp://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q=

C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\Invalidprefs.js - browser.download.lastDir: C:\\Documents and Settings\\Propriétaire\\Mes documents\\dossier adeuh RA

C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\Invalidprefs.js - browser.startup.homepage: hxxp://www.lo.st

C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\Invalidprefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.3

C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Propriétaire\\Mes documents\\dossier adeuh RA

C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\prefs.js - browser.startup.homepage: hxxp://www.lo.st

C:\Documents and Settings\Propriétaire\..\ypvbalxb.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.3

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Show_ToolBar: yes

Start Page: hxxp://www.wanadoo.fr

Use Custom Search URL: 1

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

SearchAssistant: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search bar: hxxp://www.google.com/ie

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

.

============== SUSPECT(S) ==============

.

C:\Documents and Settings\Nathalie\Application Data\BitTorrent\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_122a_English +CD Key.torrent

C:\Documents and Settings\Nathalie\Bureau\LauncherQuickPatcher.exe

C:\Documents and Settings\Nathalie\Bureau\Rayman_3_-_Hoodlum_havoc___CRACK_100__WORKING___ENGLISH__saliko.4563499.TPB.torrent

C:\Documents and Settings\Nathalie\Mes documents\Downloads\Compressed\!Crack.nfo

C:\Documents and Settings\Nathalie\Mes documents\Downloads\Compressed\CrackNocd4flt.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.1-0.7.0.2.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.2-0.7.0.3.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.3-0.7.0.4.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.4-0.7.0.5.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.5-0.7.0.6.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.6-0.7.0.7.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.7-0.7.0.8.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.8-0.7.0.9.exe

C:\Documents and Settings\Nathalie\Mes documents\DungeonParty\UpdaterDownloads\patch-dungeonparty-0.7.0.9-0.7.1.0.exe

.

========================================

.

C:\DOCUME~1\Nathalie\LOCALS~1\Temp: 15 Fichier(s), 4 Dossier(s)

Temporary Internet Files: 26 Fichier(s), 11 Dossier(s)

.

C:\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Ad-Remover\Backup: 13 Fichier(s)

.

C:\Ad-Report-CLEAN[1].txt - 503 Octet(s)

C:\Ad-Report-SCAN[1].txt - 47430 Octet(s)

.

Fin à: 00:55:06, 25/03/2010

.

============== E.O.F - SCAN[1] ==============

 

 

 

 

 

 

 

.

======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======

.

Mis à jour par C_XX le 23/03/10 à 14:00

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Lancé à: 22:06:28 le 24/03/2010 | Mode normal | Option: CLEAN

Exécuté de: C:\Ad-Remover\ADR.exe

SE: Microsoft® Windows XP Service Pack 2 - X86

Nom du PC: LOTUS | Utilisateur actuel: Nathalie (Administrateur)

.

============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============

.

.

 

 

 

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3861

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

25/03/2010 00:08:09

mbam-log-2010-03-25 (00-08-09).txt

 

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|)

Eléments examinés: 410943

Temps écoulé: 1 hour(s), 25 minute(s), 26 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\WINDOWS\_VOIDnylnoismbu (Rootkit.TDSS) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Nathalie at 2010-03-25 00:16:44

Microsoft Windows XP Édition familiale Service Pack 2

System drive C: has 25 GB (17%) free of 149 GB

Total RAM: 1023 MB (55% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:16:59, on 25/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Ares\Ares.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Nathalie\Bureau\RSIT.exe

C:\Documents and Settings\Nathalie\Bureau\Nathalie.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [user Protection] "C:\Program Files\User Protection\usrprot.exe" -noscan

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O4 - Startup: zipdkg32.exe

O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214425194984

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://fr.smscity.com/Activex/smscity.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Br...018/flashax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB14070-87B1-4199-96A7-65496344BAC2}: NameServer = 192.168.0.1

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Update Service (gupdate1c8e1ca6e7dc03c) (gupdate1c8e1ca6e7dc03c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

 

--

End of file - 12306 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Norton Security Scan.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

EoBho Class - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]

ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-21 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-28 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll [2006-01-17 282624]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-21 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll [2006-01-17 282624]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-21 251504]

{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-08-20 430592]

{52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-05-18 456440]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]

"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]

"Acme.PCHButton"=C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe [2004-01-01 159744]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-10-07 323392]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-21 39408]

