Scurity Toolbar 7.1 AIDE

Question

Bonjour,
Comme plusieur d'entre nous j'ai "Security toolbar" et je n'arrive pas a le supprimer.

Voici le rapport de combofix : 


ComboFix 08-10-03.01 - edouard 2008-10-03 22:49:36.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.326 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\edouard\Application Data\MessengerSkinner
C:\Documents and Settings\edouard\Application Data\MessengerSkinner\Userdata\Install_MessengerSkinner.zip
C:\Documents and Settings\edouard\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\edouard\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\edouard\Application Data\WeatherDPA
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\SearchWeather.xml
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\Weather_XML\Default
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\Weather_XML\Genera1
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\Weather_XML\General
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Display
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Loading
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\soaperror
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Version
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\WeatherDPA\WeatherPreferences
C:\Documents and Settings\edouard\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\edouard\Application Data\Zango
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1035787.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1039442.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1042745.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1055604.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1058273.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1060233.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1067059.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1070563.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1139319.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1293930.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1383356.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1383918.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1384138.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1384577.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1384736.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1384900.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1386771.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1387589.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1388730.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1390720.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1390732.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1390909.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1390994.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1391092.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1391571.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1393433.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1398044.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1399723.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1400295.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1401220.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1401230.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1401828.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1402657.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1405667.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1405829.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1410255.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1412159.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1416662.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1416861.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\143907.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1628785.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1639817.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1653364.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1701768.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1763141.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\178873.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1820544.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1854486.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1859639.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1899.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1925584.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1963381.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\1969341.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2066842.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2073452.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2208789.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2342746.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2415582.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2424017.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2494842.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2548803.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2684075.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2749499.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2750041.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2777657.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2777770.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2810214.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2850443.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2884629.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2884713.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2885069.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2893863.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2899627.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2903988.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\2904134.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\290414.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\29242.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\297049.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3248879.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3248887.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3248889.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3251993.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3340762.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\340026.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3422426.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3510167.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3736273.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3736917.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3741804.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3743727.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3751912.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3754896.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3756263.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\375655.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3781261.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3781353.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3781379.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3786287.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3812108.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3812110.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3852962.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3855249.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3893163.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3893498.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3893714.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3894425.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3894604.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\3895082.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\390090.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\407824.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\442905.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\454667.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\499863.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\528897.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\546229.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\547716.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\549620.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\566360.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\575811.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\582964.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\588768.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\611102.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\625696.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\645857.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\699335.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\705987.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\805478.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\819884.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\854397.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\878855.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\91993.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\922824.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\988609.sdf
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000003167
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000023894
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000023901
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024096
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024388
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024483
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025650
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026048
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026149
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026569
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026681
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027037
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027522
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027874
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027957
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000028063
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000028826
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000029213
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000029227
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000029251
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000030876
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000031020
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000032930
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000032977
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000033079
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000039054
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000044868
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000047410
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000047858
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000048656
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000051643
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000051979
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000051993
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052008
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052045
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052118
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052121
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052291
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052374
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052451
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052615
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052645
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052678
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052691
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052701
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052938
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052995
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000053072
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000053342
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000053405
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000053498
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000053560
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000053803
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000054369
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000054391
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000054458
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000054461
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000054694
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000055202
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000055462
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000055472
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000055539
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000055850
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000056104
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000056376
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000056495
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000056908
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000057533
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000057548
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000057972
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000057976
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000058289
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000058302
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000058574
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059264
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059410
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059452
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059457
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059554
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059558
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059581
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059649
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059657
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059730
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000060572
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000060757
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000061422
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000061533
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000061625
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000061760
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000062171
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000062907
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063198
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063329
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063485
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063558
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063568
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063625
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063820
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000064073
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000065128
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000065133
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000065154
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000065225
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000065227
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000066601
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000066754
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000066776
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000066868
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000067231
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000067242
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000067464
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000067680
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068083
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068299
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068393
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068556
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068667
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068689
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068837
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000069497
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000069613
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000069767
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000074268
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000078855
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079001
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079032
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079159
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079884
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000080073
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000080681
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000080836
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000081733
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000081898
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000081945
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000081968
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082117
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082129
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082240
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082648
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082754
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082797
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082825
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082859
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000083033
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000084912
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10110
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10807
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1085
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\117731
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\118874
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11891
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12435
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12457
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13031
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\130787
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13620
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13632
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14001
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14415
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14435
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14440
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\146936
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\146938
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1491
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\150059
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15032
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15039
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15040
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15541
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15596
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15643
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1587
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16065
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16086
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16087
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16173
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16211
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\164461
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1709
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\175419
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\177919
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\179008
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\180320
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18310
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18383
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18459
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18470
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18730
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18991
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19052
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19650
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\197947
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199345
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199413
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199881
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20106
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20128
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2020
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2021
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\202850
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\202978
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20517
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20549
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20570
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20611
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20613
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20672
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20898
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21036
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21060
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\211386
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\211683
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\212398
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\212944
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\214816
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21639
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21669
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21846
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21889
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\220086
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\220566
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22170
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22254
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22657
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\227849
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\228414
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22913
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23111
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23270
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\233027
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23316
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23466
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\235169
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\235796
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241998
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\243256
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24625
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24689
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\247895
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25063
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25424
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25469
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25502
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25509
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25708
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25803
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\258484
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\260284
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26030
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26134
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26335
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26340
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\263771
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\266255
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26664
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26763
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26894
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27419
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27505
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27668
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27682
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\277907
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\278243
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\281075
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\283041
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28383
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2855
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2861
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\286256
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28812
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\288799
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\289368
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\290893
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29135
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\291448
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29425
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29642
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\300
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\304155
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30431
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30455
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30457
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30458
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30597
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30860
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31262
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32315
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32415
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32418
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32792
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32887
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33137
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33201
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3332
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3338
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33548
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33695
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33912
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33916
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34123
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34267
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34276
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34911
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35009
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35012
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35015
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35040
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35047
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35150
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\352526
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35654
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35746
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36039
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36079
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\361427
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36735
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36834
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\37122
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\372153
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\372500
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\374830
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\375812
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\37591
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\37616
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\385942
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\390259
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39228
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39232
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\394023
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39632
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\398010
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\398397
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39897
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39947
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40017
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40999
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41115
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41215
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41347
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41364
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4142
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41421
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41499
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4157
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41952
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41957
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41999
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42437
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\424628
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427075
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427148
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43098
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43349
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\436199
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\436868
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\436959
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\437353
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43907
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44100
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44267
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44293
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44303
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44306
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44313
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44320
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4442
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44957
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44960
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44961
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45102
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\451453
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4546
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\454802
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455563
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45833
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459338
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\461315
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\463818
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\471027
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\472390
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\475788
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\476734
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\479957
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4818
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\482923
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\482978
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\488149
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\494328
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49442
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49833
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\505911
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\510430
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51075
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51097
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51374
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\514456
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51495
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51880
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\520094
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\522463
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\526389
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52699
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52968
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53310
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\533670
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\534784
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\535707
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53595
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\537061
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53842
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53923
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\540999
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\541503
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54247
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\543041
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\543613
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\543645
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54400
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54488
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\546899
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\547700
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\548712
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54984
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55004
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55054
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\553177
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\553281
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5535
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\556604
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\556866
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55907
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\560770
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56084
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\561991
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\562067
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56815
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\568256
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57071
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\571472
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\571530
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\572023
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\574884
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578104
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578150
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57951
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57973
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5828
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\586413
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58946
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58965
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\590902
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\591948
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\591956
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59221
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59287
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59435
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\594881
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59632
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59723
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59844
C:\Documents and Settings\edouard\Application Data\Zango\v3.0\Zango\dynamic\Toolti

Lyonnais92 · Answer

Bonjour,

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur,  RSIT  le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. 

Poste le contenu de  log.txt  (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB :  Les rapports sont sauvegardés dans le dossier C:\rsit

---------------

Ouvre ce lien  (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

Edoy · Answer

Merci de ton aide et voici ls rapports
Je te donne le rapport de 
SmitfraudFix.exe. 
dans quelques minutes.
Merci de ta rapidité !
log : 

Logfile of random's system information tool 1.04 (written by random/random)
Run by edouard at 2008-10-04 11:20:35
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 77 GB (67%) free of 114 GB
Total RAM: 511 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21, on 2008-10-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WAV\wav.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Applications\iebtmm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\algg.exe
C:\Program Files\VirusRL2009\VirusRL2009.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Downloads\RSIT.exe
C:\Program Files	rend micro\edouard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://laptopadviser.com/malware-removal/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://laptopadviser.com/malware-removal/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://laptopadviser.com/malware-removal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://laptopadviser.com/malware-removal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://laptopadviser.com/malware-removal/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://laptopadviser.com/malware-removal/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMult.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VRLWarningBHO Class - {0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0} - C:\Program Files\VirusRL2009\AVLWarning.dll (file missing)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.3.19.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMult.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: 267171 helper - {C2E04B8D-ED53-47F9-88A1-298066A66634} - C:\WINDOWS\system32\267171\267171.dll
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMult.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\WAV\wav.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\RunServices: [strmsnnrs] msnmcgrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wma info] C:\DOCUME~1\edouard\APPLIC~1\FlawBin\date axis play.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32
sinet.exe /res
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
O4 - HKCU\..\Run: [VirusRL2009] "C:\Program Files\VirusRL2009\VirusRL2009.exe"
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\WAV\wav.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm131YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b360cacbe0e74dc783f42ac1033b63be
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b360cacbe0e74dc783f42ac1033b63be
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfile.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfile.com/redirect.php (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://univ-r.u-strasbg.fr/TSWeb/msrdp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210514392_325b0ea5ad37641d3f97a5fc43e6d246&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/onrpg/solidstateion.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeux.wanadoo.fr/online2/insaniquarium/Oberongamesloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O22 - SharedTaskScheduler: impetuousities - {0ba3e00d-b660-46e6-a2db-2672ee82dc98} - C:\WINDOWS\system32\oanlvs.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Edoy · Answer