"ares"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072]

"User Protection"=C:\Program Files\User Protection\usrprot.exe [2010-03-18 2355200]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe [2008-02-20 963072]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malware Defense]

C:\Program Files\Malware Defense\mdefense.exe -noscan []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-21 39408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-08-20 2000120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nathalie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]

C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

 

C:\Documents and Settings\Nathalie\Menu Démarrer\Programmes\Démarrage

Notification de cadeaux MSN.lnk - C:\Documents and Settings\Nathalie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

zipdkg32.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2003-12-03 86016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2003-11-18 323584]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=95000000

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Documents and Settings\Nathalie\Bureau\WoW.exe"="C:\Documents and Settings\Nathalie\Bureau\WoW.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Program Files\Valve\Steam\SteamApps\narodan\source sdk base\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\source sdk base\hl2.exe:*:Enabled:hl2"

"C:\Program Files\Valve\Steam\SteamApps\narodan\source sdk base 2007\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\source sdk base 2007\hl2.exe:*:Enabled:hl2"

"C:\Documents and Settings\Propriétaire\Bureau\WoWBC.exe"="C:\Documents and Settings\Propriétaire\Bureau\WoWBC.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Documents and Settings\Propriétaire\Bureau\Spellborn_Downloader_1_0_0_4-fr.exe"="C:\Documents and Settings\Propriétaire\Bureau\Spellborn_Downloader_1_0_0_4-fr.exe:*:Enabled:Spellborn Downloader"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Valve\Steam\SteamApps\narodan\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Documents and Settings\Nathalie\Mes documents\Downloads\hl.exe"="C:\Documents and Settings\Nathalie\Mes documents\Downloads\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Program Files\Valve\Steam\SteamApps\narodan\zombie panic! source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\zombie panic! source\hl2.exe:*:Disabled:hl2"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\Valve\Steam\SteamApps\narodan\insurgency\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\insurgency\hl2.exe:*:Enabled:hl2"

"C:\Program Files\Valve\Steam\SteamApps\narodan\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\narodan\counter-strike source\hl2.exe:*:Enabled:hl2"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"

"C:\NCsoft\Exteel\System\Exteel.exe"="C:\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

======List of files/folders created in the last 1 months======

 

2010-03-25 00:16:44 ----D---- C:\rsit

2010-03-24 22:06:38 ----A---- C:\Ad-Report-CLEAN[1].txt

2010-03-24 22:06:27 ----D---- C:\Ad-Remover

2010-03-23 20:13:14 ----D---- C:\WINDOWS\temp

2010-03-23 20:13:13 ----A---- C:\ComboFix.txt

2010-03-22 18:16:57 ----A---- C:\WINDOWS\zip.exe

2010-03-22 18:16:57 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-03-22 18:16:57 ----A---- C:\WINDOWS\SWSC.exe

2010-03-22 18:16:57 ----A---- C:\WINDOWS\SWREG.exe

2010-03-22 18:16:57 ----A---- C:\WINDOWS\sed.exe

2010-03-22 18:16:57 ----A---- C:\WINDOWS\PEV.exe

2010-03-22 18:16:57 ----A---- C:\WINDOWS\NIRCMD.exe

2010-03-22 18:16:57 ----A---- C:\WINDOWS\MBR.exe

2010-03-22 18:16:57 ----A---- C:\WINDOWS\grep.exe

2010-03-22 18:15:59 ----D---- C:\Qoobox

2010-03-18 00:30:49 ----D---- C:\Program Files\User Protection

2010-03-17 23:19:04 ----D---- C:\WINDOWS\system32\Adobe

2010-03-16 00:36:12 ----A---- C:\WINDOWS\WORDPAD.INI

 

======List of files/folders modified in the last 1 months======

 

2010-03-25 00:16:50 ----D---- C:\WINDOWS\Prefetch

2010-03-25 00:11:53 ----D---- C:\Program Files\Wanadoo

2010-03-25 00:11:08 ----D---- C:\Program Files\DNA

2010-03-25 00:11:08 ----D---- C:\Documents and Settings\Nathalie\Application Data\DNA

2010-03-25 00:09:52 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-25 00:08:09 ----D---- C:\WINDOWS

2010-03-23 23:45:45 ----HD---- C:\WINDOWS\inf

2010-03-23 23:45:45 ----A---- C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2010-03-23 23:42:27 ----A---- C:\WINDOWS\system32\W32N50.dll

2010-03-23 23:15:53 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-23 23:14:29 ----RD---- C:\Program Files

2010-03-23 23:14:29 ----D---- C:\WINDOWS\system32

2010-03-23 22:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$

2010-03-23 22:17:50 ----D---- C:\WINDOWS\system32\drivers

2010-03-23 20:09:50 ----A---- C:\WINDOWS\system.ini

2010-03-23 20:05:49 ----D---- C:\WINDOWS\AppPatch

2010-03-23 20:05:44 ----D---- C:\Program Files\Fichiers communs

2010-03-23 19:50:07 ----D---- C:\Program Files\Mozilla Firefox

2010-03-23 19:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$

2010-03-23 18:49:04 ----D---- C:\Documents and Settings\Nathalie\Application Data\vlc

2010-03-23 17:26:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-23 17:20:53 ----D---- C:\Documents and Settings\Nathalie\Application Data\dvdcss

2010-03-22 21:19:02 ----D---- C:\WINDOWS\system32\Restore

2010-03-22 20:14:51 ----SD---- C:\WINDOWS\Tasks

2010-03-22 18:33:22 ----D---- C:\WINDOWS\system32\config

2010-03-22 18:32:53 ----D---- C:\WINDOWS\ERDNT

2010-03-18 00:40:38 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-03-03 21:53:47 ----D---- C:\Program Files\BitComet

2010-03-03 21:49:18 ----D---- C:\Downloads

2010-02-27 17:03:48 ----SHD---- C:\WINDOWS\Installer

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-01-01 43488]

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-19 41600]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-01-01 75096]

R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]

R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-12-05 11392]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-14 1042816]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-14 210304]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]

R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-09-22 5888]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-14 679808]

S1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys []

S1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys []

S1 sbqb4ac;sbqb4ac; C:\WINDOWS\System32\drivers\sbqb4ac.sys []

S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]

S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]

S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]

S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]

S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]

S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-12-03 641536]

S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [2005-05-31 20480]

S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]

S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]

S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [2005-04-30 10804]

S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]

S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [2005-04-30 11860]

S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Nathalie\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 cpuz129;cpuz129; \??\C:\DOCUME~1\Nathalie\LOCALS~1\Temp\cpuz_x32.sys []

S3 DFE528TX;D-Link DFE-528TX PCI Adapter; C:\WINDOWS\System32\DRIVERS\DLKRTL.SYS [2002-06-24 45568]

S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys []

S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-18 66591]

S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-15 41984]

S3 gAGP440p;gAGP440p; \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\gAGP440p.sys []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]

S3 npkcrypt;npkcrypt; \??\C:\Lineage II\system\npkcrypt.sys []

S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []

S3 RescueDrv;Inventel Access Point USB Rescue Driver; C:\WINDOWS\System32\Drivers\resc_dwb.sys [2006-08-07 74828]

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\WINDOWS\System32\DRIVERS\sis163u.sys [2006-03-01 217088]

S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]

S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-03 12672]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 VComm;Virtual Serial port driver; C:\WINDOWS\System32\DRIVERS\VComm.sys [2004-10-19 61312]

S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]

S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-16 117760]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-19 5504]

S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-06-27 717296]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-12-03 385024]

S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

S2 gupdate1c8e1ca6e7dc03c;Google Update Service (gupdate1c8e1ca6e7dc03c); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []

S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []

S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe []

S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-19 268800]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-08 651720]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2007-09-29 68096]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

 

-----------------EOF-----------------

 

 

 

 

info.txt logfile of random's system information tool 1.06 2010-03-25 00:17:02

 

======Uninstall list======

 

-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\CERLAND\Odyssea\Uninst.isu"

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL

-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}

Ad-Remover By C_XX-->"C:\Ad-Remover\Un-ADR.exe"

Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}

Avidemux 2.4-->C:\Program Files\Avidemux 2.4\uninstall.exe

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Barre d'outils MSN-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c

Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG

BitComet 1.15-->C:\Program Files\BitComet\uninst.exe

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CometBird (3.5.3)-->C:\Program Files\CometBird\uninstall\helper.exe

Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1036

Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}

Dessinez, C'est Disney-->C:\WINDOWS\unin040c.exe -f"C:\Disney Interactive\Dessinez, C'est Disney\DeIsL1.isu"

Digimax Master-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x40c -removeonly

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

Dreamweaver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x40c mmUninstall

eMule-->"C:\Program Files\eMule\Uninstall.exe"

eoEngine 7.0-->"C:\Program Files\EoRezo\unins000.exe"

EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"

FileZilla Client 3.2.7.1-->C:\Program Files\FileZilla Client\uninstall.exe

GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins001.exe"

Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level

Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}

HijackThis 2.0.2-->"C:\Documents and Settings\Nathalie\Bureau\HijackThis.exe" /uninstall

HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}

HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}

HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat

hp psc 1300 series-->rundll32 hpzcon09.dll,VendorJettison hp psc 1300 series

HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Insurgency-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/17700

InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe

iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}

Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Lively by Google-->MsiExec.exe /X{2DE38C17-DD7E-41BA-88BC-0A2387D29657}

Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall

Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x40c UNINSTALL

Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x40c UNINSTALL

Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5

Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x40c UNINSTALL

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Micro Application - Votre Imprimerie Créative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCF94650-7C40-4CE9-A99E-A9235A117F52}\SETUP.EXE" -l0x40c

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}

Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

nLite 1.4.6-->"C:\Program Files\nLite\unins000.exe"

Norton Security Scan-->MsiExec.exe /I{230C4A45-2586-4161-84EF-5C0D75D5B270}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}

Officiel des diplômes désinstallation-->C:\Program Files\Officiel des Diplômes 2007\uninstall.exe

OpenMG Limited Patch 4.2-05-07-27-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.2-05-07-27-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 4.2.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL

OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}

Outil de connexion Wanadoo-->C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo

Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PartyCasino-->"C:\Program Files\PartyGaming\PartyCasino\Uninstall.exe" "C:\Program Files\PartyGaming\PartyCasino\install.log"

PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

Rayman3-->MsiExec.exe /X{BAF5914B-5730-4373-B038-9F436AC6A0D6}

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly

RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Replay Media Catcher 3.01-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"

Roxy Palace Online Casino-->C:\MicroGaming\Casino\RoxyPalace\install.exe -uninstall

Security Update pour Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SIW version 2008-06-04-->"C:\Program Files\SIW\unins000.exe"

Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"

Source SDK Base - Orange Box-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/218

Source SDK Base-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/215

SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel

StarTopia-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBC0E8C0-63AC-11D4-BEF2-00A0C9E0B324}\setup.exe"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Super Blank 3.01-->"C:\Program Files\SuperBlank\unins000.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TES Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x40c

Titanic-->C:\Program Files\CyberFlix\Titanic\TITANIC.EXE -U

Trine-->"C:\Program Files\Trine\unins000.exe"

UltraSnap Trial 1.8-->"C:\Program Files\UltraSnap\unins000.exe"

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

Veoh Video Compass-->C:\Program Files\Veoh Networks\Veoh Video Compass\uninst.exe

VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

WinHTTrack Website Copier 3.43-7-->"C:\Program Files\WinHTTrack\unins000.exe"

Worms World Party-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"

Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Zombie Panic! Source-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/17500

 

======Security center information======

 

AV: User Protection (outdated)

AV: Avira AntiVir PersonalEdition Classic (outdated)

 

======System event log======

 

Computer Name: LOTUS

Event Code: 26

Message: Application popup :  : \SystemRoot\System32\drivers\afd.sys failed to load

 

Record Number: 136231

Source Name: Application Popup

Time Written: 20100324211449.000000+060

Event Type: Informations

User:

 

Computer Name: LOTUS

Event Code: 26

Message: Application popup :  : \SystemRoot\System32\drivers\afd.sys failed to load

 

Record Number: 136230

Source Name: Application Popup

Time Written: 20100324211449.000000+060

Event Type: Informations

User:

 

Computer Name: LOTUS

Event Code: 26

Message: Application popup :  : \SystemRoot\System32\drivers\afd.sys failed to load

 

Record Number: 136229

Source Name: Application Popup

Time Written: 20100324211449.000000+060

Event Type: Informations

User:

 

Computer Name: LOTUS

Event Code: 26

Message: Application popup :  : \SystemRoot\System32\drivers\afd.sys failed to load

 

Record Number: 136228

Source Name: Application Popup

Time Written: 20100324211449.000000+060

Event Type: Informations

User:

 

Computer Name: LOTUS

Event Code: 26

Message: Application popup :  : \SystemRoot\System32\drivers\afd.sys failed to load

 

Record Number: 136227

Source Name: Application Popup

Time Written: 20100324211449.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: LOTUS

Event Code: 4096

Message: Le service AntiVir a bien démarré!