Rapport 
SmitFraudFix v2.356

Rapport fait à 11:29:37.59, 2008-10-04
Executé à partir de C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WAV\wav.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Applications\iebtmm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\algg.exe
C:\windows\system32\qkmgmky.exe
C:\Program Files\VirusRL2009\VirusRL2009.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\algg.exe PRESENT !
C:\WINDOWS\system32\uav.cpl PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\edouard


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\edouard\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\edouard\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\edouard\Bureau\Ultimate Antivirus 2008.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Applications\ PRESENT !
C:\Program Files\uav\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 267171.dll
BHO: 267171 Class - {C2E04B8D-ED53-47F9-88A1-298066A66634}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0ba3e00d-b660-46e6-a2db-2672ee82dc98}"="impetuousities"

[HKEY_CLASSES_ROOT\CLSID\{0ba3e00d-b660-46e6-a2db-2672ee82dc98}\InProcServer32]
@="C:\WINDOWS\system32\oanlvs.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0ba3e00d-b660-46e6-a2db-2672ee82dc98}\InProcServer32]
@="C:\WINDOWS\system32\oanlvs.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ADMtek AN983 10/100Mbps PCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DFC34D5-FAB6-459F-A75A-CF0D4150D887}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DFC34D5-FAB6-459F-A75A-CF0D4150D887}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DFC34D5-FAB6-459F-A75A-CF0D4150D887}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Lyonnais92 · Answer

Re,

Imprime ces instructions car tu n'y auras pas accès durant le passage en mode sans échec.

dans l'ordre :


Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)

---------------------------
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié dans C:\.

-------------------------------

    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport,
----------------------------------------

Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

• copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, 

Copie colle aussi le rapport de SmitfraudFix

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

avec un nouveau rapport  Hijackthis !

__________________

Si SDfix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci dans la fenêtre :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe


    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDfix.

Edoy · Answer

Merci
Voci le rapport :

   -----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.50GHz )
   BIOS : 4.06  Rev. 1.01.1675            
   USER : edouard ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.7.1098 [VPS 080430-1] 4.7.1098 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 111 Go Free : 74 Go
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   F:\ (USB)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [1] ( 2008-10-04|12:40 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\06-09-23-20-05-04
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\06-09-26-07-01-01
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\06-09-26-07-01-01.xm_
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\07-01-16-18-37-04.xm_
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\07-02-19-18-21-06.xm_
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\07-06-16-19-28-13
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\07-06-16-19-28-13.xm_
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\AliceGreenfingers16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\amazonia16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Azada16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Bird_Pirates16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\caution.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Chromadrome_216x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cradle_rome16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\daycare_nightmare16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong_quest_216x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong_world16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\MCF_raven16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
ewGames.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	astyplanet16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	he_apprentice_LA16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	rial.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	urbo_pizza16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
   C:\Program Files\GamesBar
   C:\Program Files\GamesBar\OBGet.exe
   C:\Program Files\GamesBar\search.bin
   C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
   C:\DOCUME~1\edouard\APPLIC~1\HbTools_Icons
   C:\DOCUME~1\edouard\APPLIC~1\HbTools_Icons\games2.ico
   C:\DOCUME~1\edouard\APPLIC~1\HbTools_Icons\Registryrepair.ico
   C:\DOCUME~1\edouard\APPLIC~1\HbTools_Icons\wallpapere1.ico
   C:\Program Files\Multi_Media_France
   C:\Program Files\Multi_Media_France\INSTALL.LOG
   C:\Program Files\Multi_Media_France\LanguagePack.xml
   C:\Program Files\Multi_Media_France\LocalSettings.txt
   C:\Program Files\Multi_Media_France\RadioPlayer
   C:\Program Files\Multi_Media_Francess
   C:\Program Files\Multi_Media_France	bMult.dll
   C:\Program Files\Multi_Media_France\ThirdPartyComponents.xml
   C:\Program Files\Multi_Media_France	oolbar.cfg
   C:\Program Files\Multi_Media_France\UNWISE.EXE
   C:\Program Files\Multi_Media_France\UNWISE.INI
   C:\Program Files\Multi_Media_France\update.xml
   C:\Program Files\MyWebSearch
   C:\Program Files\MyWebSearch\bar
   C:\DOCUME~1\edouard\MENUDM~1\PROGRA~1\WhenU

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="about:blank"
   "Search Bar"="https://laptopadviser.com/malware-removal/"
   "Search Page"="https://laptopadviser.com/malware-removal/"
   "SearchMigratedDefaultURL"="https://laptopadviser.com/malware-removal/{searchTerms}"
   "Default_Search_URL"="https://laptopadviser.com/malware-removal/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://laptopadviser.com/malware-removal/"
   "Search Page"="https://laptopadviser.com/malware-removal/"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Search Bar"="https://laptopadviser.com/malware-removal/"
   "SearchMigratedDefaultURL"="https://laptopadviser.com/malware-removal/{searchTerms}"


   --------------------\  Recherche d'autres infections

   C:\Program Files\MessengerSkinner
   C:\Program Files\MessengerSkinner\download
   C:\Program Files\MessengerSkinner\MessengerSkinner.exe
   C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
   C:\Program Files\MessengerSkinneresources
   C:\DOCUME~1\edouard\APPLIC~1\MessengerSkinner
   C:\DOCUME~1\edouard\APPLIC~1\MessengerSkinner\Userdata
   C:\Program Files\Instant Access
   C:\Program Files\Instant Access\Center
   C:\Program Files\Instant Access\Dialer
   C:\WINDOWS\System32
vs2.inf
 
   C:\WINDOWS\System32\qkmgmky.dat
   C:\WINDOWS\System32\qkmgmky.exe
   C:\WINDOWS\System32\qkmgmky_nav.dat
   C:\WINDOWS\System32\qkmgmky_navps.dat
   [b]==> EGDACCESS <==/b

   --------------------\  ROGUES ..

   C:\PROGRA~1\SystemDoctor 2006 Free
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
   C:\DOCUME~1\edouard\APPLIC~1\WinAntiVirus Pro 2006




   1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-04|12:42 - Option : [1]

   -----------\  Fin du rapport a 12:42:28.73

Edoy · Answer

Merci infiniment de m'en avoir débarassé ! 
Voici les rapports demandé.


[b]SDFix: Version 1.231 [/b]
Run by edouard on 2008-10-04 at 13:23

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\TMLPWIN.EXE - Deleted
C:\Program Files\WAV\wav.cpl - Deleted
C:\Program Files\WAV\wav.exe - Deleted
C:\Documents and Settings\edouard\Bureau\Windows Antivirus 2008.lnk - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 13:38:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Wanadoo Messager\Wanadoo Messager.exe"="C:\Program Files\Wanadoo Messager\Wanadoo Messager.exe:*:Enabled:Application Messager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Jeux classiques\Bin\CmCenterV2.exe"="C:\Program Files\Jeux classiques\Bin\CmCenterV2.exe:*:Disabled:CmCenter Module"
"%windir%\system32\ccapp.exe"="%windir%\system32\ccapp.exe:*:Enabled:System Process"
"C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"="C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat"="C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\WINDOWS\system32\lxdicoms.exe"="C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe"="C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe"="C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software"
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Freeciv-2.0.9-gtk2\civserver.exe"="C:\Program Files\Freeciv-2.0.9-gtk2\civserver.exe:*:Enabled:civserver"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\lxctcoms.exe"="C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Fichiers communs\i4j_jres\1.6.0\bin\java.exe"="C:\Program Files\Fichiers communs\i4j_jres\1.6.0\bin\java.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\DofusArena2\DofusArena.exe"="C:\Program Files\DofusArena2\DofusArena.exe:*:Enabled:Dofus Arena Client"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\THQ\Titan Quest\Titan Quest.exe"="C:\Program Files\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe"="C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 13 Oct 2004     1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 18 May 2008     6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 28 May 2005         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 28 May 2005           401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Tue 24 Apr 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 30 Dec 2003         1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg.reg"
Sun 21 Dec 2003         1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg_old.reg"
Sun 21 Dec 2003        12,368 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient_old.reg"
Tue 30 Dec 2003        12,368 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient.reg"
Sun 14 Sep 2008        27,136 ...H. --- "C:\Documents and Settings\edouard\Application Data\Microsoft\Word\~WRL0004.tmp"
Tue 28 Aug 2007         1,881 ...HR --- "C:\Documents and Settings\edouard\Application Data\SecuROM\UserData\securom_v7_01.bak"
Thu  7 Dec 2006     3,096,576 A..H. --- "C:\Documents and Settings\edouard\Application Data\U3	emp\Launchpad Removal.exe"
Fri 17 Mar 2006             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

[b]Finished![/b]









SmitFraudFix v2.356

Rapport fait à 12:54:49.92, 2008-10-04
Executé à partir de C:\Documents and Settings\edouard\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0ba3e00d-b660-46e6-a2db-2672ee82dc98}"="impetuousities"

[HKEY_CLASSES_ROOT\CLSID\{0ba3e00d-b660-46e6-a2db-2672ee82dc98}\InProcServer32]
@="C:\WINDOWS\system32\oanlvs.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0ba3e00d-b660-46e6-a2db-2672ee82dc98}\InProcServer32]
@="C:\WINDOWS\system32\oanlvs.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\oanlvs.dll -> Hoax.Win32.Renos.gen.p
C:\WINDOWS\system32\oanlvs.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\algg.exe supprimé
C:\WINDOWS\system32\uav.cpl supprimé
C:\DOCUME~1\edouard\Bureau\Ultimate Antivirus 2008.lnk supprimé
C:\Program Files\Applications\ supprimé
C:\Program Files\uav\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DFC34D5-FAB6-459F-A75A-CF0D4150D887}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DFC34D5-FAB6-459F-A75A-CF0D4150D887}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DFC34D5-FAB6-459F-A75A-CF0D4150D887}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Lyonnais92 · Answer

Re,

après avoir relancé Toolbar Sd (et posté le rapport),

tu fais ça :


Clique sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
pour télécharger navilog1.exe.