 

Record Number: 5

Source Name: Avira AntiVir

Time Written: 20100302144157.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: LOTUS

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 4

Source Name: SecurityCenter

Time Written: 20100302144152.000000+060

Event Type: Informations

User:

 

Computer Name: LOTUS

Event Code: 1

Message:

Record Number: 3

Source Name: Bonjour Service

Time Written: 20100302144150.000000+060

Event Type: Informations

User:

 

Computer Name: LOTUS

Event Code: 0

Message:

Record Number: 2

Source Name: gupdate1c8e1ca6e7dc03c

Time Written: 20100302144148.000000+060

Event Type: Informations

User:

 

Computer Name: LOTUS

Event Code: 2570

Message: Le service Adobe Active File Monitor a démarré.

 

Record Number: 1

Source Name: Adobe Active File Monitor 7.0

Time Written: 20100302144148.000000+060

Event Type:

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=0a00

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

 

 

 

 

 

 

 

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Télécharge TDSSKiller de Kaspersky. http://senduit.com/dca6f6

 

Enregistrer sur le bureau. (et pas ailleurs). <<<===

 

 

Va dans Démarrer/exécuter (ou touches Windows et R) et copie/colle le contenu du cadre ci-dessous:

 

"%userprofile%\bureau\TDSSKiller.exe" -l TDSSlog.txt -v

 

A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.

Un fichier TDSSlog.txt va apparaitre sur ton bureau.

Ouvre le et poste l'intégralité de son contenu dans ta prochaine réponse.

 

NB: Si l'outil demande un reboot, accepte en tapant Y (yes).

D'ailleurs, applique tout ce qu'il propose.

 

@++

Prodan Junior Member

Prodan

Posté(e)
  • Auteur
Posté(e)

voila..aucune amélioration

 

21:38:11:890 3764 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

21:38:11:890 3764 ================================================================================

21:38:11:890 3764 SystemInfo:

 

21:38:11:890 3764 OS Version: 5.1.2600 ServicePack: 2.0

21:38:11:890 3764 Product type: Workstation

21:38:11:890 3764 ComputerName: LOTUS

21:38:11:890 3764 UserName: Nathalie

21:38:11:890 3764 Windows directory: C:\WINDOWS

21:38:11:906 3764 Processor architecture: Intel x86

21:38:11:906 3764 Number of processors: 1

21:38:11:906 3764 Page size: 0x1000

21:38:11:906 3764 Boot type: Normal boot

21:38:11:906 3764 ================================================================================

21:38:11:921 3764 UnloadDriverW: NtUnloadDriver error 2

21:38:11:921 3764 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

21:38:12:078 3764 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

21:38:12:078 3764 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

21:38:12:078 3764 wfopen_ex: Trying to KLMD file open

21:38:12:078 3764 wfopen_ex: File opened ok (Flags 2)

21:38:12:078 3764 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

21:38:12:078 3764 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

21:38:12:078 3764 wfopen_ex: Trying to KLMD file open

21:38:12:078 3764 wfopen_ex: File opened ok (Flags 2)

21:38:12:078 3764 Initialize success

21:38:12:078 3764

21:38:12:078 3764 Scanning Services ...

21:38:12:937 3764 Raw services enum returned 393 services

21:38:12:968 3764

21:38:12:968 3764 Scanning Kernel memory ...

21:38:12:968 3764 Devices to scan: 5

21:38:12:968 3764

21:38:12:968 3764 Driver Name: Disk

21:38:12:968 3764 IRP_MJ_CREATE : F7535C30

21:38:12:968 3764 IRP_MJ_CREATE_NAMED_PIPE : 805031BE

21:38:12:968 3764 IRP_MJ_CLOSE : F7535C30

21:38:12:968 3764 IRP_MJ_READ : F752FD9B

21:38:12:968 3764 IRP_MJ_WRITE : F752FD9B

21:38:12:968 3764 IRP_MJ_QUERY_INFORMATION : 805031BE

21:38:12:968 3764 IRP_MJ_SET_INFORMATION : 805031BE

21:38:12:968 3764 IRP_MJ_QUERY_EA : 805031BE

21:38:12:968 3764 IRP_MJ_SET_EA : 805031BE

21:38:12:968 3764 IRP_MJ_FLUSH_BUFFERS : F7530366

21:38:12:968 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE

21:38:12:968 3764 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE

21:38:12:968 3764 IRP_MJ_DIRECTORY_CONTROL : 805031BE

21:38:12:968 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE

21:38:12:968 3764 IRP_MJ_DEVICE_CONTROL : F753044D

21:38:12:968 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7533FC3

21:38:12:968 3764 IRP_MJ_SHUTDOWN : F7530366

21:38:12:968 3764 IRP_MJ_LOCK_CONTROL : 805031BE

21:38:12:968 3764 IRP_MJ_CLEANUP : 805031BE

21:38:12:968 3764 IRP_MJ_CREATE_MAILSLOT : 805031BE

21:38:12:968 3764 IRP_MJ_QUERY_SECURITY : 805031BE

21:38:12:968 3764 IRP_MJ_SET_SECURITY : 805031BE

21:38:12:968 3764 IRP_MJ_POWER : F7531EF3

21:38:12:968 3764 IRP_MJ_SYSTEM_CONTROL : F7536A24

21:38:12:968 3764 IRP_MJ_DEVICE_CHANGE : 805031BE

21:38:12:968 3764 IRP_MJ_QUERY_QUOTA : 805031BE

21:38:12:968 3764 IRP_MJ_SET_QUOTA : 805031BE

21:38:12:984 3764 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

21:38:12:984 3764

21:38:12:984 3764 Driver Name: USBSTOR

21:38:12:984 3764 IRP_MJ_CREATE : F193D218

21:38:12:984 3764 IRP_MJ_CREATE_NAMED_PIPE : 805031BE

21:38:12:984 3764 IRP_MJ_CLOSE : F193D218

21:38:12:984 3764 IRP_MJ_READ : F193D23C

21:38:12:984 3764 IRP_MJ_WRITE : F193D23C

21:38:12:984 3764 IRP_MJ_QUERY_INFORMATION : 805031BE

21:38:12:984 3764 IRP_MJ_SET_INFORMATION : 805031BE

21:38:12:984 3764 IRP_MJ_QUERY_EA : 805031BE

21:38:12:984 3764 IRP_MJ_SET_EA : 805031BE

21:38:12:984 3764 IRP_MJ_FLUSH_BUFFERS : 805031BE

21:38:12:984 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE

21:38:12:984 3764 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE

21:38:12:984 3764 IRP_MJ_DIRECTORY_CONTROL : 805031BE

21:38:12:984 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE

21:38:12:984 3764 IRP_MJ_DEVICE_CONTROL : F193D180

21:38:12:984 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : F19389E6

21:38:12:984 3764 IRP_MJ_SHUTDOWN : 805031BE

21:38:12:984 3764 IRP_MJ_LOCK_CONTROL : 805031BE

21:38:12:984 3764 IRP_MJ_CLEANUP : 805031BE

21:38:12:984 3764 IRP_MJ_CREATE_MAILSLOT : 805031BE

21:38:12:984 3764 IRP_MJ_QUERY_SECURITY : 805031BE

21:38:12:984 3764 IRP_MJ_SET_SECURITY : 805031BE

21:38:12:984 3764 IRP_MJ_POWER : F193C5F0

21:38:12:984 3764 IRP_MJ_SYSTEM_CONTROL : F193AA6E

21:38:12:984 3764 IRP_MJ_DEVICE_CHANGE : 805031BE

21:38:12:984 3764 IRP_MJ_QUERY_QUOTA : 805031BE

21:38:12:984 3764 IRP_MJ_SET_QUOTA : 805031BE

21:38:13:000 3764 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

21:38:13:000 3764

21:38:13:000 3764 Driver Name: Disk

21:38:13:000 3764 IRP_MJ_CREATE : F7535C30

21:38:13:000 3764 IRP_MJ_CREATE_NAMED_PIPE : 805031BE