Choisis Enregistrer

et enregistre-le sur ton bureau.

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

Edoy · Answer

Voici le rapport toolbar

-----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.50GHz )
   BIOS : 4.06  Rev. 1.01.1675            
   USER : edouard ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.7.1098 [VPS 080430-1] 4.7.1098 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 111 Go Free : 75 Go
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   F:\ (USB)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [2] ( 2008-10-04|13:52 )

   -----------\ SUPPRESSION

   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\06-09-23-20-05-04
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\06-09-26-07-01-01
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\06-09-26-07-01-01.xm_
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\07-01-16-18-37-04.xm_
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\07-02-19-18-21-06.xm_
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\07-06-16-19-28-13
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\07-06-16-19-28-13.xm_
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\AliceGreenfingers16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\amazonia16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Azada16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Bird_Pirates16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\caution.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Chromadrome_216x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cradle_rome16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\daycare_nightmare16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong_quest_216x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong_world16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\MCF_raven16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
ewGames.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	astyplanet16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	he_apprentice_LA16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	rial.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	urbo_pizza16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
   Supprime! - C:\Program Files\GamesBar\OBGet.exe
   Supprime! - C:\Program Files\GamesBar\search.bin
   Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\HbTools_Icons\games2.ico
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\HbTools_Icons\Registryrepair.ico
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\HbTools_Icons\wallpapere1.ico
   Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
   Supprime! - C:\Program Files\Multi_Media_France\LanguagePack.xml
   Supprime! - C:\Program Files\Multi_Media_France\LocalSettings.txt
   Supprime! - C:\Program Files\Multi_Media_France\RadioPlayer
   Supprime! - C:\Program Files\Multi_Media_Francess
   Echec   ! - C:\Program Files\Multi_Media_France	bMult.dll
   Supprime! - C:\Program Files\Multi_Media_France\ThirdPartyComponents.xml
   Supprime! - C:\Program Files\Multi_Media_France	oolbar.cfg
   Supprime! - C:\Program Files\Multi_Media_France\UNWISE.EXE
   Supprime! - C:\Program Files\Multi_Media_France\UNWISE.INI
   Supprime! - C:\Program Files\Multi_Media_France\update.xml
   Supprime! - C:\Program Files\MyWebSearch\bar
   Supprime! - C:\DOCUME~1\edouard\MENUDM~1\PROGRA~1\WhenU
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
   Supprime! - C:\Program Files\GamesBar
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\HbTools_Icons
   Echec   ! - C:\Program Files\Multi_Media_France
   Supprime! - C:\Program Files\MyWebSearch

   -----------\ DEUXIEME PASSAGE
 
   Echec   ! - C:\Program Files\Multi_Media_France	bMult.dll
   Echec   ! - C:\Program Files\Multi_Media_France

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\Multi_Media_France
   C:\Program Files\Multi_Media_France	bMult.dll

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   C:\Program Files\MessengerSkinner
   C:\Program Files\MessengerSkinner\download
   C:\Program Files\MessengerSkinner\MessengerSkinner.exe
   C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
   C:\Program Files\MessengerSkinneresources
   C:\DOCUME~1\edouard\APPLIC~1\MessengerSkinner
   C:\DOCUME~1\edouard\APPLIC~1\MessengerSkinner\Userdata
   C:\Program Files\Instant Access
   C:\Program Files\Instant Access\Center
   C:\Program Files\Instant Access\Dialer
   C:\WINDOWS\System32
vs2.inf
 
   C:\WINDOWS\System32\qkmgmky.dat
   C:\WINDOWS\System32\qkmgmky.exe
   C:\WINDOWS\System32\qkmgmky_nav.dat
   C:\WINDOWS\System32\qkmgmky_navps.dat
   [b]==> EGDACCESS <==/b

   --------------------\  ROGUES ..

   C:\PROGRA~1\SystemDoctor 2006 Free
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
   C:\DOCUME~1\edouard\APPLIC~1\WinAntiVirus Pro 2006




   1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-04|12:42 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 2008-10-04|13:56 - Option : [2]

   -----------\  Fin du rapport a 13:56:15.43

Edoy · Answer

Dernier rapport


Search Navipromo version 3.6.6 commencé le 2008-10-04 à 14:05:21.09

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "edouard" 

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Instant Access
MessengerSkinner

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\Instant Access trouvé !
...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\edouard\applic~1" *** 

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\ANNECH~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\STOESS~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\edouard\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ANNECH~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\STOESS~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\edouard\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ANNECH~1\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\STOESS~1\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_nav.dat.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_navps.dat.vir
C:\WINDOWS\system32\qkmgmky_nav.dat
C:\WINDOWS\system32\qkmgmky_navps.dat
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky.dat.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky.exe.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_nav.dat.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_navps.dat.vir
C:\WINDOWS\system32\qkmgmky.dat
C:\WINDOWS\system32\qkmgmky.exe
C:\WINDOWS\system32\qkmgmky_nav.dat
C:\WINDOWS\system32\qkmgmky_navps.dat


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

Fichiers trouvés :

mgwhvve.exe trouvé ! 

Fichiers suspects :

nsinet.exe trouvé ! 

* Recherche dans "C:\Documents and Settings\edouard\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ANNECH~1\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\STOESS~1\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\Downloaded Program Files\egaccess4.inf trouvé !
C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\system32
vs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

C:\WINDOWS\system32
sinet.exe trouvé !

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\edouard\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ANNECH~1\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\STOESS~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 2008-10-04 à 14:15:18.40 ***

Lyonnais92 · Answer

Re,

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

Remets un rapport RSIT.

Edoy · Answer

Salut ! mon écran est devenu différent (il ne prend pas tout l'éspace et de bandes nours sont apparus ...
Comment résoudre ca ?
MERCI


Clean Navipromo version 3.6.6 commencé le 2008-10-05 à 14:08:38.09

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "edouard" 

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme *** 

Copie vers "C:\Program Files
avilog1\Backupnavi"

Copie C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_nav.dat.vir réalisée avec succès ! 
Copie C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_navps.dat.vir réalisée avec succès ! 
Copie C:\WINDOWS\system32\qkmgmky_nav.dat réalisée avec succès ! 
Copie C:\WINDOWS\system32\qkmgmky_navps.dat réalisée avec succès ! 
Copie C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky.dat.vir réalisée avec succès ! 
Copie C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky.exe.vir réalisée avec succès ! 
Copie C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_nav.dat.vir réalisée avec succès ! 
Copie C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_navps.dat.vir réalisée avec succès ! 
Copie C:\WINDOWS\system32\qkmgmky.dat réalisée avec succès ! 
Copie C:\WINDOWS\system32\qkmgmky.exe réalisée avec succès ! 
Copie C:\WINDOWS\system32\qkmgmky_nav.dat réalisée avec succès ! 
Copie C:\WINDOWS\system32\qkmgmky_navps.dat réalisée avec succès ! 

*** Suppression des fichiers trouvés avec Catchme ***

C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_nav.dat.vir supprimé ! 
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky_navps.dat.vir supprimé ! 
C:\WINDOWS\system32\qkmgmky_nav.dat supprimé ! 
C:\WINDOWS\system32\qkmgmky_navps.dat supprimé ! 
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky.dat.vir supprimé ! 
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmgmky.exe.vir supprimé ! 
C:\WINDOWS\system32\qkmgmky.dat supprimé ! 
C:\WINDOWS\system32\qkmgmky.exe supprimé ! 
 
** 2ème passage avec résultats Catchme ** 

* Dans "C:\WINDOWS\system32" *



* Dans "C:\Documents and Settings\edouard\locals~1\applic~1" * 



*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


mgwhvve.exe trouvé ! 
Copie mgwhvve.exe réalisée avec succès !
mgwhvve.exe supprimé !


* Suppression dans "C:\Documents and Settings\edouard\locals~1\applic~1" * 



* Suppression dans "C:\DOCUME~1\ANNECH~1\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\STOESS~1\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***

...\Instant Access ...suppression... 
...\Instant Access supprimé ! 

...\MessengerSkinner ...suppression... 
...\MessengerSkinner supprimé ! 


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\edouard\applic~1" *** 

...\MessengerSkinner ...suppression... 
...\MessengerSkinner supprimé ! 


*** Suppression dossiers dans "C:\DOCUME~1\ANNECH~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\STOESS~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\edouard\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ANNECH~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\STOESS~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\edouard\menudm~1\progra~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ANNECH~1\menudm~1\progra~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\STOESS~1\menudm~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\egaccess4.inf supprimé !
C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\edouard\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

C:\WINDOWS\system32
sinet.exe trouvé !
Copie C:\WINDOWS\system32
sinet.exe réalisée avec succès !
C:\WINDOWS\system32
sinet.exe supprimé !

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\edouard\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\ANNECH~1\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\STOESS~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 2008-10-05 à 14:13:05.42 ***

Lyonnais92 · Answer

Re,

fais redémarrer l'ordi et remets un rapport RSIT comme demandé.

Edoy · Answer

Merci por l'écran 
voici le rapport rsit:



Logfile of random's system information tool 1.04 (written by random/random)
Run by edouard at 2008-10-05 19:01:45
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 73 GB (64%) free of 114 GB
Total RAM: 511 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:09, on 2008-10-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\VirusRL2009\VirusRL2009.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
D:\install.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\BitComet\BitComet.exe
C:\Downloads\RSIT.exe
C:\Program Files	rend micro\edouard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VRLWarningBHO Class - {0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0} - C:\Program Files\VirusRL2009\AVLWarning.dll (file missing)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.3.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: 267171 helper - {C2E04B8D-ED53-47F9-88A1-298066A66634} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\RunOnce: [WinSideBySideSetupCleanup 500150] rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\500150
O4 - HKLM\..\RunOnce: [WinSideBySideSetupCleanup 500408] rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\500408
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wma info] C:\DOCUME~1\edouard\APPLIC~1\FlawBin\date axis play.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VirusRL2009] "C:\Program Files\VirusRL2009\VirusRL2009.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b360cacbe0e74dc783f42ac1033b63be
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b360cacbe0e74dc783f42ac1033b63be
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://univ-r.u-strasbg.fr/TSWeb/msrdp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210514392_325b0ea5ad37641d3f97a5fc43e6d246&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/onrpg/solidstateion.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeux.wanadoo.fr/online2/insaniquarium/Oberongamesloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Lyonnais92 · Answer

Re,

Ton écran a repris sa forme normale ?


Télécharge Lop S&D ici :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation

Puis double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

Séléctionne la langue souhaitée , puis choisis [b]l'Option 1/b ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )

Edoy · Answer

Re,
Oui l'écran a repris bonne forme.
rapport :


   -----------------------[  Lop S&D 4.2.1-8  XP/Vista  ]---------------------

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : edouard ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 2008-10-06 | 17:31:05.28 ] [ PC : JEAN-LUC ]
   [ MAJ : 24-06-2008 | 11:00 ]
 
   -------------[ Listing des dossiers dans Application Data ]------------  

   [2007-10-13|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
   [2007-12-25|22:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
   [2008-06-07|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [2008-01-10|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [2008-04-17|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
   [2007-11-17|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [2006-12-25|02:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [2007-08-28|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [2003-10-17|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [2008-04-27|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [2006-06-16|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
   [2007-09-05|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
   [2006-11-12|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [2008-10-04|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
   [2006-03-17|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
   [2007-09-22|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HEARTPOKEPROCMORE
   [2008-05-31|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [2003-12-12|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
   [2007-08-31|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [2008-10-03|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [2006-05-06|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [2006-01-21|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [2004-02-11|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [2008-10-03|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak
   [2006-05-19|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberongames
   [2005-02-19|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
   [2007-05-06|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [2007-04-24|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
   [2003-12-12|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [2006-05-15|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [2003-10-17|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [2007-03-02|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [2006-09-10|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
   [2008-10-06|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [2006-11-08|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [2006-04-08|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
   [2005-11-13|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [2006-09-01|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [2007-07-09|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
   [2008-03-01|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [2008-10-03|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [2005-09-19|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [2007-10-21|10:12] C:\DOCUME~1\ANNECH~1\APPLIC~1\5400 Series
   [2008-02-20|17:14] C:\DOCUME~1\ANNECH~1\APPLIC~1\ACD Systems
   [2003-11-22|16:40] C:\DOCUME~1\ANNECH~1\APPLIC~1\Adobe
   [2003-11-22|16:40] C:\DOCUME~1\ANNECH~1\APPLIC~1\AdobeUM
   [2008-02-20|17:14] C:\DOCUME~1\ANNECH~1\APPLIC~1\Apple Computer
   [2006-10-18|09:14] C:\DOCUME~1\ANNECH~1\APPLIC~1\Block Checker
   [2003-10-17|11:43] C:\DOCUME~1\ANNECH~1\APPLIC~1\desktop.ini
   [2007-10-21|10:12] C:\DOCUME~1\ANNECH~1\APPLIC~1\FaxCtr
   [2007-03-02|12:06] C:\DOCUME~1\ANNECH~1\APPLIC~1\Google
   [2006-10-17|19:24] C:\DOCUME~1\ANNECH~1\APPLIC~1\Help
   [2003-10-17|10:52] C:\DOCUME~1\ANNECH~1\APPLIC~1\Identities
   [2004-01-10|20:45] C:\DOCUME~1\ANNECH~1\APPLIC~1\InterVideo
   [2008-10-02|22:35] C:\DOCUME~1\ANNECH~1\APPLIC~1\Lavasoft
   [2006-10-18|09:17] C:\DOCUME~1\ANNECH~1\APPLIC~1\Macromedia
   [2008-02-20|17:13] C:\DOCUME~1\ANNECH~1\APPLIC~1\Microsoft
   [2005-09-10|13:37] C:\DOCUME~1\ANNECH~1\APPLIC~1\Real

   [2003-10-17|11:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [2003-10-17|10:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [2008-07-30|20:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [2003-10-17|10:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [2007-10-13|16:40] C:\DOCUME~1\edouard\APPLIC~1\5400 Series
   [2007-12-25|22:18] C:\DOCUME~1\edouard\APPLIC~1\ACD Systems
   [2008-02-16|11:52] C:\DOCUME~1\edouard\APPLIC~1\Adobe
   [2008-06-07|16:34] C:\DOCUME~1\edouard\APPLIC~1\AdobeUM
   [2008-05-19|08:19] C:\DOCUME~1\edouard\APPLIC~1\Ahead
   [2007-02-21|19:36] C:\DOCUME~1\edouard\APPLIC~1\Apple Computer
   [2007-02-22|22:23] C:\DOCUME~1\edouard\APPLIC~1\Block Checker
   [2007-11-28|13:33] C:\DOCUME~1\edouard\APPLIC~1\ChessBase
   [2007-08-24|16:42] C:\DOCUME~1\edouard\APPLIC~1\CyberLink
   [2003-10-17|11:43] C:\DOCUME~1\edouard\APPLIC~1\desktop.ini
   [2007-09-06|17:04] C:\DOCUME~1\edouard\APPLIC~1\FaxCtr
   [2008-10-03|18:12] C:\DOCUME~1\edouard\APPLIC~1\FlawBin
   [2007-10-03|00:45] C:\DOCUME~1\edouard\APPLIC~1\GetRightToGo
   [2006-09-22|16:17] C:\DOCUME~1\edouard\APPLIC~1\Google
   [2003-12-11|13:38] C:\DOCUME~1\edouard\APPLIC~1\Help
   [2007-02-17|15:12] C:\DOCUME~1\edouard\APPLIC~1\Identities
   [2007-10-13|21:32] C:\DOCUME~1\edouard\APPLIC~1\InstallShield
   [2003-11-22|18:00] C:\DOCUME~1\edouard\APPLIC~1\InterVideo
   [2007-09-05|21:07] C:\DOCUME~1\edouard\APPLIC~1\Lexmark Productivity Studio
   [2006-05-21|13:42] C:\DOCUME~1\edouard\APPLIC~1\Macromedia
   [2008-09-24|13:05] C:\DOCUME~1\edouard\APPLIC~1\Microsoft
   [2007-05-06|15:00] C:\DOCUME~1\edouard\APPLIC~1\PlayFirst
   [2005-06-30|20:38] C:\DOCUME~1\edouard\APPLIC~1\Real
   [2007-12-25|15:39] C:\DOCUME~1\edouard\APPLIC~1\Screenshot Sender
   [2007-08-28|13:46] C:\DOCUME~1\edouard\APPLIC~1\SecuROM
   [2006-04-08|20:07] C:\DOCUME~1\edouard\APPLIC~1\Sun
   [2006-12-28|18:10] C:\DOCUME~1\edouard\APPLIC~1\Symantec
   [2005-06-30|20:36] C:\DOCUME~1\edouard\APPLIC~1\Template
   [2008-04-06|11:44] C:\DOCUME~1\edouard\APPLIC~1\U3
   [2006-03-31|13:10] C:\DOCUME~1\edouard\APPLIC~1\WinAntiVirus Pro 2006
   [2008-08-25|15:23] C:\DOCUME~1\edouard\APPLIC~1\WinRAR
   [2006-07-09|22:04] C:\DOCUME~1\edouard\APPLIC~1\Wormux
   [2008-10-04|18:09] C:\DOCUME~1\edouard\APPLIC~1\Xfire
   [2007-02-17|15:12] C:\DOCUME~1\edouard\APPLIC~1\Zylom

   [2007-04-24|16:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [2003-10-17|10:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [2005-03-30|14:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

   [2007-10-13|14:08] C:\DOCUME~1\STOESS~1\APPLIC~1\5400 Series
   [2007-12-26|16:17] C:\DOCUME~1\STOESS~1\APPLIC~1\ACD Systems
   [2008-02-18|21:03] C:\DOCUME~1\STOESS~1\APPLIC~1\Adobe
   [2008-03-14|10:28] C:\DOCUME~1\STOESS~1\APPLIC~1\AdobeUM
   [2003-11-22|17:55] C:\DOCUME~1\STOESS~1\APPLIC~1\Ahead
   [2007-02-04|16:50] C:\DOCUME~1\STOESS~1\APPLIC~1\Apple Computer
   [2006-10-22|17:48] C:\DOCUME~1\STOESS~1\APPLIC~1\Block Checker
   [2006-01-03|22:45] C:\DOCUME~1\STOESS~1\APPLIC~1\ChessBase
   [2003-10-17|11:43] C:\DOCUME~1\STOESS~1\APPLIC~1\desktop.ini
   [2004-09-15|09:34] C:\DOCUME~1\STOESS~1\APPLIC~1\dm.ini
   [2007-09-07|10:48] C:\DOCUME~1\STOESS~1\APPLIC~1\FaxCtr
   [2007-03-02|13:00] C:\DOCUME~1\STOESS~1\APPLIC~1\FlawBin
   [2006-09-24|10:34] C:\DOCUME~1\STOESS~1\APPLIC~1\Google
   [2006-03-17|16:07] C:\DOCUME~1\STOESS~1\APPLIC~1\GTek
   [2004-05-20|20:01] C:\DOCUME~1\STOESS~1\APPLIC~1\Help
   [2003-10-17|10:52] C:\DOCUME~1\STOESS~1\APPLIC~1\Identities
   [2004-01-03|20:10] C:\DOCUME~1\STOESS~1\APPLIC~1\InterVideo
   [2004-10-24|13:08] C:\DOCUME~1\STOESS~1\APPLIC~1\Macromedia
   [2007-05-17|19:02] C:\DOCUME~1\STOESS~1\APPLIC~1\Microsoft
   [2006-08-30|17:36] C:\DOCUME~1\STOESS~1\APPLIC~1\Microsoft Web Folders
   [2004-02-12|17:16] C:\DOCUME~1\STOESS~1\APPLIC~1\MSN6
   [2008-08-25|14:07] C:\DOCUME~1\STOESS~1\APPLIC~1\Real
   [2006-12-09|20:57] C:\DOCUME~1\STOESS~1\APPLIC~1\Skype
   [2006-04-14|10:01] C:\DOCUME~1\STOESS~1\APPLIC~1\Sun
   [2003-12-21|15:36] C:\DOCUME~1\STOESS~1\APPLIC~1\Symantec
   [2003-12-22|20:06] C:\DOCUME~1\STOESS~1\APPLIC~1\Template
   [2006-03-30|17:11] C:\DOCUME~1\STOESS~1\APPLIC~1\WinAntiVirus Pro 2006
   [2007-03-02|13:02] C:\DOCUME~1\STOESS~1\APPLIC~1\winthirdmapi
   [2006-07-10|12:12] C:\DOCUME~1\STOESS~1\APPLIC~1\Wormux
 