21:38:13:000 3764 IRP_MJ_CLOSE : F7535C30

21:38:13:000 3764 IRP_MJ_READ : F752FD9B

21:38:13:000 3764 IRP_MJ_WRITE : F752FD9B

21:38:13:000 3764 IRP_MJ_QUERY_INFORMATION : 805031BE

21:38:13:000 3764 IRP_MJ_SET_INFORMATION : 805031BE

21:38:13:000 3764 IRP_MJ_QUERY_EA : 805031BE

21:38:13:000 3764 IRP_MJ_SET_EA : 805031BE

21:38:13:000 3764 IRP_MJ_FLUSH_BUFFERS : F7530366

21:38:13:000 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE

21:38:13:000 3764 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE

21:38:13:000 3764 IRP_MJ_DIRECTORY_CONTROL : 805031BE

21:38:13:000 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE

21:38:13:000 3764 IRP_MJ_DEVICE_CONTROL : F753044D

21:38:13:000 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7533FC3

21:38:13:000 3764 IRP_MJ_SHUTDOWN : F7530366

21:38:13:000 3764 IRP_MJ_LOCK_CONTROL : 805031BE

21:38:13:000 3764 IRP_MJ_CLEANUP : 805031BE

21:38:13:000 3764 IRP_MJ_CREATE_MAILSLOT : 805031BE

21:38:13:000 3764 IRP_MJ_QUERY_SECURITY : 805031BE

21:38:13:000 3764 IRP_MJ_SET_SECURITY : 805031BE

21:38:13:000 3764 IRP_MJ_POWER : F7531EF3

21:38:13:000 3764 IRP_MJ_SYSTEM_CONTROL : F7536A24

21:38:13:000 3764 IRP_MJ_DEVICE_CHANGE : 805031BE

21:38:13:000 3764 IRP_MJ_QUERY_QUOTA : 805031BE

21:38:13:000 3764 IRP_MJ_SET_QUOTA : 805031BE

21:38:13:000 3764 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

21:38:13:000 3764

21:38:13:000 3764 Driver Name: Disk

21:38:13:000 3764 IRP_MJ_CREATE : F7535C30

21:38:13:000 3764 IRP_MJ_CREATE_NAMED_PIPE : 805031BE

21:38:13:000 3764 IRP_MJ_CLOSE : F7535C30

21:38:13:000 3764 IRP_MJ_READ : F752FD9B

21:38:13:000 3764 IRP_MJ_WRITE : F752FD9B

21:38:13:000 3764 IRP_MJ_QUERY_INFORMATION : 805031BE

21:38:13:000 3764 IRP_MJ_SET_INFORMATION : 805031BE

21:38:13:000 3764 IRP_MJ_QUERY_EA : 805031BE

21:38:13:000 3764 IRP_MJ_SET_EA : 805031BE

21:38:13:000 3764 IRP_MJ_FLUSH_BUFFERS : F7530366

21:38:13:000 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE

21:38:13:000 3764 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE

21:38:13:000 3764 IRP_MJ_DIRECTORY_CONTROL : 805031BE

21:38:13:000 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE

21:38:13:000 3764 IRP_MJ_DEVICE_CONTROL : F753044D

21:38:13:000 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7533FC3

21:38:13:000 3764 IRP_MJ_SHUTDOWN : F7530366

21:38:13:000 3764 IRP_MJ_LOCK_CONTROL : 805031BE

21:38:13:000 3764 IRP_MJ_CLEANUP : 805031BE

21:38:13:000 3764 IRP_MJ_CREATE_MAILSLOT : 805031BE

21:38:13:000 3764 IRP_MJ_QUERY_SECURITY : 805031BE

21:38:13:000 3764 IRP_MJ_SET_SECURITY : 805031BE

21:38:13:000 3764 IRP_MJ_POWER : F7531EF3

21:38:13:000 3764 IRP_MJ_SYSTEM_CONTROL : F7536A24

21:38:13:000 3764 IRP_MJ_DEVICE_CHANGE : 805031BE

21:38:13:000 3764 IRP_MJ_QUERY_QUOTA : 805031BE

21:38:13:000 3764 IRP_MJ_SET_QUOTA : 805031BE

21:38:13:015 3764 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

21:38:13:015 3764

21:38:13:015 3764 Driver Name: atapi

21:38:13:015 3764 IRP_MJ_CREATE : 86CD3008

21:38:13:015 3764 IRP_MJ_CREATE_NAMED_PIPE : 86CD3008

21:38:13:015 3764 IRP_MJ_CLOSE : 86CD3008

21:38:13:015 3764 IRP_MJ_READ : 86CD3008

21:38:13:015 3764 IRP_MJ_WRITE : 86CD3008

21:38:13:015 3764 IRP_MJ_QUERY_INFORMATION : 86CD3008