   ----------------[ Tâches planifiées dans C:\WINDOWS	asks ]---------------

   [2008-10-05 20:00][--ah-----] C:\WINDOWS	asks\AC7EE90B9189651B.job
   [2008-10-05 20:24][--a------] C:\WINDOWS	asks\V‚rifier les mises … jour de Windows Live Toolbar.job
   [2008-08-25 12:18][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [2008-10-06 17:26][--ah-----] C:\WINDOWS	asks\SA.DAT
   [2002-08-30 14:00][-r-h-c---] C:\WINDOWS	asks\desktop.ini

   AC7EE90B9189651B.job  <-->  c:\docume~1\edouard\applic~1\flawbin\Doespokecurb.exe
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [2003-11-22|16:32] C:\Program Files\%ALLUSERSPROFILE%
   [2007-10-13|14:41] C:\Program Files\Abbyy FineReader 6.0 Sprint
   [2007-12-25|22:17] C:\Program Files\ACD Systems
   [2008-06-07|16:32] C:\Program Files\Adobe
   [2007-09-22|23:16] C:\Program Files\Adverts
   [2007-09-19|12:05] C:\Program Files\Ahead
   [2007-03-02|12:26] C:\Program Files\Alwil Software
   [2007-11-17|17:05] C:\Program Files\Apple Software Update
   [2006-01-07|12:26] C:\Program Files\Atout Clic 6e
   [2007-05-29|19:41] C:\Program Files\Bethesda Softworks
   [2007-10-18|22:25] C:\Program Files\BFG
   [2007-10-18|22:25] C:\Program Files\bfgtoolbar
   [2008-10-03|19:12] C:\Program Files\BitComet
   [2007-10-06|18:02] C:\Program Files\Boonty
   [2007-09-19|12:02] C:\Program Files\BoontyGames
   [2005-06-05|10:22] C:\Program Files\Canon
   [2006-08-30|15:46] C:\Program Files\CCleaner
   [2007-11-28|13:33] C:\Program Files\ChessBase
   [2007-12-20|21:52] C:\Program Files\Circle Developement
   [2008-10-04|00:06] C:\Program Files\Common Files
   [2007-09-18|10:37] C:\Program Files\Copernic Desktop Search 2
   [2004-01-02|15:40] C:\Program Files\Cryo
   [2004-12-18|11:51] C:\Program Files\Cryo Interactive
   [2007-08-24|16:36] C:\Program Files\CyberLink
   [2006-06-17|17:02] C:\Program Files\Disney Imagineering
   [2005-11-30|21:26] C:\Program Files\Disney Interactive
   [2008-08-25|11:47] C:\Program Files\Dofus
   [2007-11-03|19:20] C:\Program Files\DofusArena2
   [2008-04-27|17:11] C:\Program Files\DVD Shrink
   [2007-08-18|12:29] C:\Program Files\EA GAMES
   [2004-01-05|13:19] C:\Program Files\Eko
   [2008-09-28|14:22] C:\Program Files\eMule
   [2008-10-03|23:01] C:\Program Files\Fichiers communs
   [2008-10-03|18:10] C:\Program Files\FlawBin
   [2007-09-19|12:05] C:\Program Files\Freeciv-2.0.9-gtk2
   [2008-09-18|19:07] C:\Program Files\GameTribe
   [2008-08-26|10:33] C:\Program Files\Google
   [2008-05-31|12:42] C:\Program Files\Gpotato.eu
   [2004-03-15|18:31] C:\Program Files\Heart Of Darkness Mini-Jeu
   [2006-03-17|16:10] C:\Program Files\Hewlett-Packard
   [2007-10-06|18:05] C:\Program Files\Hip Interactive
   [2007-05-17|19:02] C:\Program Files\Hp
   [2006-10-14|17:42] C:\Program Files\Infogrames
   [2008-10-04|18:03] C:\Program Files\InstallShield Installation Information
   [2004-07-26|22:52] C:\Program Files\InterActual
   [2008-08-25|15:51] C:\Program Files\Internet Explorer
   [2007-08-16|23:42] C:\Program Files\InterVideo
   [2007-11-17|17:13] C:\Program Files\iPod
   [2007-11-17|17:13] C:\Program Files\iTunes
   [2008-05-11|16:05] C:\Program Files\Java
   [2006-08-30|17:12] C:\Program Files\Jeux classiques
   [2005-02-25|13:04] C:\Program Files\KONAMI
   [2007-09-19|12:05] C:\Program Files\Le Mystere de la Momie
   [2007-10-18|22:26] C:\Program Files\Lexmark 5400 Series
   [2007-09-05|20:20] C:\Program Files\Lexmark Fax Solutions
   [2007-10-13|14:25] C:\Program Files\Lexmark Toolbar
   [2005-12-25|11:46] C:\Program Files\Lionhead Studios
   [2005-12-18|21:31] C:\Program Files\Lochness
   [2008-10-06|17:27] C:\Program Files\Lx_cats
   [2008-10-03|23:31] C:\Program Files\Malwarebytes' Anti-Malware
   [2006-01-25|22:38] C:\Program Files\Maxis
   [2007-10-18|22:26] C:\Program Files\Messager Wanadoo
   [2008-08-25|15:52] C:\Program Files\Messenger
   [2008-08-28|13:36] C:\Program Files\Messenger Plus! Live
   [2006-04-08|20:31] C:\Program Files\MessengerPlus! 3
   [2007-05-09|22:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [2006-08-30|17:35] C:\Program Files\microsoft frontpage
   [2006-12-25|12:10] C:\Program Files\Microsoft Games
   [2006-08-30|17:36] C:\Program Files\Microsoft Office
   [2006-08-30|17:42] C:\Program Files\Microsoft Visual Studio
   [2007-10-18|22:26] C:\Program Files\Microsoft Works
   [2007-10-30|19:42] C:\Program Files\Midway Games
   [2008-06-13|18:03] C:\Program Files\Mindscape
   [2005-08-31|23:47] C:\Program Files\Montparnasse Multimedia
   [2006-04-05|12:42] C:\Program Files\Montparnasse Multimedia - France T‚l‚com
   [2007-09-19|12:05] C:\Program Files\Montparnasse multimedia - GEO
   [2007-10-18|22:26] C:\Program Files\Movie Maker
   [2003-10-17|10:47] C:\Program Files\MSN
   [2003-10-17|10:46] C:\Program Files\MSN Gaming Zone
   [2007-12-20|21:52] C:\Program Files\MSN Messenger
   [2008-10-04|13:53] C:\Program Files\Multi_Media_France
   [2008-10-05|14:13] C:\Program Files\Navilog1
   [2007-10-13|21:32] C:\Program Files\NCSoft
   [2007-09-19|12:05] C:\Program Files\NetMeeting
   [2005-11-13|18:36] C:\Program Files\OfficeUpdate11
   [2006-05-31|19:08] C:\Program Files\orange
   [2007-06-13|15:18] C:\Program Files\Outlook Express
   [2008-10-04|16:18] C:\Program Files\PhotoFiltre
   [2008-10-04|19:12] C:\Program Files\Picasa2
   [2007-11-17|17:11] C:\Program Files\QuickTime
   [2005-06-17|17:34] C:\Program Files\Real
   [2005-10-08|13:22] C:\Program Files\Remote Desktop
   [2003-10-17|10:48] C:\Program Files\Services en ligne
   [2003-10-17|10:57] C:\Program Files\SigmaTel
   [2007-10-06|18:10] C:\Program Files\SM
   [2008-10-04|00:12] C:\Program Files\SpyNoMore
   [2008-05-11|16:05] C:\Program Files\Sun
   [2007-03-02|18:07] C:\Program Files\Symantec
   [2008-10-03|23:32] C:\Program Files\SystemDoctor 2006 Free
   [2007-09-19|12:05] C:\Program Files\Tap'Touche
   [2008-10-04|18:03] C:\Program Files\THQ
   [2003-11-30|11:51] C:\Program Files\TLC-Edusoft
   [2008-10-05|19:01] C:\Program Files	rend micro
   [2008-06-06|16:48] C:\Program Files\TRXDownloader
   [2004-08-23|10:26] C:\Program Files\Ubi Soft
   [2004-08-25|18:29] C:\Program Files\Uninstall Information
   [2008-05-12|12:25] C:\Program Files\UP
   [2008-10-02|19:12] C:\Program Files\VirusRL2009
   [2008-09-29|09:58] C:\Program Files\Wanadoo
   [2006-08-30|17:12] C:\Program Files\Wanadoo Jeux
   [2007-10-18|22:26] C:\Program Files\Wanadoo Messager
   [2008-06-14|21:16] C:\Program Files\WarRock
   [2008-10-04|13:29] C:\Program Files\WAV
   [2006-08-16|13:41] C:\Program Files\Windows Journal Viewer
   [2007-07-09|12:04] C:\Program Files\Windows Live
   [2008-08-26|14:47] C:\Program Files\Windows Live Safety Center
   [2007-11-01|01:05] C:\Program Files\Windows Live Toolbar
   [2007-10-18|22:26] C:\Program Files\Windows Media Player
   [2004-10-23|19:14] C:\Program Files\Windows NT
   [2008-07-13|14:00] C:\Program Files\WinRAR
   [2003-10-17|10:49] C:\Program Files\xerox
   [2008-10-04|18:09] C:\Program Files\Xfire
   [2008-06-13|18:06] C:\Program Files\Xvid
   [2008-10-03|18:33] C:\Program Files\Yahoo!
   [2007-02-18|12:15] C:\Program Files\Zylom Games
  
   ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
   
   [2007-12-25|22:18] C:\Program Files\Fichiers communs\ACD Systems
   [2008-01-27|13:22] C:\Program Files\Fichiers communs\Adobe
   [2008-01-10|22:34] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [2003-11-22|17:36] C:\Program Files\Fichiers communs\Ahead
   [2003-12-01|20:41] C:\Program Files\Fichiers communs\AOL
   [2007-11-17|17:03] C:\Program Files\Fichiers communs\Apple
   [2007-12-03|20:59] C:\Program Files\Fichiers communs\Blizzard Entertainment
   [2007-08-28|13:23] C:\Program Files\Fichiers communs\BOONTY Shared
   [2006-08-30|17:42] C:\Program Files\Fichiers communs\Designer
   [2007-10-30|17:53] C:\Program Files\Fichiers communs\i4j_jres
   [2008-05-31|12:42] C:\Program Files\Fichiers communs\InstallShield
   [2008-05-11|16:00] C:\Program Files\Fichiers communs\Java
   [2007-08-31|22:30] C:\Program Files\Fichiers communs\Macrovision Shared
   [2008-03-01|12:24] C:\Program Files\Fichiers communs\Microsoft Shared
   [2003-10-17|10:48] C:\Program Files\Fichiers communs\MSSoap
   [2005-06-17|17:35] C:\Program Files\Fichiers communs\Real
   [2003-10-17|10:48] C:\Program Files\Fichiers communs\Services
   [2003-10-17|11:44] C:\Program Files\Fichiers communs\SpeechEngines
   [2007-03-03|18:59] C:\Program Files\Fichiers communs\Symantec Shared
   [2007-06-13|15:18] C:\Program Files\Fichiers communs\System
   [2007-09-19|12:05] C:\Program Files\Fichiers communs\Vbox
   [2008-03-01|12:23] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [2005-06-17|17:35] C:\Program Files\Fichiers communs\xing shared

   ---------------------------[ Process ]--------------------------

   ... 49

   iexplore.exe ~ [3180]
   iexplore.exe ~ [3268]
   iexplore.exe ~ [3312]

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak\bias rule.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak\Ford Save.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak\part body.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\aqejbxjv.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\date axis play.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\Does poke curb.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\exftbpmo.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\giqoneuo.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\hejuvbhm.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\hifvvzsn.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\hmcnwrqu.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\isxdmbtx.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\jzwvpetn.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\mjelbfii.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\mpuzlzza.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin
cljqeyq.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\qsxiokkf.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbinjciephn.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\TeamFaceInternetItch.exe
   C:\DOCUME~1\edouard\APPLIC~1\flawbin\wiqdtxvl.exe
   C:\DOCUME~1\STOESS~1\APPLIC~1\flawbin
   C:\Program Files\flawbin
   C:\Program Files\Adverts
   C:\Program Files\Circle Developement
   C:\Program Files\Circle Developement\Uninstall.exe
   C:\Program Files\Multi_Media_France
   C:\Program Files\Multi_Media_France	bMult.dll
   C:\WINDOWS\Prefetch\DATE AXIS PLAY.EXE-1610F5FD.pf
   C:\WINDOWS\Prefetch\DOES POKE CURB.EXE-2CC1D631.pf
   C:\WINDOWS\Tasks\AC7EE90B9189651B.job
 
   ----------------------[ Verification du Registre ]----------------------

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "wma info"="C:\DOCUME~1\edouard\APPLIC~1\FlawBin\date axis play.exe"

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-06 17:32:30
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------


   Aucune autre infection trouvée  !

   [F:11][D:3]-> C:\DOCUME~1\edouard\LOCALS~1\Temp
   [F:112][D:0]-> C:\DOCUME~1\edouard\Cookies
   [F:434][D:7]-> C:\DOCUME~1\edouard\LOCALS~1\TEMPOR~1\content.IE5

   --------------------[ Fin du rapport a 17:33:38.26  ]----------------------

Lyonnais92 · Answer

Re,

Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

 Nouvelle tâche, tape explorer.exe et valide )

Remets aussi un rapport RSIT.

Edoy · Answer

RE,
voici les 2 raports :
1)

-----------------------[  Lop S&D 4.2.1-8  XP/Vista  ]---------------------

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : edouard ] [ "C:\Lop SD" ] [ Selection : 2 ]
   [ 2008-10-07 | 17:58:22.32 ] [ PC : JEAN-LUC ]
   [ MAJ : 24-06-2008 | 11:00 ]


   \\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak\bias rule.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak\Ford Save.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak\part body.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\aqejbxjv.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\date axis play.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\Does poke curb.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\exftbpmo.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\giqoneuo.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\hejuvbhm.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\hifvvzsn.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\hmcnwrqu.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\isxdmbtx.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\jzwvpetn.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\mjelbfii.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\mpuzlzza.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin
cljqeyq.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\qsxiokkf.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbinjciephn.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\TeamFaceInternetItch.exe
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin\wiqdtxvl.exe
   Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
   Supprime! - C:\Program Files\Multi_Media_France	bMult.dll
   Supprime! - C:\WINDOWS\Prefetch\DATE AXIS PLAY.EXE-1610F5FD.pf 
   Supprime! - C:\WINDOWS\Prefetch\DOES POKE CURB.EXE-2CC1D631.pf 
   Supprime! - C:\WINDOWS\Tasks\AC7EE90B9189651B.job 
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Noun Love Bits Peak
   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\flawbin
   Supprime! - C:\DOCUME~1\STOESS~1\APPLIC~1\flawbin
   Supprime! - C:\Program Files\flawbin
   Supprime! - C:\Program Files\Adverts
   Supprime! - C:\Program Files\Circle Developement
   Supprime! - C:\Program Files\Multi_Media_France
   RestaurÚ! - Fichier Hosts
 
   //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\ 

   Supprime! - C:\DOCUME~1\edouard\APPLIC~1\WinAntiVirus Pro 2006
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
 
   //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\

 
   -------------[ Listing des dossiers dans Application Data ]------------  

   [2007-10-13|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
   [2007-12-25|22:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
   [2008-06-07|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [2008-01-10|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [2008-04-17|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
   [2007-11-17|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [2006-12-25|02:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [2007-08-28|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [2003-10-17|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [2008-04-27|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [2006-06-16|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
   [2007-09-05|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
   [2006-11-12|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [2008-10-04|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
   [2006-03-17|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
   [2007-09-22|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HEARTPOKEPROCMORE
   [2008-05-31|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [2003-12-12|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
   [2007-08-31|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [2008-10-03|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [2006-05-06|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [2006-01-21|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [2004-02-11|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [2006-05-19|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberongames
   [2005-02-19|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
   [2007-05-06|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [2007-04-24|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
   [2003-12-12|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [2006-05-15|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [2003-10-17|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [2007-03-02|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [2006-09-10|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
   [2008-10-07|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [2006-11-08|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [2005-11-13|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [2006-09-01|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [2007-07-09|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
   [2008-03-01|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [2008-10-03|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [2005-09-19|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [2007-10-21|10:12] C:\DOCUME~1\ANNECH~1\APPLIC~1\5400 Series
   [2008-02-20|17:14] C:\DOCUME~1\ANNECH~1\APPLIC~1\ACD Systems
   [2003-11-22|16:40] C:\DOCUME~1\ANNECH~1\APPLIC~1\Adobe
   [2003-11-22|16:40] C:\DOCUME~1\ANNECH~1\APPLIC~1\AdobeUM
   [2008-02-20|17:14] C:\DOCUME~1\ANNECH~1\APPLIC~1\Apple Computer
   [2006-10-18|09:14] C:\DOCUME~1\ANNECH~1\APPLIC~1\Block Checker
   [2003-10-17|11:43] C:\DOCUME~1\ANNECH~1\APPLIC~1\desktop.ini
   [2007-10-21|10:12] C:\DOCUME~1\ANNECH~1\APPLIC~1\FaxCtr
   [2007-03-02|12:06] C:\DOCUME~1\ANNECH~1\APPLIC~1\Google
   [2006-10-17|19:24] C:\DOCUME~1\ANNECH~1\APPLIC~1\Help
   [2003-10-17|10:52] C:\DOCUME~1\ANNECH~1\APPLIC~1\Identities
   [2004-01-10|20:45] C:\DOCUME~1\ANNECH~1\APPLIC~1\InterVideo
   [2008-10-02|22:35] C:\DOCUME~1\ANNECH~1\APPLIC~1\Lavasoft
   [2006-10-18|09:17] C:\DOCUME~1\ANNECH~1\APPLIC~1\Macromedia
   [2008-02-20|17:13] C:\DOCUME~1\ANNECH~1\APPLIC~1\Microsoft
   [2005-09-10|13:37] C:\DOCUME~1\ANNECH~1\APPLIC~1\Real

   [2003-10-17|11:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [2003-10-17|10:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [2008-07-30|20:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [2003-10-17|10:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [2007-10-13|16:40] C:\DOCUME~1\edouard\APPLIC~1\5400 Series
   [2007-12-25|22:18] C:\DOCUME~1\edouard\APPLIC~1\ACD Systems
   [2008-02-16|11:52] C:\DOCUME~1\edouard\APPLIC~1\Adobe
   [2008-06-07|16:34] C:\DOCUME~1\edouard\APPLIC~1\AdobeUM
   [2008-05-19|08:19] C:\DOCUME~1\edouard\APPLIC~1\Ahead
   [2007-02-21|19:36] C:\DOCUME~1\edouard\APPLIC~1\Apple Computer
   [2007-02-22|22:23] C:\DOCUME~1\edouard\APPLIC~1\Block Checker
   [2007-11-28|13:33] C:\DOCUME~1\edouard\APPLIC~1\ChessBase
   [2007-08-24|16:42] C:\DOCUME~1\edouard\APPLIC~1\CyberLink
   [2003-10-17|11:43] C:\DOCUME~1\edouard\APPLIC~1\desktop.ini
   [2007-09-06|17:04] C:\DOCUME~1\edouard\APPLIC~1\FaxCtr
   [2007-10-03|00:45] C:\DOCUME~1\edouard\APPLIC~1\GetRightToGo
   [2006-09-22|16:17] C:\DOCUME~1\edouard\APPLIC~1\Google
   [2003-12-11|13:38] C:\DOCUME~1\edouard\APPLIC~1\Help
   [2007-02-17|15:12] C:\DOCUME~1\edouard\APPLIC~1\Identities
   [2007-10-13|21:32] C:\DOCUME~1\edouard\APPLIC~1\InstallShield
   [2003-11-22|18:00] C:\DOCUME~1\edouard\APPLIC~1\InterVideo
   [2007-09-05|21:07] C:\DOCUME~1\edouard\APPLIC~1\Lexmark Productivity Studio
   [2006-05-21|13:42] C:\DOCUME~1\edouard\APPLIC~1\Macromedia
   [2008-09-24|13:05] C:\DOCUME~1\edouard\APPLIC~1\Microsoft
   [2007-05-06|15:00] C:\DOCUME~1\edouard\APPLIC~1\PlayFirst
   [2005-06-30|20:38] C:\DOCUME~1\edouard\APPLIC~1\Real
   [2007-12-25|15:39] C:\DOCUME~1\edouard\APPLIC~1\Screenshot Sender
   [2007-08-28|13:46] C:\DOCUME~1\edouard\APPLIC~1\SecuROM
   [2006-04-08|20:07] C:\DOCUME~1\edouard\APPLIC~1\Sun
   [2006-12-28|18:10] C:\DOCUME~1\edouard\APPLIC~1\Symantec
   [2005-06-30|20:36] C:\DOCUME~1\edouard\APPLIC~1\Template
   [2008-04-06|11:44] C:\DOCUME~1\edouard\APPLIC~1\U3
   [2008-08-25|15:23] C:\DOCUME~1\edouard\APPLIC~1\WinRAR
   [2006-07-09|22:04] C:\DOCUME~1\edouard\APPLIC~1\Wormux
   [2008-10-04|18:09] C:\DOCUME~1\edouard\APPLIC~1\Xfire
   [2007-02-17|15:12] C:\DOCUME~1\edouard\APPLIC~1\Zylom

   [2007-04-24|16:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [2003-10-17|10:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [2005-03-30|14:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

   [2007-10-13|14:08] C:\DOCUME~1\STOESS~1\APPLIC~1\5400 Series
   [2007-12-26|16:17] C:\DOCUME~1\STOESS~1\APPLIC~1\ACD Systems
   [2008-02-18|21:03] C:\DOCUME~1\STOESS~1\APPLIC~1\Adobe
   [2008-03-14|10:28] C:\DOCUME~1\STOESS~1\APPLIC~1\AdobeUM
   [2003-11-22|17:55] C:\DOCUME~1\STOESS~1\APPLIC~1\Ahead
   [2007-02-04|16:50] C:\DOCUME~1\STOESS~1\APPLIC~1\Apple Computer
   [2006-10-22|17:48] C:\DOCUME~1\STOESS~1\APPLIC~1\Block Checker
   [2006-01-03|22:45] C:\DOCUME~1\STOESS~1\APPLIC~1\ChessBase
   [2003-10-17|11:43] C:\DOCUME~1\STOESS~1\APPLIC~1\desktop.ini
   [2004-09-15|09:34] C:\DOCUME~1\STOESS~1\APPLIC~1\dm.ini
   [2007-09-07|10:48] C:\DOCUME~1\STOESS~1\APPLIC~1\FaxCtr
   [2006-09-24|10:34] C:\DOCUME~1\STOESS~1\APPLIC~1\Google
   [2006-03-17|16:07] C:\DOCUME~1\STOESS~1\APPLIC~1\GTek
   [2004-05-20|20:01] C:\DOCUME~1\STOESS~1\APPLIC~1\Help
   [2003-10-17|10:52] C:\DOCUME~1\STOESS~1\APPLIC~1\Identities
   [2004-01-03|20:10] C:\DOCUME~1\STOESS~1\APPLIC~1\InterVideo
   [2004-10-24|13:08] C:\DOCUME~1\STOESS~1\APPLIC~1\Macromedia
   [2007-05-17|19:02] C:\DOCUME~1\STOESS~1\APPLIC~1\Microsoft
   [2006-08-30|17:36] C:\DOCUME~1\STOESS~1\APPLIC~1\Microsoft Web Folders
   [2004-02-12|17:16] C:\DOCUME~1\STOESS~1\APPLIC~1\MSN6
   [2008-08-25|14:07] C:\DOCUME~1\STOESS~1\APPLIC~1\Real
   [2006-12-09|20:57] C:\DOCUME~1\STOESS~1\APPLIC~1\Skype
   [2006-04-14|10:01] C:\DOCUME~1\STOESS~1\APPLIC~1\Sun
   [2003-12-21|15:36] C:\DOCUME~1\STOESS~1\APPLIC~1\Symantec
   [2003-12-22|20:06] C:\DOCUME~1\STOESS~1\APPLIC~1\Template
   [2006-03-30|17:11] C:\DOCUME~1\STOESS~1\APPLIC~1\WinAntiVirus Pro 2006
   [2007-03-02|13:02] C:\DOCUME~1\STOESS~1\APPLIC~1\winthirdmapi
   [2006-07-10|12:12] C:\DOCUME~1\STOESS~1\APPLIC~1\Wormux
 