21:38:13:015 3764 IRP_MJ_SET_INFORMATION : 86CD3008

21:38:13:015 3764 IRP_MJ_QUERY_EA : 86CD3008

21:38:13:015 3764 IRP_MJ_SET_EA : 86CD3008

21:38:13:015 3764 IRP_MJ_FLUSH_BUFFERS : 86CD3008

21:38:13:015 3764 IRP_MJ_QUERY_VOLUME_INFORMATION : 86CD3008

21:38:13:015 3764 IRP_MJ_SET_VOLUME_INFORMATION : 86CD3008

21:38:13:015 3764 IRP_MJ_DIRECTORY_CONTROL : 86CD3008

21:38:13:015 3764 IRP_MJ_FILE_SYSTEM_CONTROL : 86CD3008

21:38:13:015 3764 IRP_MJ_DEVICE_CONTROL : 86CD3008

21:38:13:015 3764 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86CD3008

21:38:13:015 3764 IRP_MJ_SHUTDOWN : 86CD3008

21:38:13:015 3764 IRP_MJ_LOCK_CONTROL : 86CD3008

21:38:13:015 3764 IRP_MJ_CLEANUP : 86CD3008

21:38:13:015 3764 IRP_MJ_CREATE_MAILSLOT : 86CD3008

21:38:13:015 3764 IRP_MJ_QUERY_SECURITY : 86CD3008

21:38:13:015 3764 IRP_MJ_SET_SECURITY : 86CD3008

21:38:13:015 3764 IRP_MJ_POWER : 86CD3008

21:38:13:015 3764 IRP_MJ_SYSTEM_CONTROL : 86CD3008

21:38:13:015 3764 IRP_MJ_DEVICE_CHANGE : 86CD3008

21:38:13:015 3764 IRP_MJ_QUERY_QUOTA : 86CD3008

21:38:13:015 3764 IRP_MJ_SET_QUOTA : 86CD3008

21:38:13:015 3764 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1

21:38:13:015 3764

21:38:13:015 3764 Completed

21:38:13:015 3764

21:38:13:015 3764 Results:

21:38:13:015 3764 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

21:38:13:015 3764 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

21:38:13:015 3764 File objects infected / cured / cured on reboot: 0 / 0 / 0

21:38:13:015 3764

21:38:13:015 3764 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

21:38:13:015 3764 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

21:38:13:031 3764 KLMD(ARK) unloaded successfully

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

ComboFix ne doit pas être utilisé comme un outil de diagnostic, il ne doit être employé que sur demande expresse d'un conseiller formé à cet outil et sous son contrôle. Cet outil peut être dangereux!

 

img-0957469x7jp.gif Désactiver les protections (antivirus, firewall, antispyware).

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

TUTO Officiel

 

Fais un clic droit ICI

  • Dans le menu qui se déroule, choisis "Enregistrer la cible du lien sous" (si tu utilises Firefox) et "Enregistrer la cible sous" (si tu utilises Internet Explorer)
  • Une fenêtre va s'ouvrir: dans le champs Nom du fichier (en bas ), tape ceci img-0957469x7jp.gif panpan
  • On va enregistrer ce fichier sur le Bureau: pour cela, sur le panneau de gauche, clique sur le Bureau.
     
  • Clique enfin sur le bouton Enregistrer en bas de page à droite.
  • Assure toi que tous les programmes sont fermés avant de lancer le fix!
  • Fait un double clique sur panpan.
  • Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepte!
  • Clique sur Oui au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sure: accepte!
  • Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  • Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

NB: Si malgré tout, tu ne parviens pas à réparer la connexion, lis ce sujet stp.

 

Si le message: "Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression".

apparaissait, redémarrer le pc.

 

sshot-1-9.jpg

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...