   ----------------[ Tâches planifiées dans C:\WINDOWS	asks ]---------------

   [2008-10-07 17:24][--a------] C:\WINDOWS	asks\V‚rifier les mises … jour de Windows Live Toolbar.job
   [2008-08-25 12:18][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [2008-10-07 15:57][--ah-----] C:\WINDOWS	asks\SA.DAT
   [2002-08-30 14:00][-r-h-c---] C:\WINDOWS	asks\desktop.ini
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [2003-11-22|16:32] C:\Program Files\%ALLUSERSPROFILE%
   [2007-10-13|14:41] C:\Program Files\Abbyy FineReader 6.0 Sprint
   [2007-12-25|22:17] C:\Program Files\ACD Systems
   [2008-06-07|16:32] C:\Program Files\Adobe
   [2007-09-19|12:05] C:\Program Files\Ahead
   [2007-03-02|12:26] C:\Program Files\Alwil Software
   [2007-11-17|17:05] C:\Program Files\Apple Software Update
   [2006-01-07|12:26] C:\Program Files\Atout Clic 6e
   [2007-05-29|19:41] C:\Program Files\Bethesda Softworks
   [2007-10-18|22:25] C:\Program Files\BFG
   [2007-10-18|22:25] C:\Program Files\bfgtoolbar
   [2008-10-03|19:12] C:\Program Files\BitComet
   [2007-10-06|18:02] C:\Program Files\Boonty
   [2007-09-19|12:02] C:\Program Files\BoontyGames
   [2005-06-05|10:22] C:\Program Files\Canon
   [2006-08-30|15:46] C:\Program Files\CCleaner
   [2007-11-28|13:33] C:\Program Files\ChessBase
   [2008-10-04|00:06] C:\Program Files\Common Files
   [2007-09-18|10:37] C:\Program Files\Copernic Desktop Search 2
   [2004-01-02|15:40] C:\Program Files\Cryo
   [2004-12-18|11:51] C:\Program Files\Cryo Interactive
   [2007-08-24|16:36] C:\Program Files\CyberLink
   [2006-06-17|17:02] C:\Program Files\Disney Imagineering
   [2005-11-30|21:26] C:\Program Files\Disney Interactive
   [2008-08-25|11:47] C:\Program Files\Dofus
   [2007-11-03|19:20] C:\Program Files\DofusArena2
   [2008-04-27|17:11] C:\Program Files\DVD Shrink
   [2007-08-18|12:29] C:\Program Files\EA GAMES
   [2004-01-05|13:19] C:\Program Files\Eko
   [2008-09-28|14:22] C:\Program Files\eMule
   [2008-10-03|23:01] C:\Program Files\Fichiers communs
   [2007-09-19|12:05] C:\Program Files\Freeciv-2.0.9-gtk2
   [2008-09-18|19:07] C:\Program Files\GameTribe
   [2008-08-26|10:33] C:\Program Files\Google
   [2008-05-31|12:42] C:\Program Files\Gpotato.eu
   [2004-03-15|18:31] C:\Program Files\Heart Of Darkness Mini-Jeu
   [2006-03-17|16:10] C:\Program Files\Hewlett-Packard
   [2007-10-06|18:05] C:\Program Files\Hip Interactive
   [2007-05-17|19:02] C:\Program Files\Hp
   [2006-10-14|17:42] C:\Program Files\Infogrames
   [2008-10-04|18:03] C:\Program Files\InstallShield Installation Information
   [2004-07-26|22:52] C:\Program Files\InterActual
   [2008-08-25|15:51] C:\Program Files\Internet Explorer
   [2007-08-16|23:42] C:\Program Files\InterVideo
   [2007-11-17|17:13] C:\Program Files\iPod
   [2007-11-17|17:13] C:\Program Files\iTunes
   [2008-05-11|16:05] C:\Program Files\Java
   [2006-08-30|17:12] C:\Program Files\Jeux classiques
   [2005-02-25|13:04] C:\Program Files\KONAMI
   [2007-09-19|12:05] C:\Program Files\Le Mystere de la Momie
   [2007-10-18|22:26] C:\Program Files\Lexmark 5400 Series
   [2007-09-05|20:20] C:\Program Files\Lexmark Fax Solutions
   [2007-10-13|14:25] C:\Program Files\Lexmark Toolbar
   [2005-12-25|11:46] C:\Program Files\Lionhead Studios
   [2005-12-18|21:31] C:\Program Files\Lochness
   [2008-10-07|17:42] C:\Program Files\Lx_cats
   [2008-10-03|23:31] C:\Program Files\Malwarebytes' Anti-Malware
   [2006-01-25|22:38] C:\Program Files\Maxis
   [2007-10-18|22:26] C:\Program Files\Messager Wanadoo
   [2008-08-25|15:52] C:\Program Files\Messenger
   [2008-08-28|13:36] C:\Program Files\Messenger Plus! Live
   [2006-04-08|20:31] C:\Program Files\MessengerPlus! 3
   [2007-05-09|22:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [2006-08-30|17:35] C:\Program Files\microsoft frontpage
   [2006-12-25|12:10] C:\Program Files\Microsoft Games
   [2006-08-30|17:36] C:\Program Files\Microsoft Office
   [2006-08-30|17:42] C:\Program Files\Microsoft Visual Studio
   [2007-10-18|22:26] C:\Program Files\Microsoft Works
   [2007-10-30|19:42] C:\Program Files\Midway Games
   [2008-06-13|18:03] C:\Program Files\Mindscape
   [2005-08-31|23:47] C:\Program Files\Montparnasse Multimedia
   [2006-04-05|12:42] C:\Program Files\Montparnasse Multimedia - France T‚l‚com
   [2007-09-19|12:05] C:\Program Files\Montparnasse multimedia - GEO
   [2007-10-18|22:26] C:\Program Files\Movie Maker
   [2003-10-17|10:47] C:\Program Files\MSN
   [2003-10-17|10:46] C:\Program Files\MSN Gaming Zone
   [2007-12-20|21:52] C:\Program Files\MSN Messenger
   [2008-10-05|14:13] C:\Program Files\Navilog1
   [2007-10-13|21:32] C:\Program Files\NCSoft
   [2007-09-19|12:05] C:\Program Files\NetMeeting
   [2005-11-13|18:36] C:\Program Files\OfficeUpdate11
   [2006-05-31|19:08] C:\Program Files\orange
   [2007-06-13|15:18] C:\Program Files\Outlook Express
   [2008-10-04|16:18] C:\Program Files\PhotoFiltre
   [2008-10-04|19:12] C:\Program Files\Picasa2
   [2007-11-17|17:11] C:\Program Files\QuickTime
   [2005-06-17|17:34] C:\Program Files\Real
   [2005-10-08|13:22] C:\Program Files\Remote Desktop
   [2003-10-17|10:48] C:\Program Files\Services en ligne
   [2003-10-17|10:57] C:\Program Files\SigmaTel
   [2007-10-06|18:10] C:\Program Files\SM
   [2008-10-04|00:12] C:\Program Files\SpyNoMore
   [2008-05-11|16:05] C:\Program Files\Sun
   [2007-03-02|18:07] C:\Program Files\Symantec
   [2008-10-03|23:32] C:\Program Files\SystemDoctor 2006 Free
   [2007-09-19|12:05] C:\Program Files\Tap'Touche
   [2008-10-04|18:03] C:\Program Files\THQ
   [2003-11-30|11:51] C:\Program Files\TLC-Edusoft
   [2008-10-05|19:01] C:\Program Files	rend micro
   [2008-06-06|16:48] C:\Program Files\TRXDownloader
   [2004-08-23|10:26] C:\Program Files\Ubi Soft
   [2004-08-25|18:29] C:\Program Files\Uninstall Information
   [2008-05-12|12:25] C:\Program Files\UP
   [2008-10-02|19:12] C:\Program Files\VirusRL2009
   [2008-09-29|09:58] C:\Program Files\Wanadoo
   [2006-08-30|17:12] C:\Program Files\Wanadoo Jeux
   [2007-10-18|22:26] C:\Program Files\Wanadoo Messager
   [2008-06-14|21:16] C:\Program Files\WarRock
   [2008-10-04|13:29] C:\Program Files\WAV
   [2006-08-16|13:41] C:\Program Files\Windows Journal Viewer
   [2007-07-09|12:04] C:\Program Files\Windows Live
   [2008-08-26|14:47] C:\Program Files\Windows Live Safety Center
   [2007-11-01|01:05] C:\Program Files\Windows Live Toolbar
   [2007-10-18|22:26] C:\Program Files\Windows Media Player
   [2004-10-23|19:14] C:\Program Files\Windows NT
   [2008-07-13|14:00] C:\Program Files\WinRAR
   [2003-10-17|10:49] C:\Program Files\xerox
   [2008-10-04|18:09] C:\Program Files\Xfire
   [2008-06-13|18:06] C:\Program Files\Xvid
   [2008-10-03|18:33] C:\Program Files\Yahoo!
   [2007-02-18|12:15] C:\Program Files\Zylom Games
  
   ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
   
   [2007-12-25|22:18] C:\Program Files\Fichiers communs\ACD Systems
   [2008-01-27|13:22] C:\Program Files\Fichiers communs\Adobe
   [2008-01-10|22:34] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [2003-11-22|17:36] C:\Program Files\Fichiers communs\Ahead
   [2003-12-01|20:41] C:\Program Files\Fichiers communs\AOL
   [2007-11-17|17:03] C:\Program Files\Fichiers communs\Apple
   [2007-12-03|20:59] C:\Program Files\Fichiers communs\Blizzard Entertainment
   [2007-08-28|13:23] C:\Program Files\Fichiers communs\BOONTY Shared
   [2006-08-30|17:42] C:\Program Files\Fichiers communs\Designer
   [2007-10-30|17:53] C:\Program Files\Fichiers communs\i4j_jres
   [2008-05-31|12:42] C:\Program Files\Fichiers communs\InstallShield
   [2008-05-11|16:00] C:\Program Files\Fichiers communs\Java
   [2007-08-31|22:30] C:\Program Files\Fichiers communs\Macrovision Shared
   [2008-03-01|12:24] C:\Program Files\Fichiers communs\Microsoft Shared
   [2003-10-17|10:48] C:\Program Files\Fichiers communs\MSSoap
   [2005-06-17|17:35] C:\Program Files\Fichiers communs\Real
   [2003-10-17|10:48] C:\Program Files\Fichiers communs\Services
   [2003-10-17|11:44] C:\Program Files\Fichiers communs\SpeechEngines
   [2007-03-03|18:59] C:\Program Files\Fichiers communs\Symantec Shared
   [2007-06-13|15:18] C:\Program Files\Fichiers communs\System
   [2007-09-19|12:05] C:\Program Files\Fichiers communs\Vbox
   [2008-03-01|12:23] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [2005-06-17|17:35] C:\Program Files\Fichiers communs\xing shared

   ---------------------------[ Process ]--------------------------

   ... 43

   ... OK !

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   Aucun fichier / dossier Lop trouvé ! 
 
   ----------------------[ Verification du Registre ]----------------------
 
   ..... OK !

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-07 17:59:53
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------


   Aucune autre infection trouvée  !

   [F:15][D:3]-> C:\DOCUME~1\edouard\LOCALS~1\Temp
   [F:122][D:0]-> C:\DOCUME~1\edouard\Cookies
   [F:679][D:7]-> C:\DOCUME~1\edouard\LOCALS~1\TEMPOR~1\content.IE5

   --------------------[ Fin du rapport a 18:01:00.73  ]----------------------







2)

Logfile of random's system information tool 1.04 (written by random/random)
Run by edouard at 2008-10-07 18:03:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 72 GB (63%) free of 114 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:47, on 2008-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VirusRL2009\VirusRL2009.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\RSIT.exe
C:\Program Files	rend micro\edouard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VRLWarningBHO Class - {0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0} - C:\Program Files\VirusRL2009\AVLWarning.dll (file missing)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.3.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: 267171 helper - {C2E04B8D-ED53-47F9-88A1-298066A66634} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VirusRL2009] "C:\Program Files\VirusRL2009\VirusRL2009.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b360cacbe0e74dc783f42ac1033b63be
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b360cacbe0e74dc783f42ac1033b63be
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://univ-r.u-strasbg.fr/TSWeb/msrdp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210514392_325b0ea5ad37641d3f97a5fc43e6d246&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/onrpg/solidstateion.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeux.wanadoo.fr/online2/insaniquarium/Oberongamesloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Lyonnais92 · Answer

Re,

Relance HijackThis (sous le nom de C:\Program Files	rend micro\edouard.exe).

Choisis Do a scan only

Coche la case devant les lignes suivantes

O2 - BHO: 267171 helper - {C2E04B8D-ED53-47F9-88A1-298066A66634} - (no file)  
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup 
O4 - HKCU\..\Run: [VirusRL2009] "C:\Program Files\VirusRL2009\VirusRL2009.exe"
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/onrpg/solidstateion.cab  

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.


==============
Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



File::
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\VirusRL2009\VirusRL2009.exe

Folder::
C:\Program Files\SpyNoMore
C:\Program Files\VirusRL2009 
C:\WINDOWS\system32\267171


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Scurity Toolbar 7.1 AIDE

18 réponses

Votre réponse

Discussions similaires

Newsletters